The present invention relates to remote card content management and, more specifically, to remote card content management of secure elements using synchronous server-side scripting.
The use of multi-application smart cards is becoming increasingly widespread and there are strong market initiatives to embed these secure elements into mobile devices. In the context of smart cards, an application protocol data unit (APDU) is the communication unit between a smart card and a smart card reader. Remote card content management controls delivery of card content management commands or APDUs to a secure element hosted in a mobile device. A common and flexible scripting language may be used for programmatically carrying out card content management. Once one or more card content management operations are programmed using the scripting language, as part of the script execution, APDUs are expected to be generated and sent to the secure element. Based on the response from the secure element, it is possible to use programming constructs such as if-else statements in the scripting language to implement error-handling logic or other decision-based logic. It is also possible to extend and customize the scripting language to meet more specific requirements.
A mobile environment is inherently asynchronous while the script methods that send APDUs to the secure element are expected to be synchronous. That is, if a method sends an APDU to the secure element, the invocation should block until the card response is received. This synchronous behavior enables programmatic capabilities of the scripting language to be utilized. A further challenge to remote card content management is that a script interpreter running on a server cannot initiate sending of APDUs to a mobile device when the mobile device always acts as a client. While text-based fragmentation may be used to split a script into multiple subscripts, programmatic capabilities of the script, such as flushing in combination with if-else clauses cannot be utilized with text-based fragmentation. A state-machine implementation may be used in systems supporting high-level language execution, but using such a high-level language removes the flexibility and portability that scripting provides.