1. Field of the Invention
This invention relates to a computing device with an embedded microprocessor or micro-controller. A smart card is one implementation.
2. Description of the Prior Art
The use of embedded microprocessors and micro-controllers is widespread and increasing. Industrial appliances (vending machines, control machinery), automotive electronics (engine management systems, chassis electronics), communications devices (mobile telephones, private radio network systems) and personal computing devices (PDA's-personal digital assistants, smart cards) all use e embedded microprocessors or micro-controllers.
A specific example of an embedded micro-controller environment that benefits from the present invention is the smart card, typically a plastic credit-card shaped device containing an embedded, secure, micro-controller device. The use of smart cards as portable, secure, personalised computing devices is increasing. Historically, the functionality of a smart card has been fixed at the time of issuance. Recently, businesses have been exploiting techniques to modify the business logic and functionality of a smart card after it has been issued to a customer. Two main alternative techniques are proposed in the market today—the Visa originated Visa Open Platform (VOP) and MULTOS, a secure operating system owned by Mondex International. These techniques endeavour to provide a framework enabling the remote, cryptographically protected (secure and authenticated) modification of executable software (e.g. Java applets) within the smart card after it has been issued to a cardholder. VOP specifies a ‘Card Manager application’ held on a smart card that acts as the Card Issuer's on-card representative and provides secure application life cycle management functions. The Card Manager application defines, for example, how new applets/applications are loaded and installed onto a smart card; we will refer to this kind of functionality as ‘content management’ or, equivalently, ‘life cycle content management’ and the software which provides this as the ‘content manager’. A content manager for a smart card therefore manages executable software over the entire life cycle of that software, including some or all of the following: loading, command routing, storing life cycle parameters, monitoring activities, crypto functionality via an API etc. Content managers for smart cards are becoming critically important
The VOP Card Manager is itself an application that, in a typical implementation, runs on a Java Virtual Machine and is therefore executed via the JavaCard runtime environment. If the functionality of the Card Manager is to be hosted on a different operating system (i.e. one not running a Java Virtual Machine), then it must be rewritten as an application suitable for the new runtime environment. But the process of rewriting the Card Manager application is a complex and slow one, which must be performed with high regard for the correctness of the implementation of the critical security architecture. Developing a VOP application for, say, a Microsoft Windows-for-Smart Cards Card is a new process since it does not include a Java Virtual Machine; there is no re-use of the Java Card implementation's software.
MULTOS also features a mechanism for enablement and loading of executable software into the memory of the smart card. However, this is not implemented as an application on the runtime environment but as a low-level software routine that assumes certain features of the specific MULTOS run time environment. The drawback of this approach is that the load mechanism (i.e. loading and initialising new applets after the smart card has been issued) and run time environment are inextricably linked. For example, it is not possible to take this load mechanism and combine it with a different run time environment such as JavaCard.
The overwhelming bias in the prior art is therefore to tie the content manager to the runtime environment and/or hardware abstraction layer.