[go: up one dir, main page]

WO2004059562A2 - Support de donnees portatif a fonctionnalite de serveur de reseau - Google Patents

Support de donnees portatif a fonctionnalite de serveur de reseau Download PDF

Info

Publication number
WO2004059562A2
WO2004059562A2 PCT/EP2003/014540 EP0314540W WO2004059562A2 WO 2004059562 A2 WO2004059562 A2 WO 2004059562A2 EP 0314540 W EP0314540 W EP 0314540W WO 2004059562 A2 WO2004059562 A2 WO 2004059562A2
Authority
WO
WIPO (PCT)
Prior art keywords
data carrier
data
interpreter
application program
transmission mode
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/EP2003/014540
Other languages
German (de)
English (en)
Other versions
WO2004059562A3 (fr
Inventor
Daniel Ciesinger
Frank GÖTZE
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Giesecke and Devrient GmbH
Original Assignee
Giesecke and Devrient GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Giesecke and Devrient GmbH filed Critical Giesecke and Devrient GmbH
Priority to EP03785881A priority Critical patent/EP1579318A2/fr
Priority to AU2003294905A priority patent/AU2003294905A1/en
Publication of WO2004059562A2 publication Critical patent/WO2004059562A2/fr
Publication of WO2004059562A3 publication Critical patent/WO2004059562A3/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/073Special arrangements for circuits, e.g. for protecting identification code in memory
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/077Constructional details, e.g. mounting of circuits in the carrier
    • G06K19/0772Physical layout of the record carrier
    • G06K19/07733Physical layout of the record carrier the record carrier containing at least one further contact interface not conform ISO-7816
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/355Personalisation of cards for use
    • G06Q20/3552Downloading or loading of personalisation data
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0806Details of the card
    • G07F7/0833Card having specific functional components
    • G07F7/084Additional components relating to data transfer and storing, e.g. error detection, self-diagnosis
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Definitions

  • the invention is based on a portable data carrier according to the preamble of the main claim.
  • a portable data carrier such is known for example from EP 932 865 B1.
  • It describes an IC card that offers the option of loading applications that were written in the high-level Java programming language (see also http://java.sun.com).
  • class files In clear text created in Java applications are first in so-called “class files” compiled, which are subsequently subjected to conversion. Therein, the class files in compact "card class files” or “card application files” or “CAP-fil 'it "transferred, which are finally transferred to the IC card.
  • CAP-fil 'it transferred
  • a chip card as a web server, ie as a network server on the Internet and to provide the card with a proxy functionality.
  • a five-layer network structure is set up on the card, which has a physical transmission layer, a data transmission layer, a network layer, a transport layer and an application layer includes.
  • the application path includes utilities that implement the functionality of a web server on the one hand and the functionality of a proxy server on the other.
  • the physical transmission layer and the data transmission layer correspond to the current chip card standards and support conventional card commands, so that the card can be addressed in a known manner.
  • the proposed card enables secure handling of data that are exchanged between a terminal and a network server.
  • the font does not provide information on how an application can be loaded into the card.
  • An operating system for realizing a multi-application card is also known ("OSSCA”: Operating System for Smart Cards, prospectus from KEYCORP Ltd., March 1999, available at http://keycorp.net/smartcard/ ossca.pdf), which is used for execution of application programs written in a variant of the high level programming language FORTH is set up and such application programs can be reloaded.
  • the operating system allows up to four applications to be executed simultaneously.
  • communication between chip card and terminal takes place in accordance with a conventional, standardized chip card protocol a standard chip card interface Communication with the chip card requires special, suitable terminals.
  • the object of the invention is to provide a portable data carrier which is suitable for being used as a network server and which, for this use, places the lowest possible demands on the usage environment.
  • the object is achieved by a portable data carrier with the features of the main claim.
  • the basis for the portable data carrier according to the invention is the approach of not initially providing elements that only serve to set up the data carrier for use in applications tailored specifically to portable data carriers.
  • He- Portable data carriers according to the invention only have a standard interface adopted from the field of computer technology and means for carrying out two different transmission modes, a first transmission mode being used to set up applications, while the other is used to use the applications using a known network protocol.
  • An essential element of these means is a distribution unit which prevents the setting of the transmission mode to be used in each case.
  • the data carrier according to the invention has the advantage that applications can be addressed using a conventional network protocol which is not specific to the data carrier and which is common for communication between participants connected via a network.
  • the network protocol can be a conventional TCP / IP protocol.
  • the data carrier can thus be used in any TCP / IP environment.
  • a data carrier equipped with TCP / IP is suitable for use in a local area network ("LAN") which can be connected to the Internet via an address translator. The data carrier then behaves like a regular Internet user.
  • LAN local area network
  • Another particular advantage of the data carrier according to the invention is that programs for implementing new applications can be loaded onto a portable data carrier in a high-language format without preprocessing.
  • the high-level language FORTH is particularly suitable for program creation.
  • the applications placed on a portable data carrier advantageously comprise a card-resident network server, by means of which the applications can be navigated.
  • the network server can in particular be a Web server for use on the Internet.
  • a first network server can be an HTTP server and a second network server can be an FTP server.
  • the structure provided for a data carrier according to the invention makes it possible to initially equip data carriers with only one interpreter during production, but no applications yet. This can be done by the customers of the data carriers.
  • FIG. 2 shows the structures of a portable data carrier with network server functionality and of a terminal device interacting with the portable data carrier
  • Fig. 6 shows a practical application of a data carrier.
  • USB Universal Serial Bus
  • Protocol Software component that acts as an intermediary between a sending and a receiving entity during data transmission.
  • SLIP Serial Line Internet Working Protocol
  • PPP Point to Point Protocol
  • TCP Transmission Control Protocol.
  • IP Internet Working Protocol
  • UDP User Datagram Protocol. Particularly simple protocol without overhead.
  • DHCP Dynamic Host Contention Protocol Automatic address assignment in the network under Windows.
  • CGI Common Gateway Interface
  • HTML Hypertext Markup Language
  • OSI layer model Open System Interconnection layer model.
  • ASCII code assignment rule that corresponds to a defined alphanumeric
  • FIG. 1 illustrates the basic structure of a chip card 10 which is suitable as a multifunction card for use in different applications and which can be loaded with new application programs in the context of a high-level language programming environment.
  • An essential element of the chip card 10 is an integrated circuit 1 in the form of a microcontroller, which has a processor core 2 and a memory system with three memory fields 3, 4 and 5 on a single semiconductor chip.
  • the microcontroller 1 is also connected to a data carrier interface 24 for the exchange of data with an external terminal 100.
  • the first 3 is typically a mask-programmed read-only memory in the form of a ROM
  • the second is an electrically erasable and writable read-only memory in the form of an EEPROM or a FLASH memory
  • the third is a volatile read / write memory , usually in the form of a RAM.
  • the first memory field 3 contains the program code of the operating system of the chip card 10. Furthermore, the program code of basic application programs that should be present on all chip cards 10 can be stored in the first memory field 3. The entire program code stored in the first memory field 3 is used to produce the chip card 10 by means of a Mask attached to the card as machine code.
  • the second memory field 4 is used to hold the code of application programs subsequently placed on a chip card 10. In addition, it usually also serves as working memory.
  • the third memory field 5 serves as fast working memory in a known manner.
  • the interface 24 can be of the contact type and in particular can be designed as a conventional chip card contact field.
  • the interface 24 can be of the contactless type and can have, for example, the shape of a coil which forms an antenna.
  • the entire structure of the chip card shown in FIG. 1 is known per se and is described, inter alia, in the “manual of chip cards” mentioned.
  • the essential component of the terminal device 100 is a controller 101 with all elements and the basic functionality of a conventional computer.
  • the controller 101 provides a network navigator 150, that is to say an application program for carrying out accesses to data contents which are stored in a network structure such as the Internet.
  • the controller 101 is set up to execute a terminal program 102 which, via a suitable interface, for example a serial RS 232 interface, allows communication with a portable data carrier 10 through data exchange.
  • a suitable interface for example a serial RS 232 interface
  • the terminal device 100 has an interface 122 corresponding to the data transmission interface 24.
  • a software is also installed on the terminal device 100 on the terminal device 100, which interface 122 adapts to the applications located on the terminal device 100, in particular the terminal program 102, the network navigator 150 or a dial-up network with SLIP / PPP.
  • this software provides the interface 122 as a serial interface, for example as an RS 232 interface.
  • the terminal 100 expediently also offers a programming environment by means of which it is possible in connection with a portable data carrier 10 to create new application programs for the portable data carrier 10.
  • Part of the terminal 100 is furthermore a user interface 140 which has means 142 in order to present information of the terminal 100 to a user; typically these means 142 are in the form of a screen.
  • the user interface 140 also has means 144, typically in the form of a keyboard, to enable a user to enter commands to the terminal program 102.
  • the terminal device 100 can be a single arrangement which is accessed by a single user, for example a correspondingly set up conventional computer, but also e.g. a terminal that is available to a large number of users and is, for example, part of an application solution set up on a network.
  • Terminal program 102 and the network navigator 150 Via the terminal program 102 and the network navigator 150, the terminal device 100, under the control of a user, enables activation and use of a functionality available on a portable data carrier 10.
  • Terminal program 102 and network navigator 150 provide the program routines necessary for this. For example, they offer a program routine for establishing communication over the serial Interface 122 or a modem.
  • the terminal program 102 also enables the introduction of new application programs onto a portable data carrier 10.
  • FIG. 2 illustrates the basic logical structure of the arrangement shown in Fig.l.
  • the right-hand part of FIG. 2 shows the structure of the portable data carrier 10, hereinafter referred to only as a data carrier, and the left-hand part shows the structure of a terminal 100.
  • the data carrier 10 is divided into a communication area 20, an interaction area 40 and a server area 50.
  • the terminal device 100 includes a communication area 120, a user interface 140, a terminal program 102 and a network navigator 150.
  • the communication area 20 of the data carrier 10 contains means for carrying out a data exchange between the data carrier 10 and an external terminal 100.
  • Part of this means is in particular a distribution unit 26 which, depending on the data received from the terminal 100, includes a data path to the interaction area 40 or Server area 50 sets up and sets a corresponding transmission mode.
  • the application programs located in the server area 50 are transmitted using a standardized network protocol via the data carriers.
  • Interface 24 supplied incoming data.
  • the data path between the data carrier interface 24 and the server area 50 has an architecture based on the OSI layer model in the form of a protocol stack.
  • the standardized network works protocol is in particular the "TCP / IP" protocol.
  • the interaction area 40 contains an interpreter 44 for setting up application programs in the server area 50 and for executing the application programs.
  • the interaction area 40 also contains a configuration area 48 for receiving parameterizations and settings for the interpreter 44 and the server area 50.
  • the data path into the interaction area 40 is implemented as transparent mode 39, in which the data coming in via the distribution unit 26 are forwarded unchanged.
  • the communication area 20 of the data carrier 10 has a protocol stack structure made up of a plurality of protocol layers one above the other, which is traversed successively by incoming and outgoing data.
  • Each protocol layer implements defined services in which it subjects the data it receives to the specified processing. In doing so, it builds on the services of the layer below and in turn offers its services to the layer above.
  • the services are defined in the form of protocols.
  • Protocol stack structure Basic elements of the protocol stack structure are a feed area 21 and a transport system 22.
  • the first component of the feed area 21 is a transfer layer with the data transmission interface 24 for physical transfer and receipt. acceptance of data to or from a corresponding interface 122 of a terminal 100.
  • the data transmission interface 24 can in particular be designed as a USB or Firewire or as an Ethernet interface.
  • a distribution unit 26 Associated with the data transmission interface 24, as a second component of the feed area 21, is a distribution unit 26. Depending on the data received via the data carrier interface 24, it defines a data path on which the data is forwarded and sets the transmission mode to be used for the data transmission. 2, a first data path points into the interaction area 40, a second data path into the server area 50. In the first case, the data transmission takes place in transparent mode 39. In the second case, the data transmission takes place in a network protocol mode 38 using a network protocol. In the latter case, the set data path points to the first layer 28 of the transport system 22 that is based on the data transmission interface 24. The number of data paths is not limited to two but can be increased as desired within the scope of the hardware resources available on the data carrier 10.
  • FIG. 3 illustrates an arrangement for the technical implementation of a transmission mode change when using an interpreter working with a namespace switch, in particular a FORTH interpreter 44.
  • the distribution unit 26 is on the one hand via a direct connection 39 and on the other hand via the transport system 22 with an activation meter - Mechanism 37 connected, the interpreter 44 is connected downstream on the output side.
  • the data transmission via the transport system 22 takes place in the network protocol mode.
  • the direct data transmission from the distribution unit 26 to the activation mechanism 37 realizes the transparent mode.
  • a separate activation Signal connection 27 led to the activation mechanism 37.
  • the interpreter 44 has two namespaces 45, 46 in which applicable functions and basic routines are created.
  • the first namespace 45 contains functions and basic routines for implementing the transparent mode 39.
  • the second namespace 46 contains functions and basic routines for implementing the network protocol mode 38.
  • the respectively valid namespace is set via the activation signal connection 27.
  • the transparent mode 39 is expediently always set at the beginning of a data exchange between a terminal 100 and a data carrier 10.
  • the data stream flowing via the data carrier interface 24 is in this case passed directly from the distribution unit 26 to the interpreter 44 and processed by the latter.
  • the distribution unit 26 continuously monitors the data stream to determine whether a specific control element appears in it.
  • a defined byte sequence which has meaning in one of the transmission modes and is not provided in the other, expediently serves as the control element.
  • the distribution unit 26 changes to the second transmission mode, ie to the network protocol mode 38, and sets the data path to the server area 50.
  • the data stream is then no longer routed directly to the interpreter 44 but to the transport route 22.
  • the distribution unit 26 generates an activation signal, which it transmits to the activation mechanism 37 via the activation signal connection 27.
  • the activation mechanism In turn, mechanism 37 then prepares interpreter 44 for executing application programs from server area 50. For this purpose, the activation mechanism 37 inserts an instruction into the data stream that designates a specific network server 52.
  • the activation mechanism 37 inserts the instruction “4HTTP” into the data stream in order to call an HTTP server.
  • the functionality of such a network server 52 is described using second namespace 46.
  • the interpreter 44 sets the namespace 46 assigned to the network protocol mode 45 as the namespace to be used and blocks the other.
  • the transport system 22 which in turn consists of three protocol layers 26, 28, 30, is placed on the distribution unit 26.
  • the protocol layer sequence 26, 28, 30 is designed to enable the known TCP / IP network protocol.
  • TCP / IP is quasi-standardized by RFCs and is particularly widespread on the Internet.
  • the first layer of the transport system 22 is a protocol layer 28 for management of the transmission of data packets.
  • the transmission layer 28 is in the form of a SLIP, a PPP or an RNDIS protocol layer.
  • the transmission layer 28 there is a network layer 30 for determining the recipients or the destination addresses of data packets to be transmitted in the server area 50.
  • the network layer 30 is designed as an IP protocol layer.
  • a transport layer 32 for controlling the data flow to the server area 50 lies over the network layer 30.
  • the transport layer 32 is designed as a TCP protocol layer.
  • the transition between communication area 20 and server area 50 can be implemented as an I / O buffer.
  • the transport layer 32 provides service requests therein, which specify which application in the server area 50 is to be activated in each case.
  • the service requests are formed by port numbers, each of which designates a network server 52.
  • All layers of the transport system 22 are expediently permanently created in the memory 2 of the processor core 1 by mask programming and form a static component of the portable data carrier 10.
  • the data transmission interface 24 is designed via existing contact means or via contact means set up specifically for this purpose. For example, it uses a coil present on the data carrier 10 or works via certain contacts of a standard chip card contact field.
  • FIG. 4 illustrates the operation of the protocol stack 24 to 32 when using TCP / IP when the data carrier interface is designed as USB interface.
  • the data coming from the terminal 100 is transferred to the data carrier 10 in packets 410 of, for example, 64 bytes.
  • the packets 410 each contain sub-packets 400 'of user data 400.
  • the beginning and end of each packet 410 are each marked by a CO byte 420, ie the number 192 decimal.
  • the CO byte 420 is not assigned to any character within the ASCII code. It therefore also serves as a control element for the distribution unit 26 for setting the transmission mode.
  • the distribution unit 26 selects the network protocol transmission mode 38 accordingly for the forwarding of the data packets 410 and transfers the data packets 410 to the SLIP transmission layer 28, which packs them into a coherent data block 430. Furthermore, the distribution unit 26 sends an activation signal to the activation mechanism 37.
  • the SLIP transmission layer 28 passes the unfragmented data block 430 to the IP switching layer 30, which evaluates the IP header 440 contained in the data block 430 and determines the destination address contained therein.
  • the data block is subsequently transferred to the TCP transport layer 32, which evaluates the TCP header 450 contained in the data block 430 in order to determine the service request 420 contained therein.
  • the service request is a port number 460 in TCP / IP. It denotes a network server 52 to be used to execute the service; Widespread are, for example, the HTTP server to which port number 80 is assigned, or the FTP server with port numbers 20 and 21.
  • Port number 460 is provided at the exit of transport layer 32, from where network server 52, designated by port number 460, thus, for example, the HTTP server or the FTP server, which accesses the user data 400 contained in the data block.
  • the faulty data packet 430 is rejected.
  • the content of data packets 430 that are fundamentally meaningful is provided, for an HTTP server, for example, the instructions GET, HEAD or POST with associated variables, for example “host:”, and parameters, for example “/index/.html”.
  • the protocol layers 28, 30, 32 of the communication area 20 can be executed multiple times or in a branching manner in order to enable other or further network protocols.
  • a further transport layer can be set up approximately parallel to a first transport layer 32, which transports data for other services.
  • An example of a second transport layer is a UDP layer.
  • An integral part of the interaction area 40 is an interpreter 44. It is addressed via the data transmission interface 24 in the transparent mode 39. In transparent mode 39, ASCII data are typically transmitted to it. Other data formats also come into consideration, such as APDU commands in the field of chip cards.
  • the interpreter 44 realizes two basic functionalities. On the one hand, upon access to corresponding textual instructions, it executes application programs stored as machine code in the storage system of the data carrier 10 and thereby realizes the functionalities and applications assigned to the data carrier 10. This first basic functionality is carried out when using the network protocol mode 38.
  • the interpreter 44 also enables the reloading of new application programs on the data carrier 10.
  • the program source text to be loaded is compiled when it is loaded into native machine code and is preferably stored in the non-volatile memory field 3 of the data carrier 10.
  • the program source text to be loaded can be the source text of an application to be brought onto the data carrier 10 or the HEX - Dump a patch for an existing application program.
  • the second basic functionality is implemented in transparent mode 39.
  • the program source text supplied is in a high-level programming language. It is conveniently written in the high-level programming language FORTH.
  • the interpreter 44 is a FORTH interpreter according to ISO 15948, which is composed of an outer interpreter 42 and an inner interpreter 43.
  • Such an interpreter 44 can be implemented with a space requirement of typically 8 kB in the storage system 3, 4.
  • the outer interpreter 42 interprets textual instructions coming from the feed area 21 - for example HTTP commands in the network protocol mode or configuration instructions in the transparent mode - and checks the text for basic routines (“words”) contained therein.
  • the inner interpreter 43 runs and executes the Basic routines through the processor core 1 of the data carrier 10 by interpreting memory addresses present in binary form.
  • the inner interpreter 43 thus executes the actual execution of application programs. Parameters are passed from the outer to the inner interpreter via a stack memory (“stack”).
  • interpreter 44 can also be based on other programming environments, for example if the storage capacity of the data carrier 10 this allows on Java. Depending on the programming environment chosen, modifications to the internal structure of interpreter 44 may be necessary.
  • the functional scope of a FORTH interpreter 44 on which this is based is determined by the basic routines.
  • a basic set of elementary basic routines is permanently created in the non-volatile memory area 3 during the production of the data carrier 10 as a mask code.
  • the functional scope of the FORTH interpreter 44 can be expanded by reloading basic routines based on these elementary routines. Usually there is an extension in connection with the reloading of new application programs. When the strings are loaded, the interpreter 44 compiles new basic routines to memory addresses of elementary routines, which are then each executed by the inner interpreter 43 when an application program is executed.
  • the basic routines are organized in a number of namespaces 45, 46, one namespace 45, 46 each being assigned to a basic functionality of interpreter 44.
  • Basic functionalities of interpreter 44 are the reloading of new program codes and the execution of existing application programs.
  • the first basic functionality corresponds to the transparent mode 39, the second to the network protocol mode 38.
  • a first namespace 45 comprises basic routines assigned to the transparent mode 39. These include the commands SET-IP, NET STAT, HELP.
  • a second namespace 46 assigned to the network protocol mode 38 correspondingly comprises the commands GET, HEAD, POST.
  • the interaction area 40 further contains a configuration area 48, which is used to manage configurations and parameterizations.
  • the Configuration area 48 enables the interactive configuration of settings of communication area 20 or server area 50 in transparent mode 39. In transparent mode 39, it can be addressed directly by a terminal 100 and provides operating aids, for example input masks that implement user guidance.
  • the configuration area 48 for example, the IP address valid for the portable data carrier 10 or an application located in the server area 50 or the default gateway for unknown addresses are defined.
  • Part of the configuration area 48 is also a configuration manager 49 with which the usability of the transparent mode 39 can be set.
  • the configuration manager 49 allows the transparent mode to be restricted in such a way that only configuration instructions can be entered in the transparent mode 39, but changes to the range of functions of the interpreter 44, for example by loading new basic routines, are no longer possible.
  • the configuration manager 49 is implemented by blocking the execution of certain basic routines of the associated namespace 45. Configuration manager 49 is expediently set up after all other application programs have been loaded,
  • a basic version of the interpreter 44 with elementary routines and the configuration area 48 are expediently stored as a mask program in the non-volatile memory fields 3, 4 of the portable data carrier 10.
  • the server area 50 contains the application programs executable with the data carrier 10 and the files required for their function. At least one of the application programs implements the functionality of a network server 52.
  • the network server 52 can be an HTTP server, for example or be an FTP server. With the help of a network server 52, the data carrier 10 becomes a full network server in relation to the terminal 100. For example, the execution of an application program implementing an HTTP server by the interpreter 44 causes an HTML page or other data and a header to be output.
  • Appendix A shows an example of an application program for realizing a network server, a FORTH source text that realizes a basic network server.
  • the source text can be transmitted by means of the terrestrial program 102 in transparent mode from a terminal device 100 to a data carrier 10 and produces the network server functionality there.
  • the application program that realizes the functionality of a network server 52 is executed by the interpreter 44 if the transport system 22, after passage through the switching and transport layer, has a useful service request at the exit of the transport system 22.
  • the service request can be, for example, the request to execute an HTTP command such as GET, HEAD or POST. If there is such a service request, the interpreter 44 determines whether a program code implementing the requested service is present in the server area 50. If this is the case, it transmits a confirmation message to the transport system 22 and executes the program code found.
  • the requested service can consist, for example, in the output of an HTML file containing a text.
  • the trigger for the request can be an address requested by a user via a network navigator 150, for example the address “http://160.1.1.1/index/html”.
  • the network navigator 150 uses this to generate an http instruction that issues the HTTP command “ GET "contains, for example” GET / index.html http / 1.1 ".
  • This HTTP instruction is in the Network protocol mode 38 passed to the interpreter 44 via the transport system 22.
  • the interpreter 44 functions as an HTTP network server 52 and executes basic routines in order to deliver the requested file to the network navigator 150.
  • the network navigator 150 displays the received file in the terminal 100 via the user interface 140.
  • auxiliary application programs are connected to the network server 52, the type and number of which depend on the type of network server and the particular requirements.
  • a source code analyzer for example in the form of a
  • XML parsers 54 for example for compiling CGI scripts 66
  • a block of security configuration files 58 in which security settings for the operation of the interpreter are stored.
  • the network server 52 is assigned a file system 68 with files for recording user data, i.e. in particular files 60 with applets, files 62 with images, or files 64 with graphics to be displayed, such as HTML files.
  • Application programs and files to be stored in the server area 50 are loaded in transparent mode 39 via interpreter 44 or in network protocol mode 38 using a suitable command, for example the HTTP command POST.
  • Certain basic structures for example the structure of the file system 68, are expediently provided in the memory 4 used to set up the server area 50.
  • an HTTP server 52 in the server area 50 several network servers 52 can also be set up, which provide different services.
  • an FTP server and / or a Telnet server can also be provided, which becomes active when port 20/21 for the FTP port is located at the exit of the TCP transport layer. Server or 23 for the Telnet server is requested. Own file systems can be assigned to all network servers 52. However, as illustrated in FIG. 6, you can also access the same file system 68.
  • the grain communication area 120 of the terminal 100 forms the counterpart to the communication area 20 of a data carrier 10 and serves to carry out a data exchange with the latter. Like that, the communication area 120 of the terminal 100 has a layer structure. To data carrier 10, it has a physical interface 122 corresponding to its data transmission interface 24, in particular one
  • USB a Firewire or an Ethernet interface.
  • adaptation layer 124 which converts the data transmitted via the interfaces 122 from the format used on the interface 122 into the format required by the microcontroller 101 of the terminal 100. If, for example, the interface 122 is a USB interface, but the microcontroller 101 is only designed for processing simple serial signals, then the adaptation layer 26 forms a virtual serial interface.
  • a transport system 130 is formed above the adaptation layer 124 for forwarding to or receiving data transmitted via the data transmission interface 122 to the network navigator 150.
  • the transport system 130 as indicated in FIG. 1, comprises a SLIP or PPP layer 132, an IP layer 134 and a TCP layer 136, ie corresponding to a protocol layer sequence based on the OSI layer model the OSI layers 2, 3 and 4 in the communication area of the data carrier 10.
  • the terminal program 102 is used to establish a transparent mode data connection to a data carrier 10. It is operated via the user interface 140 and realizes the data exchange in the transparent mode 39. Using the terminal program 102, among other things, the creation of new application programs for the server area and access to configuration area 48.
  • Network navigator 150 is typically a common browser. If the data carrier 10 has a network server 52, it allows, in particular, selection and calling of a specific application from the server area 50 of the portable data carrier 10. The user navigates the network navigator 150 via the user interface 140 ,
  • a practical use of a data carrier 10 is described below with reference to FIG. 6.
  • the use shown is divided into three phases, the first phase e.g. is carried out at the manufacturer of the data carrier 10, the second phase by a user and the third phase by an end user.
  • the first phase begins by the manufacturer providing a data carrier 10, step 300.
  • the interaction region 40 and the communication region 20 with a communication device for executing at least one network protocol are created on the data carrier 10 by mask programming.
  • the applications to be applied directly by the manufacturer are also loaded, step 302 and set the associated configurations in configuration area 48, step 304.
  • the data carrier 10 is then transferred to the application provider, step 310.
  • the application provider is, in particular, an institution that operates a network of terminals 100, on which certain applications can be carried out using a data carrier 10.
  • Such an application provider can be, for example, a bank or an authority.
  • the application provider presents the data carrier 10 received from the manufacturer at the interface 122 of a suitable terminal 100 and establishes a connection to the data carrier 10 using a suitable terminal program 102, step 310.
  • the data carrier 10 initially sets the transparent mode 39 as the transmission mode, and thus a data path to the interaction area 40, step 312.
  • the application provider now loads its own applications, step 316, for example special banking or governmental applications, onto the data carrier 10, where they are loaded into the server area 50.
  • the application provider also makes adjustments in the configuration area 48 before step 320 and loads them onto the data carrier 10. For example, it may be necessary to convert a manufacturer-related IP address of the data carrier 10 that was initially created by the manufacturer into an IP address that is valid on the end devices 100 of the user. Change address. In transparent mode 39, the application provider therefore enters into a direct dialog with the configuration area 48 and sets the changed IP address by means of the terminal 100. If all intended accesses have taken place, the application provider ends the communication with the data carrier 10 by removing it from the terminal 122 on the terminal side, step 322. The data carrier 10 is now handed over to the end user.
  • the end user in turn presents the data carrier 10, step 330, for executing an application to a suitable terminal 100, for example the reader of a home computer, and establishes a connection to the data carrier 10 using a suitable communications program 102.
  • the data carrier 10 then first switches to the transparent mode 39, step 332, and offers a dialog with the interaction area 40 via the terminal 100. As a rule, changes in the design area 40 are not to be made by an end user.
  • the end user regularly initiates the execution of an application. For this purpose it changes from the to the communication structure 'program routine employed in a form suitable for access to a server located in the area 50 of the data carrier 10 application program routine, such as a conventional network browser and requests access to the' on application. The request is made using the browser's network protocol, step 334. This causes the distribution unit 26 of the data carrier 10 to change the transmission mode and to set a data path in the server area 50 to the desired application.
  • the end user then executes the intended application, step 336.
  • the end user ends access to the data carrier 10, step 338.
  • the end user changes back to the transparent mode 39 by ending the current application access by actively ending the SLIP / PPP session or by removing the data carrier 10, the data carrier 10 immediately afterwards again at the interface 122 of the terminal 100 presents, step 340, and starts communication with the data carrier again using the program routine provided for this purpose.
  • the latter first sets the transparent mode 39 again.
  • a UDP / IP protocol architecture can be set up in the communication area 20.
  • Further network servers 52 for example a TELNET server, with associated auxiliary programs and file systems can be set up in the server area 50.
  • TCP / IP itself allows a large number of variants and configurations within the framework of the associated RFCs.
  • applications with any other structures can also be created. These further applications may also require that in the communication area 20 a specially adapted further protocol layer architecture for communication with the applications is established.
  • activation mechanism and interpreter 44 can also occur in principle.
  • the functionality of the activation mechanism could be integrated into the distribution unit. Expedient modifications can also result from the aspect of security against manipulation when handling data on the portable data carrier and when exchanging data between the portable data carrier and a terminal device 100.

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Theoretical Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Strategic Management (AREA)
  • Accounting & Taxation (AREA)
  • General Business, Economics & Management (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Telephonic Communication Services (AREA)
  • Telephone Function (AREA)
  • Stored Programmes (AREA)

Abstract

L'invention concerne un support de données portatif (10) se présentant de préférence sous forme de carte à puce, comportant un interpréteur (44) pour charger et mettre en oeuvre des programmes d'application, dont au moins un assume la fonctionnalité d'un serveur de réseau (52). Le chargement de programmes d'application et leur mise en oeuvre s'effectuent à l'aide de différents modes de transmission (38, 39). Pour ajuster le mode de transmission à utiliser dans chaque cas, il est prévu une unité de répartition (26) qui observe le flux de données entrant, en vue de l'apparition d'éléments de commande déterminés. Un mode de transmission (38) peut être un protocole de réseau courant, notamment un protocole TCP/IP.
PCT/EP2003/014540 2002-12-20 2003-12-18 Support de donnees portatif a fonctionnalite de serveur de reseau Ceased WO2004059562A2 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP03785881A EP1579318A2 (fr) 2002-12-20 2003-12-18 Support de donnees portatif a fonctionnalite de serveur de reseau
AU2003294905A AU2003294905A1 (en) 2002-12-20 2003-12-18 Portable data carrier with network server functionality

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE10261916.6 2002-12-20
DE2002161916 DE10261916A1 (de) 2002-12-20 2002-12-20 Tragbarer Datenträger mit Netzserverfunktionalität

Publications (2)

Publication Number Publication Date
WO2004059562A2 true WO2004059562A2 (fr) 2004-07-15
WO2004059562A3 WO2004059562A3 (fr) 2005-01-06

Family

ID=32404426

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2003/014540 Ceased WO2004059562A2 (fr) 2002-12-20 2003-12-18 Support de donnees portatif a fonctionnalite de serveur de reseau

Country Status (4)

Country Link
EP (1) EP1579318A2 (fr)
AU (1) AU2003294905A1 (fr)
DE (1) DE10261916A1 (fr)
WO (1) WO2004059562A2 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009090070A2 (fr) 2008-01-16 2009-07-23 Giesecke & Devrient Gmbh Support de données portatif comprenant un interpréteur cat
WO2011107022A1 (fr) * 2010-03-03 2011-09-09 华为终端有限公司 Carte de données et procédé de connexion en réseau par liaison modem

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102004052875A1 (de) * 2004-11-02 2006-05-04 Giesecke & Devrient Gmbh Tragbarer Datenträger mit einem integrierten Schaltkreis
DE102005028393A1 (de) * 2005-06-20 2006-12-28 Giesecke & Devrient Gmbh Tragbarer Datenträger
DE102007055653A1 (de) 2007-11-21 2009-05-28 Giesecke & Devrient Gmbh Portabler Datenträger mit Web-Server
DE102010033995A1 (de) * 2010-08-11 2012-02-16 Giesecke & Devrient Gmbh Tragbarer Datenträger mit einem Web-Server
DE102012008147A1 (de) * 2012-04-24 2013-10-24 Tobias Volk Anordnung zur Organisation von Daten auf einem RFID- Transponder

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6254288B1 (en) 1995-02-17 2001-07-03 Guido Heyns Integrated circuit controlled transaction management system
WO2001060881A2 (fr) 2000-02-17 2001-08-23 Lee Eung Chan Polyorganosilsequioxane et procede de preparation associe
US20020174071A1 (en) 2000-02-10 2002-11-21 Alain Boudou Method for loading a piece of software in a smart card, in particular applet

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19926081A1 (de) * 1999-06-08 2000-12-21 Giesecke & Devrient Gmbh Chipkarte mit mehreren Anwendungsprogrammen
WO2001096990A2 (fr) * 2000-06-15 2001-12-20 Rainbow Technologies, B.V. Cle personnelle compatible avec le bus serie universel faisant appel a un processeur de carte a puce et a un emulateur de lecteur de carte a puce

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6254288B1 (en) 1995-02-17 2001-07-03 Guido Heyns Integrated circuit controlled transaction management system
US20020174071A1 (en) 2000-02-10 2002-11-21 Alain Boudou Method for loading a piece of software in a smart card, in particular applet
WO2001060881A2 (fr) 2000-02-17 2001-08-23 Lee Eung Chan Polyorganosilsequioxane et procede de preparation associe

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
See also references of EP1579318A2
W. RANKL; W. EFFING: "Handbuch der Chipkarten", 2002

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009090070A2 (fr) 2008-01-16 2009-07-23 Giesecke & Devrient Gmbh Support de données portatif comprenant un interpréteur cat
WO2009090070A3 (fr) * 2008-01-16 2009-10-01 Giesecke & Devrient Gmbh Support de données portatif comprenant un interpréteur cat
CN101960823A (zh) * 2008-01-16 2011-01-26 德国捷德有限公司 具有卡应用程序工具箱解释器的便携式数据载体
CN101960823B (zh) * 2008-01-16 2013-12-11 德国捷德有限公司 具有卡应用程序工具箱解释器的便携式数据载体
US8966108B2 (en) 2008-01-16 2015-02-24 Giesecke & Devrient Gmbh Portable data carrier comprising a CAT interpreter
WO2011107022A1 (fr) * 2010-03-03 2011-09-09 华为终端有限公司 Carte de données et procédé de connexion en réseau par liaison modem

Also Published As

Publication number Publication date
EP1579318A2 (fr) 2005-09-28
DE10261916A1 (de) 2004-07-01
AU2003294905A8 (en) 2004-07-22
WO2004059562A3 (fr) 2005-01-06
AU2003294905A1 (en) 2004-07-22

Similar Documents

Publication Publication Date Title
DE69230199T2 (de) Kompensation von nicht richtig angepassten Transportprotokollen in einem Datenkommunikationsnetzwerk
EP0466969B1 (fr) Méthode pour éviter des écarts inautorisés d'un protocole de déroulement d'une application dans un système d'échange de données
DE69925806T2 (de) Verfahren zur kommunikation zwischen einer benutzerstation und einem netzwerk insbesondere das internet und architektur dafür
DE60124367T2 (de) Verfahren zur übertragung von hochrätigen datenströmen über internet zwischen einem server und einem chipkartenterminal
DE60207155T2 (de) Objektorientiertes Internetschnittstellensystem für eine industrielle Steuereinrichtung
DE69400549T3 (de) IC-Karten-Übertragungssystem
DE10297269T5 (de) Kennzeichnung von Paketen mit einem Nachschlageschlüssel zur leichteren Verwendung eines gemeinsamen Paketweiterleitungs-Cache
WO1997001147A2 (fr) Procede permettant de simplifier la communication a l'aide de cartes a memoire
DE60124722T2 (de) Verfahren zur übertragung eines mobilen agenten in einem netzwerk; sender, empfänger und zugehöriger mobiler agent
DE10236189A1 (de) Verfahren zum Zugreifen auf Bilderzeugungsinformationen auf einer Bedarfsbasis unter Verwendung einer Web-basierten Bilderzeugung
EP1579318A2 (fr) Support de donnees portatif a fonctionnalite de serveur de reseau
DE10352400A1 (de) Netzwerkdienst-Abfangvorrichtung
EP1230780B1 (fr) Carte a puce adaptable
WO2003036401A2 (fr) Procede de detection de plusieurs appareils de champ dans une configuration d'appareils
DE102018128502A1 (de) Verfahren und Vorrichtung zur Bedienung und Steuerung einer maschinentechnischen Anlage mit Hilfe einer grafischen Entwicklungsoberfläche und Erzeugung einer Feldbus-Konfiguration
EP1230779B1 (fr) Procede, carte puce et dispositif pour une interface logique entre deux applications
EP1845440A2 (fr) Procédé et agencement destinés à l'impression à partir d'application Internet tout comme programme informatique correspondant et un support de mémoire lisible par ordinateur correspondant
EP1527425B1 (fr) Methode d'etablissement d'un systeme de fichier sur un support de donnees
DE10244459A1 (de) Rechner- und/oder Software-Architektur unter Verwendung von Micro-Kernel- und Multi-Tier-Konzept mit Komponententechnik
EP2225647A2 (fr) Support de données portable avec serveur web
EP1177667B1 (fr) Reseau, interpreteur pour un reseau de ce type et procede d'exploitation d'un reseau
EP2740070B1 (fr) Mécanisme de communication entre deux applications sur un module de sécurité
EP1015972B1 (fr) Procede de commutation d'etapes de transactions
EP1515521A9 (fr) Une méthode et un appareil pour la conversion automatique des messages du texte à l'interrogation des applications internet
DE102020104646A1 (de) Browserbasierter Fernzugriff auf Hardware-Sicherheitsmodul

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
REEP Request for entry into the european phase

Ref document number: 2003785881

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2003785881

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2003785881

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Ref document number: JP