Smart cards are small, tamper resistant plastic cards that contain in them a central processing unit (CPU) and supporting hardware. They can be used, for example, as smart credit cards, or employee badges, or for thousands of other uses, by having different application programs on board.
In the international smart card standard ISO/IEC 7816-4, incorporated herein by reference in its entirety, one finds the concept of up to four logically independent communication channels with a smart card. The state each of these channels is kept separate from the state of each of the others. Thus, for example, the current file on one channel may be different from the current file on another channel. A command sent to the card on one channel must be completed before a command can be sent on another channel.
The EMV ""96 smart card specification, incorporated herein by reference in its entirety, defines the notion of application selection wherein the card returns a list of all of the applications that are contained on the card. Also in EMV ""96 is described a method of activating individual applications on the smart card. A command sent to one application must be completed before a command can be sent to another application.
U.S. Pat. No. 6,005,942 discloses a method for activating individual applications on a smart card. When an application is activated all communication with the smart card is directed to that application. To communicate with another application the currently activated application must be deactivated and the new application activated.
U.S. Pat. No. 6,052,690 discloses the notion of maintaining multiple independent contexts on a smart card and the notion of communicating with any one of these contexts.
U.S. Pat. No. 5,204,965 discloses the scheduling of tasks on a computer based on the availability of data needed by those tasks.
In summary, current art teaches xe2x80x9cheavyweightxe2x80x9d or xe2x80x9ccourse grainxe2x80x9d scheduling of applications on a smart card. One application must completely process a message sent to it before another application is started.
Currently, data to be processed by a smart card is transmitted by the terminal to the smart card in a single data block called an Application Protocol Data Unit (APDU). An APDU contains the data to be processed as well as the description of the type of processing that is to be performed. The data returned by the smart card to the terminal in response to an APDU is the result of applying the requested processing to the provided data. The size of the data block that can be provided to the smart card and retrieved from the smart card of the current art is typically less than or equal to 256 bytes. This restriction is due primarily to the limited amount of random access memory (RAM) in the smart card as it is the RAM memory that is used hold data as it is received into and sent out of the smart card.
U.S. Pat. No. 3,825,904 (among many other following) discloses a method of mapping pages of random access memory to and from disk storage in order to support programs whose memory needs in total exceed the size of the random access memory actually available on a computer.
In the ETSI international mobile telephony standards GSM 11.11 and 11.14, each of which is incorporated herein by reference in its entirety, one finds the concept of a method whereby a smart card and in particular a subscriber identity module (SIM) chip in a GSM mobile telephone can request services from the handset. The smart card can, in the process of responding to an APDU, stimulate the terminal to issue a FETCH APDU. The FETCH APDU provides the smart card with the ability to send a command to the terminal for execution. After the terminal has executed this command, the terminal returns the result of the execution to the smart card using a TERMINAL RESPONSE APDU. In a mobile telephone application, for example, the FETCH and TERMINAL RESPONSE APDUs are used to give commands to the handset, such as a command to display a message or to retrieve a keypad hit from the subscriber.
In addition, in a general technique known as data caching, data currently being used by a processor is stored in a manner that enables the processor to access it more quickly than when it resides in its assigned storage location. For example, a microprocessor chip may cache the instructions it executes in high-speed cache memory rather than return them to comparatively low-speed RAM memory in the expectation that recently executed instructions are more likely to be executed in the near future than instructions that have not been recently executed. Another example is the caching of Web pages on the World Wide Web where recently viewed pages are store closer (with respect transmission time on the network) to the computer on which they were viewed than the original network source of the pages.
In yet another general technique known as virtual memory, the amount of memory available to an application program is larger than the actual amount of memory on the processor on which it is running. Segments of the virtual memory space are swapped into and out of the actual memory of the processor from a non-memory device such as a hard disk as they are needed by the application.
While there are many applications of smart codes, one particular application is for its use in a mobile or cellular telephone.
A multi-application integrated circuit card (xe2x80x9csmart cardxe2x80x9d) contains a plurality of application programs. It is desirable for the entities communicating with the smart card to be able to conduct simultaneous independent communications with more than one of these programs. Current art holds that only one application can be communicating with entities outside the smart card at any one time. This restriction is due to a number of factors, including the fact that only one of the data messages of today""s art can fit in the smart card""s random access memory (RAM) at a time.
A system and method is hereby disclosed for simultaneously communicating with multiple individual applications on a smart card. The system and method employs fixed-size data packets and tightly couples the execution of applications and thereby communication with them with efficient management of the smart card""s limited RAM memory.
The present invention provides xe2x80x9clightweightxe2x80x9d or fine grain scheduling of applications. Packets comprising partial communication with multiple, concurrently running applications on the smart card can be intermixed on the single physical communication channel with the card. An additional benefit of the method of the disclosure is that multiple long-running applications can be concurrently active on the card.
As noted above current art includes the notion of multiple independent applications and multiple independent application execution contexts on a smart card. Current art also includes the notion of up to four independent logical communication channels to the card that can be used to communicate with applications on the smart card.
It would be natural to use these methods in combination and to thereby temporarily associate a communication channel with an application to achieve simultaneous communication with up to four applications. This requires the entity or entities communicating with applications on the smart card to maintain an up-to-date list of association of channels to applications. In effect, current art externalizes an important component of the management of the state of the smart card: the activation and scheduling of multiple applications on a smart card and the concurrent communication with them. This places an unnecessary burden on programs and systems using multi-application smart cards and, by exposing some internal state of the smart card, can weaken the security provided by the smart card.
The current disclosure teaches a system and method for moving the administration of simultaneous communication with multiple applications on a smart card onto the smart card itself. This simplifies communication with the applications on a smart card from the point of view of the entities using the smart card and at the same time makes more efficient use of the limited RAM memory and the physical communication channel with the smart card.
The smart card can associate each of its applications with an application index that is unique on that card. An application index provides shorthand identification for, and hence, faster access to, each application on the card. An application-identification packet is sent to the host for each application on the smart card, each application-identification packet identifying the application and providing the associated application index. In one embodiment, upon the start of a usage session, an application-identification packet for each application on the smart card is sent to the host upon the start of a usage session, which may include, for example, the application of power to the smart card, or the connection of the smart card to a host.
According to another aspect of the invention, an application that executes on a smart card receives a requesting packet from a host requesting to send information. The application declares its memory requirements. When the application is notified that its memory requirements have been satisfied, it sends to the host a permission packet such as a permission-to-send packet, at which time the application is ready to receive the information from the host.
According to yet another aspect of the invention, a smart card host sends a request-to-send packet to a smart card that is capable of having a plurality of applications. The packet is addressed to an application on the smart card. A permission-to-send packet is received from the addressed application once sufficient memory has been allocated to the addressed application. Information is then sent to the addressed application upon receiving, at the host, the permission-to-send packet.
A further embodiment of the present invention provides a protocol whereby blocks of data larger than will fit in the communication buffer of the random access memory (RAM) of an integrated circuit card (xe2x80x9csmart cardxe2x80x9d) can nonetheless be processed by the smart card. The protocol is also of use when multiple programs are sharing the RAM of a smart card and their total combined use of RAM exceeds the available physical RAM of the smart card. The disclosed protocol is compatible with existing smart card technology, standards, conventions and implementations.
Accordingly, with respect to one embodiment of the present invention, a smart card capable of having on it a plurality of applications, has a random access memory (RAM) that is logically partitioned into a plurality of memory blocks. A control program on the smart card allocates one or more memory blocks to one of the applications, upon a declaration from the application of its memory needs. The control program then schedules the applications for execution. Only those applications whose memory needs are currently satisfied are scheduled for execution.
The control program receives a request such as a request-to-send (RTS) packet from a host. The packet is addressed to a particular application, and the control program passes the requesting packet to the application. When the control program receives a permission such as a permission-to-send (PTS) packet from the addressed application after the addressed application has had its declared memory needs satisfied, the control program sends the permission packet to the host.
In a further embodiment, the control program maintains a list of outstanding permissions. Any incoming packet addressed to an application that, using this list, cannot be paired with a permission sent out the addressed application, is rejected.
The host can be, for example, a wireless communication device, which is meant to include any part of the device, for example, the handset, and is meant cover any variety of such devices including but not limited to cellular mobile telephones and personal digital assistants (PDAs).
In one embodiment, a virtual machine is used to execute one or more of the applications on the smart card. The control program communicates with the virtual machine to control scheduling to a predetermined granularity. For example, an application might be allowed to execute ten steps, or it might be allowed to execute just one step. The number of steps allowed may be fixed, or it may be determined once for each application or it may be determined repeatedly for every application just before executing the application.
Various scheduling algorithms such as round robin scheduling can be used. Alternatively, the control program can schedule just those applications that have incoming data. In yet another alternative, the control program schedules applications based on priorities assigned to the applications. Of course, various combinations of these and other scheduling algorithms can also be used.
A further embodiment of the present invention includes a capability called a swapper for swapping data pages between the smart card""s memory (the primary storage) and a host, for example a mobile telephone handset (the secondary storage).
Using, for example, the method of ETSI GSM 11.14, the swapper causes a FETCH command to be issued from the host. Upon receiving a FETCH command from the host, a first set, e.g. a first block or page, of data is swapped out from the memory of the smart card back to the host. At the same time a request can be made for a second set of data from the secondary storage to be transferred back into the smart card. In this latter case, the requested second set of data is received from the secondary storage and is stored in the smart card""s memory.
In one embodiment, a swap table is maintained in which each entry tracks, for a given application and memory page, the corresponding data stored in the secondary storage.
In another embodiment, an extended swap table is maintained in which each entry tracks, for a given application and logical page, corresponding data stored in the secondary storage and a corresponding physical page location where the data is stored in primary storage, i.e., the smart card""s memory, thus providing a level of indirection.