CN103257853B - The synthesis application of a kind of CPU card with multi-application COS realizes method - Google Patents
The synthesis application of a kind of CPU card with multi-application COS realizes method Download PDFInfo
- Publication number
- CN103257853B CN103257853B CN201210036439.0A CN201210036439A CN103257853B CN 103257853 B CN103257853 B CN 103257853B CN 201210036439 A CN201210036439 A CN 201210036439A CN 103257853 B CN103257853 B CN 103257853B
- Authority
- CN
- China
- Prior art keywords
- application
- synthesis
- cos
- attribute
- card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses the synthesis application of a kind of CPU card with multi-application COS and realize method, the method comprises: create the synthesis application of the CPU card with multi-application COS;Set up the main application containing generated data object;Under main application, set up main application safety control object, generated data object and non-synthetic data object, main application is set and accesses security attribute;Set up time application, under secondary application, set up time application safety control object, reference object and non-quoted data object, time application is set and accesses security attribute;Use the synthesis application of the CPU card with multi-application COS, select the drop applications object in synthesis application;Judge to access security attribute requirement, by accessing and operate the generated data in interface accessing generated data object, and keep data syn-chronization.The present invention realizes the data syn-chronization with other drop applications, thus guaranteeing data integrity and under the premise of transaction security, it is achieved the purpose of synthesis application.
Description
Technical field
The method that the present invention relates to the synthesis application of a kind of IC-card, the synthesis application being specifically related to a kind of CPU card with multi-application COS realizes method.
Background technology
At present, the accelerated development of Golden Card Program, make the demand that card is paid by people growing, CPU card has that safety height, function be strong, high reliability, is used more and more in every profession and trade is applied.
CPU card with microprocessor, is managed card various actions by the Chip Operating System (COS) run thereon in inside, and under the support of COS, the application of various cards is achieved.
Along with the continuous extension of application demand, applied environment also tends to complication, variation, and the multifunctional application of CPU card has become an important directions of current smart card techniques development.Advancing CPU card " one card for multiple uses " and " multifunction card " is the link that can not be ignored in current development of information, is also the important mission with epoch symbol.Therefore, COS needs multiple application is supported.
In the various application of CPU card, the various sector application cards (such as various consumption prepaid cards, transportation card, highway passing card etc.) based on small amount payment application occupy substantial amounts of market, well-known and widely use.The small amount payment card of various industries is typically in technically to follow PBOC(People's Bank of China) based on standard, the feature further according to every profession and trade application carries out application extension, the final technical standard formulating relevant industries card.
In existing PBOC card standard, there are three kinds of specifications realizing small amount payment, i.e. the support small amount payment option (hereinafter referred to as " QPBOC standard ") of " China's finance integrated circuit (IC) card stored value card bankbook specification " (hereinafter referred to as " stored value card standard "), " the small amount payment specification based on debit/credit application " (hereinafter referred to as " electronic cash standard ") and " non-contact IC card card paying " middle regulation.Wherein stored value card standard adopts symmetric encipherment algorithm system in safety, and its advantage is amount of storage and operand is few, transactions velocity is fast, can meet the demand (such as public transport, subway etc.) of various rapid payment.It is disadvantageously, key management is complicated, requires higher in management, and application can be subject to the restriction of the key management link of complexity.And electronic cash standard and QPBOC standard all adopt rivest, shamir, adelman system, the complexity of key management is greatly reduced, and managerial requirement also correspondingly reduces, and therefore facilitates application to promote rapidly;But owing to adopting asymmetric arithmetic to need to consume more card memory space and operation time, the power consumption causing card strengthens, transactions velocity is slack-off, card operating characteristics on some card-reading apparatus is deteriorated (as the shorten success rate that causes swiping the card of non-contact card operating distance on some read write lines reduces), is difficult to meet some times of payment and the harsher application demand of required distance of swiping the card in present stage.
CPU card under the management of COS, by set up different should for realizing " one card for multiple uses ".Different application datas and access mode are organically combined by COS, as long as the data that these are represented different purposes respectively are write in the different application in same CPU card by read write line, it is possible to realize the multiple use (i.e. all-purpose card) of a CPU card.Different application identifier (AID) is adopted to make a distinction for different purposes (such as and transportation card, highway passing card).
When CPU card is used as different purposes use, the read-write equipment of corresponding uses is deposited the key that respective application is conducted interviews, and the data of corresponding application are conducted interviews and process (such as stored value card consumption by the application flow specified by the using standard of respective application, electronic cash circle is deposited), the data under other application can not be conducted interviews and process by it.Namely the IC-card read write line of an application-specific can be only done an application in the numerous application of card.As can be seen here, data in different application are isolation, this is for the consideration setting up security firewall between different application, but this causes the result that cannot share information in different application simultaneously, unless an application can read and revise the data in other application.But the operation across application can affect the safeguard protection of information, particularly across the integrity that cannot ensure transaction in application transaction, cause whole data safety it cannot be guaranteed that and transaction data abnormal, run counter to the essential safety requirements in PBOC standard simultaneously.
But, along with one blocks multi-functional popularization and application, multi-application card originally mainly solves the simple merging mode of many cards function can not meet the demand of application, and ratio is if desired for realizing the common problem paid under inter-trade applied environment.How when meeting prior art standard, meet the demand of application and ensure that again data are complete and transaction security, be problem in the urgent need to address.
Summary of the invention
The invention provides the synthesis application of a kind of CPU card with multi-application COS and realize method, solve above-mentioned problem, guaranteeing data integrity and under the premise of transaction security, it is achieved synthesis application.
For achieving the above object, the invention provides the synthesis application of a kind of CPU card with multi-application COS and realize method, the method includes the steps of:
Step 1, establishment have the synthesis application of the CPU card of multi-application COS;
Step 1.1, set up containing the main application of generated data object in the synthesis application of CPU card, set up main application entrance, application indications and application related type of conformance attribute are set;
Step 1.2, under main application, set up main application safety control object;
Step 1.3, under main application, set up generated data object and non-synthetic data object;
Step 1.4, arrange under main application main application access security attribute;
Step 1.5, judge whether also have time application not set up, if so, then jump to step 1.6, if it is not, then jump to step 1.10;
Step 1.6, synthesis application set up time application entrance under the security control of main application, arrange application indications and application related type of conformance attribute;
Step 1.7, under secondary application, set up time application safety control object;
Step 1.8, under secondary application, set up reference object and non-quoted data object;
Step 1.9, application is set time under secondary application accesses security attribute, and jump to step 1.5;
Step 1.10, complete the establishment of synthesis application;
Step 2, use have the synthesis application of the CPU card of multi-application COS;
Step 2.1, read write line send application and select order, by selecting to specify application identifier and parameter to select the drop applications object in described synthesis application in order in application;
Step 2.2, judge whether to select main application entrance, if so, then jump to step 2.2.1, if it is not, then jump to step 2.3;
Step 2.2.1, COS activate main application, make main application be active, and process corresponding card function by the using standard of main application, and jump to step 2.4;
Step 2.3, judge whether to select time application entrance, if so, then jump to step 2.3.1, if it is not, then jump to step 2.3.2;
Step 2.3.1, COS activate time application, make time application be active, and the using standard applied in due order processes corresponding card function, and jumps to step 2.4;
Step 2.3.2, other selection utility command process, and jump to step 2.8;
Step 2.4, judge whether operation generated data, if so, then jump to step 2.5, if it is not, then jump to step 2.4.1;
Step 2.4.1, by general data object handles, and jump to step 2.8;
Step 2.5, judge whether meet access security attribute requirement, if so, then jump to step 2.6, if it is not, then jump to step 2.8;
The access interface that step 2.6, main application and secondary application are provided by generated data object accesses the generated data in generated data object;
Step 2.7, operation generated data object also keep data syn-chronization;
Step 2.8, complete the use of synthesis application.
Above-mentioned time application constitutes different drop applications objects together with main application.
Above-mentioned generated data object is used for storing generated data, and provides the access interface without type for the drop applications object in synthesis application, synthesis data object to be accessed.
Above-mentioned main application only one of which, above-mentioned secondary application is one or several.
The access interface that each above-mentioned drop applications object accesses generated data object provides is to complete the access to generated data, and provides the card outside access interface meeting requirement in the application related specifications that each drop applications object sets.
Application indications between each above-mentioned secondary application is identical or different;The application indications of above-mentioned application is different from the application indications of main application.
Application related type of conformance attribute between each above-mentioned drop applications object is identical or different.
Above-mentioned access security attribute comprises the visual attribute that access interface is set up for secondary application.
Above-mentioned access security attribute also comprises the classification access attribute of the access interface set up for each drop applications object.
Each above-mentioned drop applications object can store non-synthetic data respectively by the application related type of conformance that its attribute is arranged, and the application related type of conformance arranged by its attribute provides secure access interface, separate between each drop applications object.
Safe condition between above-mentioned drop applications object is independent from, and drop applications object carries out safety management by the requirement of the application related specifications that its attribute is arranged.
Access interface in above-mentioned application object reference generated data object by reference, completes the access to the generated data in synthesis data object.
When any one drop applications object above-mentioned is locked, do not affect other drop applications objects;
When above-mentioned main application is deleted, all times application is also deleted;
When above-mentioned application is deleted, do not affect other drop applications objects.
When COS performs certain synthesis application, above-mentioned synthesis application is after different drop applications objects is activated, the interface providing the related type of conformance of drop applications object properties setting accesses for outside, thus under the premise of the technical standard and data integrity and transaction security that ensure compliance with related type of conformance, it is achieved from the purpose of the synthesis application data in the interface accessing card of multiple application standard.
Compared to the prior art the synthesis application of a kind of CPU card with multi-application COS of the present invention realizes method, have an advantage in that, Chip Operating System COS in the present invention can set multiple different entrances for synthesis application, and the application type of different entrance and attribute can be identical or different;
In the present invention, when Chip Operating System COS performs certain drop applications, finally all must be realized by the access interface that generated data object provides, can when the constituent instruments in not accessing other drop applications catalogues, realize the data syn-chronization with other drop applications, thus guaranteeing data integrity and under the premise of transaction security, it is achieved the purpose of synthesis application;
By arranging the visible of access interface and classification access attribute in the present invention, can while reaching data syn-chronization, it is achieved access and control;
The present invention respectively applies entrance and can independently lock or unlock, to support multiple different system reform upgrading scheme.
Accompanying drawing explanation
Fig. 1 is that the synthesis application of a kind of CPU card with multi-application COS of the present invention realizes the CPU card that method is suitable for and implements the card structure schematic diagram of;
The synthesis application that Fig. 2 is a kind of CPU card with multi-application COS of the present invention realizes the flow chart of creation method in method;
The synthesis application that Fig. 3 is a kind of CPU card with multi-application COS of the present invention realizes the flow chart of using method in method;
Fig. 4 is that the synthesis application of a kind of CPU card with multi-application COS of the present invention realizes the CPU card that method is suitable for and implements the card structure schematic diagram of two;
Fig. 5 is that the synthesis application of a kind of CPU card with multi-application COS of the present invention realizes the CPU card that method is suitable for and implements the card structure schematic diagram of three.
Detailed description of the invention
Below in conjunction with accompanying drawing, illustrate embodiments of the invention.
As it is shown in figure 1, have the schematic diagram of the file structure of the embodiment one of the CPU card of multi-application COS for the present invention.
Running on the chip 1 of CPU card has multi-application COS 2, COS2 to can be used for performing multiple application.In Fig. 1 shown in card data structure 3, the card data structure of CPU card includes master catalogue (MF).Master catalogue MF sets up object 0001.The System Control Data that object 0001 is required for storing application, such as application directory entry etc..
Such as Fig. 1 and in conjunction with shown in Fig. 2, Fig. 3, the synthesis application of embodiment one of this CPU card with multi-application COS realizes method, and the method includes the steps of:
Step 1, establishment have the synthesis application of the CPU card of multi-application COS.Two application catalogue (ADF) are established: 3F01 and 3F02, wherein 3F01 is a synthesis application catalogue (ADF), and 3F02 is common application catalogue, and they are independent mutually in there is the above-mentioned master catalogue MF of CPU card of multi-application COS.
Step 1.1, under the synthesis application catalogue 3F01 of CPU card, set up main application, set up main application entrance, and its application indications, main application only one of which in CPU card are set.Entrance refers to the entrance that application selects.
As it is shown in figure 1, the application identifier that its application identifier is synthesis application catalogue 3F01 " A00000000386980701 ".
The application type attribute of this main application is electronic wallet application.
Under synthesis application catalogue 3F01 0000,0002, the entirety of 00FF, 0006,0018 object constitute in synthesis application the main application containing generated data object.
In the present embodiment, in another application catalogue (ADF) 3F02, establishing 0000,0002,0006,0018 object, constitute an electronic wallet application independent mutually with 3F01, its application identifier is " A00000000386980702 ".
Step 1.2, under main application, set up the security control object of main application, in the present embodiment, under 3F01 0000 is the security control object of main application, for storing control key and secure state value, it controls condition and arranges by the requirement of electronic wallet application (i.e. its application related type of conformance attribute).
Step 1.3, under main application, set up generated data object and non-synthetic data object.Generated data object is used for storing generated data, and provides the access interface without type for the drop applications object in described application, synthesis data object to be accessed.
When COS2 directly accesses generated data object under main application, or under secondary application by reference object accesses generated data object time, finally all must be realized by the access interface that generated data object provides, thus in keeping self application while the integrity of related data, can reach and data syn-chronization between other drop applications objects.
In the present embodiment, 0006,0018 is nonsynthetic data object.0002 constitutes generated data object together with 00FF, and each provide two different types of data access interfaces, 0002 is the data access interface object of electronic wallet application, 00FF is the data access interface object of electronic cash application, and the value data of two interfaces is kept synchronizing conversion by generated data object in inside.When outside accesses the data in generated data object, it is necessary to meet the security control condition of security control object 0000.
Step 1.4, the access security attribute of generated data object accesses interface is set under main application.
What this access security attribute comprised data quotes authority, read right, write permission, value added authority, depreciation authority etc..
The visual attribute that set accessing in security attribute also comprises the access interface 0002 of generated data object under main application, 00FF sets up for secondary application, concrete, this visual attribute is the logical identifier being stored in the security control object 0000 of main application.When visual attribute is logical truth, it is allowed to the secondary application that under main application, the access interface of generated data object is synthesized in application is cited, access interface can be quoted by setting up reference object in secondary application.When visual attribute is logical falsehood, do not allow the secondary application that the access interface of generated data object under main application is synthesized in application cited.
As described in Figure 1, in the present embodiment, the visual attribute of the access interface 0002 in the generated data object of main application is logical falsehood, and so, the 0002 of main application cannot be cited by any object in any application.It addition, by the access interface 00FF of generated data object in main application is arranged visual attribute, if its visual attribute is set to very, even if the 00FF of winner's application can be cited by the 00FF object in secondary application.
Set access security attribute also comprises the classification access attribute of the access interface set up for each drop applications object (main application and time application).Concrete, classification access attribute includes respectively: is stored in the classification access logical identifier for main application in access interface, and is stored in the classification access logical identifier for secondary application in the security control object 0000 of main application.When a certain classification value of classification access property value is logical truth, it is allowed to access interface accesses generated data by the mode accessing categorised regulation.When a certain classification value of classification access property value is logical falsehood, does not allow access interface to press the mode accessing categorised regulation and access generated data.
Such as, in the present embodiment, as it is shown in figure 1, access interface 0002 is only provided with permission readings and depreciation operational attribute for main application, so, main application just only can be provided the consumption function support of stored value card by generated data object.
Access interface 00FF is then provided with the attribute allowing read-write and plus-minus Value Operations in security control object 0000 for secondary application 1001, and therefore 1001 objects just can provide the support including supplementing with money and being consumed in interior all functions of electronic cash completely.
Thus, while reaching data syn-chronization, it may be achieved the control to synthesis data access.
Step 1.5, judge whether also have time application not set up, if so, then jump to step 1.6, if it is not, then jump to step 1.10.Wherein, secondary application can be provided with multiple.
Step 1.6 is it addition, under above-mentioned application catalogue (ADF) 3F01, and synthesis application 3F01 sets up time application 1001 under the security control of its main application, and in secondary application 1001, set up 0000,0001,0002,0003,00FF object.
The establishment of this application 1001, need to carry out when meeting the security control of security control object 0000 of main application.
And the application related type of conformance attribute between each drop applications object can be set to identical or different.In the present embodiment, setting the application related type of conformance attribute of time application 1001, this application type is electronic cash application.
Application indications between each application can be set to identical, difference can also be set to, and the application indications of secondary application need to be set to different from the application indications of main application.In the present embodiment, the application indications of secondary application 1001 is set to " A000000333010106 ".
Step 1.7, the security control object that foundation time is applied under secondary application.In the secondary application 1001 of the present embodiment 0000 is security control object, stores control key and secure state value, and it controls condition and applies the requirement setting of (i.e. its application type attribute) by electronic cash.
When needing to access the data in 1001 applications, it is also necessary to meet the security control condition of 0000 object in 1001 applications, in this example, it controls condition by the requirement setting of electronic cash application (the application type attribute that namely it meets).
Safe condition between each drop applications object is independent from, and drop applications object carries out safety management by the requirement of the application related specifications that its attribute is arranged.
Step 1.8, under secondary application, set up reference object and non-quoted data object, in secondary application 1001,00FF object is reference object, for accessing the access interface 00FF of generated data object in main application, it not actual storage have data, and be intended only as one and access the interface of corresponding objects in generated data object.0001,0002,0003 is nonsynthetic data object.
Step 1.9, application is set time under secondary application accesses security attribute, and jump to step 1.5.
Step 1.10, complete the establishment of synthesis application.
In synthesis application, secondary application constitutes different drop applications objects together with main application, the access interface that each drop applications object accesses generated data object provides is to complete the access to generated data, and provides the card outside access interface meeting requirement in the application related specifications that each drop applications object sets.
Separately, when wherein any one drop applications object is locked, all functions and the attribute of other another drop applications objects are not affected.
Separately, when main application is deleted, all times application is also deleted.And when secondary application is deleted, do not affect other drop applications objects.
Step 2, use have the synthesis application of the CPU card of multi-application COS.
Step 2.1 read write line corresponding with the CPU card with multi-application COS sends application to CPU card and selects order, by selecting to specify application identifier and parameter to select the drop applications object having in the CPU card of multi-application COS in synthesis application in order in this application.
In the present embodiment, when card reader selects application with application identifier " A00000000386980701 ", the main application of synthesis application 3F01 is activated, card just by the requirement response external order of electronic wallet application (i.e. the application type attribute of main application), can realize the consumption function of stored value card.
When card reader selects application with application identifier " A000000333010106 ", the secondary application 1001 of synthesis application 3F01 is activated, the requirement response external order of (i.e. the application type attribute of time application 1001) just applied by card by electronic cash, can realize supplementing with money and consumption function of electronic cash.
When card reader selects application with application identifier " A00000000386980702 ", independent utility 3F02 is activated, and card realizes the electronic wallet application that another is independent.
Step 2.2, the main application judged whether in selection synthesis application 3F01, namely whether card reader selects application with application identifier " A00000000386980701 ", if so, then jumps to step 2.2.1, if it is not, then jump to step 2.3.
Step 2.2.1, COS activate main application, make main application be active, and process corresponding card function by the using standard of main application, and jump to step 2.4.
Step 2.3, judging whether to select time application 1001, namely whether card reader selects application with application identifier " A000000333010106 ", if so, then jumps to step 2.3.1, if it is not, then jump to step 2.3.2.
Step 2.3.1, COS activate time application 1001, make time application 1001 be active, and the using standard applied in due order processes corresponding card function, and jump to step 2.4.
Step 2.3.2, other selection utility command process, card reader selects application with application identifier " A00000000386980702 ", then independent utility 3F02 is activated, and card realizes the electronic wallet application that another is independent, and jumps to step 2.8.
Step 2.4, judge whether operation generated data, if so, then jump to step 2.5, if it is not, then jump to step 2.4.1.
Step 2.4.1, by general data object handles, and jump to step 2.8.
Step 2.5, judge whether meet access security attribute requirement.
Step 2.5 comprises the steps of
Step 2.5.1, what judge that COS activates is main application or secondary application, if activating main application, then jumping to step 2.5.2, if activating time application, then jumping to step 2.5.3.
After step 2.5.2, main application are activated, its security control object is also activated, and when each item data is operated, this operation is all carried out security inspection by security control object.If by the security inspection of security control object, then allow the main application that access interface is synthesized in application cited, and jump to step 2.6.If the security inspection of security control object can not be passed through, then do not allow the main application that access interface is synthesized in application cited, and jump to step 2.8.
It is also desirable to judge the classification access attribute of access interface in the access security attribute of main application.When a certain classification value of classification access property value is logical truth, then main application access interface is allowed to access generated data by the mode accessing categorised regulation.When a certain classification value of classification access property value is logical falsehood, then main application access interface is not allowed to access generated data by the mode accessing categorised regulation.
After step 2.5.3, secondary application are activated, its security control object is also activated, and when each item data is operated, this operation is all carried out security inspection by security control object.If by the security inspection of security control object, then allow the secondary application that access interface is synthesized in application cited, and jump to step 2.6.If the security inspection of security control object can not be passed through, then do not allow the secondary application that access interface is synthesized in application cited, and jump to step 2.8.
Separately, in addition it is also necessary to judge for the visual attribute that secondary application is set up, the access interface of generated data object is whether logic is true.If, access interface is logical truth for the visual attribute that secondary application is set up, then allow the secondary application that the access interface of generated data object in main application is synthesized in application cited, access interface can be quoted by setting up reference object in secondary application.If it is not, visual attribute is logical falsehood, then do not allow the secondary application that access interface is synthesized in application cited.
The access interface that step 2.6, main application or secondary application are provided by generated data object accesses the generated data in generated data object.
When COS2 directly accesses generated data object or object accesses generated data object by reference under secondary application under main application, finally all must be realized by the access interface that generated data object provides, thus in keeping self application while the integrity of related data, can reach and data syn-chronization between other drop applications objects.
Step 2.7, operation generated data object also keep data syn-chronization.
When COS performs certain synthesis application, synthesis application is after different drop applications objects is activated, the interface providing the related type of conformance of drop applications object properties setting accesses for outside, thus under the premise of the technical standard and data integrity and transaction security that ensure compliance with related type of conformance, it is achieved from the purpose of the synthesis application data in the interface accessing card of multiple application standard.
Step 2.8, complete the use of synthesis application.
As shown in Figure 4, there is the schematic diagram of the file structure of the embodiment two of the CPU card of multi-application COS for the present invention.
Running on the chip 1 of CPU card has multi-application COS 2, COS2 to can be used for performing multiple application.COS2 includes card data structure 3.In Fig. 4, shown in card data structure 3, the card data structure 3 of CPU card includes master catalogue (MF).Master catalogue MF sets up object 0001.The System Control Data that object 0001 is required for storing application, such as application directory entry etc..MF also comprises main application 3F01, secondary application 1001,1002 and 3F02.
Such as Fig. 4 and in conjunction with shown in Fig. 2, Fig. 3, the synthesis application of embodiment two of this CPU card with multi-application COS realizes method, and the method includes the steps of:
Step 1, have multi-application COS CPU card above-mentioned master catalogue MF in set up synthesis application catalogue (ADF) 3F01.
Step 1.1, under the synthesis application catalogue 3F01 of CPU card, set up main application, and its application indications is set.
As shown in Figure 4, its application identifier is the application identifier " A00000000386980701 " of synthesis application catalogue 3F01.The application type attribute of this main application is for supporting electronic wallet application, and kind of currencies is identical with the first electronic cash currency in double; two currency type electronic cash.
Under synthesis application catalogue 3F01 these 0000,0002,00FF, 0006 and 0018 object, they constitute main application together.
Step 1.2, setting up the security control object of main application under main application, in the present embodiment, 0000 under 3F01 is the security control object of main application, is used for storing control key and secure state value.
Step 1.3, under main application, set up generated data object and non-synthetic data object.
In the present embodiment, 0006,0018 is nonsynthetic data object.0002 and 00FF be generated data object offer have value data keep synchronize conversion two different types of access interfaces, 0002 is the access interface of electronic wallet application, and 00FF is the access interface supporting debt-credit note, double; two currency type electronic cash and the application of noncontact small amount payment.When outside accesses the data in generated data object, it is necessary to meet the security control condition of security control object 0000.
Step 1.4, the access security attribute of generated data object accesses interface is set under main application.
For satisfied application requirement, the access interface 0002 of generated data object under main application 3F01, that 00FF arranges visual attribute as requested is visible for time application.
Arranging at classification access attribute, for main application, access interface 0002 is set to only allow the amount of money of the first electronic cash currency is written and read and adds depreciation.
For 1001, access interface 00FF is set to only allow the amount of money of the first electronic cash currency is written and read and adds depreciation.
For 1002, access interface 00FF is positioned to allow for the amount of money of double; two currency type electronic cash is written and read and adds depreciation;
For 3F02, access interface 0002 is positioned to allow for the amount of money of the second electronic cash being written and read and adding depreciation;
When the access interface in synthesis data object is directly accessed by the main application in COS2 or the access interface in synthesis data object is conducted interviews secondary application object by reference, owing to these access interfaces maintain the synchronization of the generated data in generated data object in inside, thus in keeping self application while the integrity of related data and safety, the data syn-chronization with other application can also be reached.
Step 1.5, judge whether also have time application not set up, if so, then jump to step 1.6, if it is not, then jump to step 1.10.
Step 1.6 it addition, under above-mentioned application catalogue (ADF) 3F01, sets up time application 1001,1002 and 3F02 when the security control of synthesis application 3F01 security control object 0000 in its main application.
Secondary application 1001 supports that electronic cash is applied, its application related type of conformance attribute setup is for supporting debt-credit note, double; two currency type electronic cash and the application of noncontact small amount payment, its application indications is set to " A000000333010101 ", and supports debit card functionality and the single currency type electronic cash function identical with the first electronic cash currency in double; two currency type electronic cash
Secondary application 1002 supports that electronic cash is applied, its application related type of conformance attribute setup is for supporting debt-credit note, double; two currency type electronic cash and the application of noncontact small amount payment, its application indications is set to " A000000333010106 ", and supports double; two currency type electronic cash and noncontact small amount payment function.
The application related type of conformance attribute setup of secondary application 3F02 is for supporting electronic wallet application, and its application identifier be " A00000000386980702 ", and the second electronic cash currency in kind of currencies and pair currency type electronic cash matches.
Step 1.7, the security control object that foundation time is applied under secondary application.
In the secondary application 1001,1002 of the present embodiment and 3F02 0000 is security control object, stores control key and secure state value, and it controls condition and applies the requirement setting of (i.e. its application type attribute) by electronic cash.
Step 1.8, under secondary application, set up reference object and non-quoted data object.
Secondary application 1001 is set up object 0001,0002,0003 and 00FF, wherein the 00FF interface in the generated data object in the main application of 00FF object reference.0001,0002,0003 is nonsynthetic data object.
Secondary application 1002 is set up object 0001,0002,0003 and 00FF, wherein the 00FF interface in the generated data object in the main application of 00FF object reference.0001,0002,0003 is nonsynthetic data object.
Secondary application 3F02 sets up object 0002,00FF, 0006 and 0018, therein 0002 and 00FF be time the generated data object in application, there is value data and keep synchronizing the function of conversion, the access interface 00FF in generated data object in the main application of 00FF object reference.
Step 1.9, application is set time under secondary application accesses security attribute, and jump to step 1.5.
Step 1.10, complete the establishment of synthesis application.
Step 2, use have the synthesis application of the CPU card of multi-application COS.
Step 2.1 read write line corresponding with the CPU card with multi-application COS sends application to CPU card and selects order, by selecting to specify application identifier and parameter to select the drop applications object having in the CPU card of multi-application COS in synthesis application in order in this application.
Step 2.2, the main application judged whether in selection synthesis application 3F01, namely whether card reader selects application with application identifier " A00000000386980701 ", if so, then jumps to step 2.2.1, if it is not, then jump to step 2.3.
Step 2.2.1, COS activate main application, make main application be active, and process corresponding card function by the using standard of main application, and jump to step 2.4.
Step 2.3, judge whether to select time application 1001 or 1002 or 3F02, namely whether card reader selects application with application identifier " A000000333010101 " or " A000000333010106 " or " A00000000386980702 ", if, then jump to step 2.3.1, if it is not, then jump to step 2.3.2.
Step 2.3.1, COS activate time application 1001 or 1002 or 3F02, make time application 1001 or 1002 or 3F02 be active, and the using standard applied in due order processes corresponding card function, and jump to step 2.4.
Step 2.3.2, other selection utility command process, and jump to step 2.8.
Step 2.4, judge whether operation generated data, if so, then jump to step 2.5, if it is not, then jump to step 2.4.1.
Step 2.4.1, by general data object handles, and jump to step 2.8.
Step 2.5, judge whether meet access security attribute requirement, if so, then jump to step 2.6, if it is not, then jump to step 2.8.
The access interface that step 2.6, main application or secondary application are provided by generated data object accesses the generated data in generated data object.
Step 2.7, operation generated data object also keep data syn-chronization.
Step 2.8, complete the use of synthesis application.
It is excessive to the smooth upgrade of electronic cash and QPBOC payment system that the present embodiment two can also be used for Payment System of Electronic Purse: when system only supports electronic purse function, keeping issued original system card function impregnable while, original system card can be stopped paying out, new issue has the card of this example function, and realizes the payment function of stored value card with compatible original system from its main application 3F01 and secondary application 3F02;After background system completes compatibility update, progressively can lay in natural selection mode or transform POS so that it is possess electronic cash and QPBOC payment function, then the card with this example function can realize electronic cash and QPBOC payment on the new POS laid;When all POS lay or after transformation, new issue can only have electronic cash and the card of QPBOC payment function, and have this example function card can pass through lock its stored value card pay should for forbidding its stored value card payment function, after the card natural selection of original system, the POS support to accepting the function that stored value card pays can be cancelled.
As it is shown in figure 5, realize the embodiment three of method for the synthesis application of a kind of CPU card with multi-application COS of the present invention.This embodiment describes urban public transport card (hereinafter referred to as " transportation card ") and borrows or lends money, with the People's Bank PBOC2.0, the method that many application CPU card of note, electronic cash and noncontact small amount payment application card (hereinafter referred to as " electronic cash card ") realizes synthesis application.
Two independent utility of CPU card correspond with corresponding national standard, wherein " transportation card " meets the CPU card standard firmly building portion, and " electronic cash card " need to meet the relevant CPU card standard of the People's Bank, the two independent utility needs to synchronize relevant payment information simultaneously.
As it is shown on figure 3, give the file structure of this CPU card, under master catalogue MF, establish generated data file system key file 0000, DIR catalogue data file 0001, application catalogue 3F01.File respectively security control file under application catalogue 3F01, stored value card and electronic cash generated data file, " transportation card " application file and " electronic cash card " application entrance 1001.The application file structure that file is " electronic cash card " under application entrance 1001.
00FF file under 3F01 allows by other entry reference, and therefore the 00FF under 1001 refers to the 00FF of higher level's catalogue.So, electronic cash file 00FF under application catalogue 3F01 and 1001 reaches data syn-chronization purpose, and can guarantee that 0002 file under 3F01 on access interface and synchronize with the 00FF under catalogue, so that " transportation card " and " electronic cash card " application of this CPU card shares electronic sum of money data.
Additionally, by arranging the value added operating right of the 00FF file under the 00FF file and 1001 under 3F01, may control whether to allow to apply, from " transportation card " or " electronic cash card ", the function supplemented with money to common wallet, thus provide the selection of multiple business model for multi-party cooperative hair fastener.
Although present disclosure has been made to be discussed in detail already by above preferred embodiment, but it should be appreciated that the description above is not considered as limitation of the present invention.After those skilled in the art have read foregoing, multiple amendment and replacement for the present invention all will be apparent from.Therefore, protection scope of the present invention should be limited to the appended claims.
Claims (13)
1. the synthesis application of a CPU card with multi-application COS realizes method, it is characterised in that the method includes the steps of:
Step 1, establishment have the synthesis application of the CPU card of multi-application COS;
Step 1.1, set up containing the main application of generated data object in the synthesis application of CPU card, set up main application entrance, application identifier and application related type of conformance attribute are set;
Step 1.2, under main application, set up main application safety control object;
Step 1.3, under main application, set up generated data object and non-synthetic data object;
Step 1.4, arrange under main application main application access security attribute;
Step 1.5, judge whether also have time application not set up, if so, then jump to step 1.6, if it is not, then jump to step 1.10;
Step 1.6, synthesis application set up time application entrance under the security control of main application, arrange application identifier and application related type of conformance attribute;
Step 1.7, under secondary application, set up time application safety control object;
Step 1.8, under secondary application, set up reference object and non-quoted data object;
Step 1.9, application is set time under secondary application accesses security attribute, and jump to step 1.5;
Step 1.10, complete the establishment of synthesis application;
Step 2, use have the synthesis application of the CPU card of multi-application COS;
Step 2.1, read write line send application and select order, by selecting to specify application identifier and parameter to select the drop applications object in described synthesis application in order in application;Secondary application constitutes different drop applications objects together with main application;
Step 2.2, judge whether to select main application entrance, if so, then jump to step 2.2.1, if it is not, then jump to step 2.3;
Step 2.2.1, COS activate main application, make main application be active, and process corresponding card function by the using standard of main application, and jump to step 2.4;
Step 2.3, judge whether to select time application entrance, if so, then jump to step 2.3.1, if it is not, then jump to step 2.3.2;
Step 2.3.1, COS activate time application, make time application be active, and the using standard of application processes corresponding card function in due order, and jumps to step 2.4;
Step 2.3.2, independent utility activate, and process corresponding card function by the using standard of independent utility, and jump to step 2.8;
Step 2.4, judge whether operation generated data, if so, then jump to step 2.5, if it is not, then jump to step 2.4.1;
Step 2.4.1, by general data object handles, and jump to step 2.8;
Step 2.5, judge whether meet access security attribute requirement, if so, then jump to step 2.6, if it is not, then jump to step 2.8;
The access interface that step 2.6, main application and secondary application are provided by generated data object accesses the generated data in generated data object;
Step 2.7, operation generated data object also keep data syn-chronization;
Step 2.8, complete the use of synthesis application.
2. the synthesis application of the CPU card as claimed in claim 1 with multi-application COS realizes method, it is characterized in that, described generated data object is used for storing generated data, and provides the access interface without type for the drop applications object in described synthesis application, synthesis data object to be accessed.
3. the synthesis application of the CPU card as claimed in claim 1 with multi-application COS realizes method, it is characterised in that described main application only one of which, described secondary application is one or several.
4. the synthesis application of the CPU card as claimed in claim 2 with multi-application COS realizes method, it is characterized in that, the access interface that generated data object described in each described drop applications object accesses provides is to complete the access to generated data, and offer meets the outside access interface of card required in the application related type of conformance attribute that described each drop applications object sets.
5. the synthesis application of the CPU card as claimed in claim 1 with multi-application COS realizes method, it is characterised in that the application identifier between each described application is identical or different;The application identifier of described application is different from the application identifier of main application.
6. the synthesis application of the CPU card as claimed in claim 1 with multi-application COS realizes method, it is characterised in that the application related type of conformance attribute between each described drop applications object is identical or different.
7. the synthesis application of the CPU card as claimed in claim 1 with multi-application COS realizes method, it is characterised in that described main application accesses security attribute and time application accesses in security attribute and comprises the visual attribute that access interface is set up for secondary application.
8. the synthesis application of the CPU card as claimed in claim 1 with multi-application COS realizes method, it is characterized in that, described main application accesses security attribute and time application accesses the classification access attribute also comprising the described access interface set up for each drop applications object in security attribute.
9. the synthesis application of the CPU card as claimed in claim 1 with multi-application COS realizes method, it is characterized in that, each described drop applications object can store non-synthetic data respectively by the application related type of conformance attribute that its attribute is arranged, and by the application related type of conformance attribute offer secure access interface that its attribute is arranged, separate between each drop applications object.
10. the synthesis application of the CPU card as claimed in claim 1 with multi-application COS realizes method, it is characterized in that, safe condition between described drop applications object is independent from, and described drop applications object carries out safety management by the requirement of the application related type of conformance attribute that its attribute is arranged.
11. the synthesis application as claimed in claim 1 with the CPU card of multi-application COS realizes method, it is characterized in that, described time application quotes the access interface in described generated data object by described reference object, completes the access to the generated data in described generated data object.
12. the synthesis application as claimed in claim 1 with the CPU card of multi-application COS realizes method, it is characterised in that when any one of drop applications object is locked, do not affect other drop applications objects;
When described main application is deleted, all times application is also deleted;
When described application is deleted, do not affect other drop applications objects.
13. the synthesis application as claimed in claim 1 with the CPU card of multi-application COS realizes method, it is characterized in that, when COS performs certain synthesis application, described synthesis application is after different drop applications objects is activated, the interface applying related type of conformance attribute that described drop applications object properties are arranged is provided to access for outside, thus under the premise of the technical standard and data integrity and transaction security that ensure compliance with application related type of conformance attribute, it is achieved from the purpose of the generated data in the interface accessing card of multiple application standard.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210036439.0A CN103257853B (en) | 2012-02-17 | 2012-02-17 | The synthesis application of a kind of CPU card with multi-application COS realizes method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210036439.0A CN103257853B (en) | 2012-02-17 | 2012-02-17 | The synthesis application of a kind of CPU card with multi-application COS realizes method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103257853A CN103257853A (en) | 2013-08-21 |
| CN103257853B true CN103257853B (en) | 2016-06-29 |
Family
ID=48961792
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210036439.0A Active CN103257853B (en) | 2012-02-17 | 2012-02-17 | The synthesis application of a kind of CPU card with multi-application COS realizes method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103257853B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104715217B (en) * | 2013-12-13 | 2017-06-20 | 中国移动通信集团公司 | A kind of solution of noncontact parameter conflict, equipment and system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0984404A2 (en) * | 1998-09-02 | 2000-03-08 | International Business Machines Corporation | Storing data objects in a smart card memory |
| CN1987795A (en) * | 2006-11-30 | 2007-06-27 | 北京飞天诚信科技有限公司 | Method and device for realizing multiple task simultaneous work in composite card operation system |
| CN101751450A (en) * | 2008-12-03 | 2010-06-23 | 上海公共交通卡股份有限公司 | Information sharing realizing method for CPU card with multi-application COS |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6575372B1 (en) * | 1997-02-21 | 2003-06-10 | Mondex International Limited | Secure multi-application IC card system having selective loading and deleting capability |
-
2012
- 2012-02-17 CN CN201210036439.0A patent/CN103257853B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0984404A2 (en) * | 1998-09-02 | 2000-03-08 | International Business Machines Corporation | Storing data objects in a smart card memory |
| CN1987795A (en) * | 2006-11-30 | 2007-06-27 | 北京飞天诚信科技有限公司 | Method and device for realizing multiple task simultaneous work in composite card operation system |
| CN101751450A (en) * | 2008-12-03 | 2010-06-23 | 上海公共交通卡股份有限公司 | Information sharing realizing method for CPU card with multi-application COS |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103257853A (en) | 2013-08-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1960938B1 (en) | Techniques for co-existence of multiple stored value applications on a single payment device managing a shared balance | |
| KR101458179B1 (en) | Integrated electronic management system and management method thereof | |
| US8401964B2 (en) | Apparatus, method, and computer program product for encoding enhanced issuer information in a card | |
| JP4450329B2 (en) | Saving system using electronic money settlement, program used for saving system, and computer-readable recording medium recording the program | |
| Foster et al. | Digital currencies and CBDC impacts on least developed countries (LDCs) | |
| US20150046336A1 (en) | System and method of using a secondary screen on a mobile device as a secure and convenient transacting mechanism | |
| CN101853416B (en) | Physical smart card with virtual smart cards and configuration method of virtual smart card | |
| CN106133768A (en) | For making the mobile device of data set priorization, method and computer program product | |
| CN109313762A (en) | For characterizing the system for securely generating and handling, the method and apparatus of the data set of stored value payment | |
| US20180150828A2 (en) | Server for Managing Card Transaction Service, Card Transaction Service Management Method, and Card Transaction Service Management System | |
| Haque et al. | e₹—The digital currency in India: Challenges and prospects | |
| Lotz et al. | A New Monetarist Model of Fiat And E‐Money | |
| Choi et al. | A Proposal for a Canadian CBDC | |
| CN108898384A (en) | A kind of digital wallet and its application method | |
| CN108027743A (en) | Isolation applications with segmented architecture | |
| CN101807424A (en) | Multifunctional U disk and U disk system | |
| CN102006275A (en) | System and method for financial IC (Integrated Circuit) card transaction | |
| CN103257853B (en) | The synthesis application of a kind of CPU card with multi-application COS realizes method | |
| CN102073888A (en) | Intelligent card system capable of displaying transaction data in real time and method thereof | |
| US11580509B2 (en) | Transaction device, computer program and transaction method | |
| CN103679936A (en) | Bank card capable of controlling other bank cards | |
| Sekar | The evolution of digital wallets: Cloud, IoT, and blockchain synergy in credit card services | |
| KR102379280B1 (en) | Account managing method and service providing server and finance server | |
| Lavayssière et al. | Programmability in Payment and Settlement | |
| JP2005218029A (en) | Secure device for performing data exchange between card applications, and portable terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |