EP2089806A1 - Procede de passation d'instructions entre une station hote et un dispositif electronique portable, et dispositif de mise en oeuvre - Google Patents
Procede de passation d'instructions entre une station hote et un dispositif electronique portable, et dispositif de mise en oeuvreInfo
- Publication number
- EP2089806A1 EP2089806A1 EP07822255A EP07822255A EP2089806A1 EP 2089806 A1 EP2089806 A1 EP 2089806A1 EP 07822255 A EP07822255 A EP 07822255A EP 07822255 A EP07822255 A EP 07822255A EP 2089806 A1 EP2089806 A1 EP 2089806A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- electronic device
- portable electronic
- instruction
- command
- read
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/38—Information transfer, e.g. on bus
- G06F13/42—Bus transfer protocol, e.g. handshake; Synchronisation
- G06F13/4282—Bus transfer protocol, e.g. handshake; Synchronisation on a serial bus, e.g. I2C bus, SPI bus
- G06F13/4291—Bus transfer protocol, e.g. handshake; Synchronisation on a serial bus, e.g. I2C bus, SPI bus using a clocked protocol
Definitions
- the invention relates to the handover of instructions to a microcircuit card, by means of a generic program of management of removable data storage unit belonging to the category of "drivers” or “drivers” systematically associated with the systems of operation of microprocessor-based electronic equipment such as personal computers, digital cameras, camcorders, digital music players, mobile phones, etc.
- These generic drivers for management of removable data storage units such as, for example, the drivers adapted to the communication protocol of the "USB mass storage device class" type, use specific transaction protocols between the host station and the removable storage unit. data with a limited set of commands.
- a removable data storage unit consisting of an MMC card communicates with a host station by a limited set of standard commands for managing its memory space, including read and write commands. data writing.
- each read / write command at physical addresses subject to read / write restriction must be followed by a single password for a read command or data header to be entered for a write command
- the password associated with a read / write command on a memory space or a file with a restriction read / write must match the saved password for the command to execute.
- the placing of a command presence signal or a password via the data to be entered in the removable data storage device has the disadvantage of making possible a fortuitous reproduction of a control signal or a password by the ordinary data to register that can lead the microcontroller of the removable device to a misinterpretation of writing data as commands or a password.
- the present invention aims to overcome the aforementioned drawback.
- It relates to a method for issuing instructions between a microprocessor host station and a portable electronic device connected by a data transmission, by means of a transaction initiated by a read / write command of data packets, generated by within the host station, by a removable data storage unit management program and transmitted to the portable electronic device in the form of a binary code comprising an index defining the type of read / write command concerned and an argument containing one or more parameters specifying the manner of applying to the portable electronic device, the type of read / write command defined in the index.
- This method is remarkable in that an instruction is signaled to the portable electronic device by means of an instruction presence parameter placed in the argument of a read / write command.
- an instruction is passed to the portable electronic device via a data packet writing command whose argument contains an instruction presence parameter defining the instruction.
- an instruction is passed to the portable electronic device via a write command of data packets whose argument contains an instruction presence parameter signaling an instruction in the data packets to be written.
- an instruction is passed to the portable electronic device via a data packet writing command whose argument contains an instruction presence parameter signaling a command script containing a sequence of instructions, in which the data packets to write.
- the instruction presence parameter points, in the portable electronic device, a pre-existing file address.
- the data resulting from the execution of an instruction by the portable electronic device are placed in memory locations of the portable electronic device that can be consulted by means of an instruction passed to the portable electronic device by means of the argument of a command to read data packets.
- the data resulting from the execution of an instruction by the portable electronic device are placed in volatile memory locations of the portable electronic device that can be consulted by means of an instruction transmitted by the host station to the portable electronic device via the argument of a command to read data packets.
- the instructions are of APDU type (acronym for the English expression "Application Protocol Data Unit"), defined by the ISO 7816 standard.
- the instructions are requests transmitted to the portable electronic device via commands. for writing packets of data and responses of the portable electronic device searchable through packet read commands, requests and response being in accordance with an internet protocol.
- the requests transmitted to the portable electronic device through Data packet write commands and portable electronic device responses that are searchable through packet read commands conform to the http protocol. It also relates to a portable electronic device for implementing the above method equipped with an USB standard input-output port.
- the portable electronic device is a microcircuit card.
- the portable electronic device is an electronic key.
- the removable data storage unit management program complies with the MMC specification.
- FIG. 1 is a block diagram of a removable portable electronic device connectable to a microprocessor host station
- FIG. 2 is a diagram illustrating the composition of a binary word defining a write command according to the MMC transaction protocol
- FIG. 3 is a diagram illustrating a data reading transaction in accordance with the MMC transaction protocol
- FIG. 4 is a diagram illustrating a possible mode of operation for the microcontroller of a portable electronic equipment implementing the method according to the invention.
- FIG. 1 shows the block diagram of a removable portable electronic device such as a microcircuit card 1 designed both for storing data and for controlling the execution of a banking or other transaction by a system computer equipped with a suitable communication terminal called "microcircuit card reader" which constitutes a host station.
- This microcircuit card 1 comprises a flash memory 10, a management microcontroller 11 provided with a volatile RAM 12 working memory and a ROM 13 non-volatile program memory and an input / output port 14 connected by a bus. internal to the management microcontroller 1 1.
- the input-output port 14 of the microcircuit card 1 can be placed in communication with an input-output port of a host station.
- SDC Serial Digital Memory Card
- USB port an RS
- the transaction protocol MMC is more particularly oriented towards the management of a removable data storage unit having a memory space which appears to the host station as a volume organized in sectors or blocks of the same capacity and which is managed by the generic driver. of a host station by means of logical block addresses to which the management microcontroller 1 1 of the removable unit matches physical block addresses.
- FIG. 2 illustrates the composition of the frame 2 of a binary word encoding a control of the MMC transaction protocol. This one consists of 6 bytes enclosing successively:
- a 4-byte argument field 23 containing a control parameter such as a read / write start block logical address or the number of blocks affected by the subsequent read / write operations, an error correction code of 7 bits and, a bit of end 25 always at the value 1.
- a command is followed by a period of inactivity corresponding to a response time given to the microcircuit card 1.
- the latter acknowledges receipt of an order by a response or acknowledgment of 1 to 2 bytes indicating conditions for error.
- the data to be exchanged when there is, are issued in the form of data packets.
- Figure 3 illustrates the progress of a read transaction of a block.
- the generic program for managing the removable unit of the host station sends the microcircuit card 1 on the line D1 a read command 5 of one or more blocks identified by its index, with the logical address of the first block to read in his argument.
- the microcircuit card 1 responds on the line DO by an acknowledgment 6 and then by making available to the packet 7 data read in the block whose logical address corresponds to that in the argument of the read command.
- the microcircuit card responds with an acknowledgment followed subsequently by the data packets read in the different blocks.
- a write command proceeds in the same way, except that the data packets sent by the host station are on line D1.
- a portion of the addressing capacity of the argument field 21 reading or writing commands is reserved for an instruction presence parameter. This is then interpreted by the microcircuit card 1 as an order to inhibit the execution of the read or write command received, instruction search in the command argument and / or in the one or more data packets to write according to a write command, and execution of the found instruction.
- the instruction presence parameter may identify an instruction alone or signify the presence of an instruction in the data packet (s) of a write command.
- the instruction presence parameter can point, in a write command, a pre-existing file address because its detection by the microcontroller 1 1 of the microcircuit card 1 inhibits the execution of the write command to replace it by an instruction search followed by the execution of the found statement.
- FIG. 4 is an operating diagram illustrating a way of operating for the microcontroller 1 1 of the microcircuit card 1.
- the microcontroller 1 1 of the microcircuit card 1 is initialized and sets, at 31, waiting for a command according to the MMC protocol from the station host.
- the microcircuit card receives a command conforming to the MMC protocol from the host station, its microcontroller 11 detects it and analyzes its argument at 32 to look for an instruction presence parameter.
- the microcontroller 11 When the microcontroller 11 does not find an instruction presence parameter in the command, it examines at 33 whether the argument of the command is compatible with the type of command announced in the index field. If there is compatibility, it executes at 34 the command that interests the management of the flash memory 10 and waits for a new command. If there is no compatibility, it issues an error signaling by the acknowledgment message and waits for a new command.
- the microcontroller locates an instruction presence parameter in the command's argument, it interprets it to locate the instruction, either in the argument of the command where the parameter appears, or in data to be written and analyzed. in 36 the instruction to recognize if it corresponds to a request to execute a treatment. If the instruction corresponds to a request for execution of a processing, it executes at 37 the requested processing, places, if necessary, the result obtained in its volatile memory 12 to allow its consultation by a subsequent instruction of the host station and is waiting for a new command.
- the instruction does not correspond to a request to execute a processing, it looks at 38, if it corresponds to a request to report the execution of an earlier instruction. If this is the case, it sends 39 to the host station, its report it has possibly temporarily placed in its RAM 12 and is waiting for a new command. The sending is preferably done by the data packet or packets expected in response to a read command transmitting by its argument the report request instruction.
- the microcontroller sends at 40, an error signaling by the acknowledgment message and goes into action. waiting for a new order.
- a report request statement can be passed as an argument of a read command.
- the report is sent back by the microcircuit card in the following packet of read data.
- the report request instruction can also be passed by an instruction presence parameter placed in the argument of a write command, and the report returned by the acknowledgment message following the order. It is possible to subject, condition, the execution of an instruction by the microcircuit card, using a flag value associated with the instruction, indicating the satisfaction or not of the condition.
- the execution by the microcircuit card 1 of a request from the host station that reaches it by an instruction may be conditioned upon the prior reception by the microcircuit card 1, a consultation instruction of execution results placed in the volatile memory 12 of the microcircuit card 1.
- an instruction of the host station to the microcircuit card 1 is accompanied by parameters, it is preferably transmitted with its parameters by the data packets of a write command whose argument contains a presence parameter instruction. It can also be transmitted by the argument of the write command, its parameters when they exist, being transmitted in the data packets to be written. An instruction can also be stored in the microcircuit card, the instruction presence parameter is then used to locate it in the microcircuit card.
- An instruction may be in accordance with the "Application Protocol Data Unit” (APDU) transaction protocol defined in ISO 7816, as well as the response resulting from the execution of the instruction by the card. with microcircuit 1.
- APDU Application Protocol Data Unit
- microcircuit card 1 When it is a request for the provision of a setpoint, it is passed through the host station to the microcircuit card 1, preferably via a packet read command data whose argument points to the address of a memory location reserved for the setpoint communication from the portable electronic device.
- requests from the host station transmitted to the microcircuit card 1 preferably, by commands for writing data packets and the responses of the microcircuit card 1 searchable by the host station by means of read commands data packets may comply with the Internet protocol http 1 .0 (acronym for the expression "HyperText Transfer Protocol") or the internet protocol FTP (acronym for the English expression: "File Transfer Protocol”) .
- An instruction may be a command script, for example conforming to the Java® specification, placed in the data packet (s) following a write command whose argument contains an instruction presence parameter warning of the presence of instructions in the data packet (s) to be written. Many variants are possible.
- the microcircuit card can be mounted in a USB key managed by a host station according to a SCSI transaction protocol (acronym for the English expression “Small Computer System Interface”) such as the SBC-2 acronym for the expression in English: "SCSI Blocks Command”) which presents a limited set of commands including commands read / write blocks of a data storage memory space, coded by a binary word comprising an index field identifying the type of command read / write, and an argument field containing parameters such as a read or write start block logical address.
- SCSI transaction protocol (acronym for the English expression "Small Computer System Interface”) such as the SBC-2 acronym for the expression in English: "SCSI Blocks Command”) which presents a limited set of commands including commands read / write blocks of a data storage memory space, coded by a binary word comprising an index field identifying the type of command read / write, and an argument field containing parameters such as a read or write start block logical address.
- a processing execution instruction can be passed to a microcircuit card by means of a simultaneous writing and verification command ("write and verify” in English) of the SCSI protocol, the "Expected initial flag logical block reference tag "in the argument of this command that can be used in addition to the instruction presence parameter using the location of the logical block address (" logical block address ”) to mean the presence of instructions in the data packet or packets to be written.
- a report request instruction may be passed by means of a read command (“read” in English) including the instruction presence parameter at the location of the argument reserved for the message. logical block address.
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0609673A FR2908195B1 (fr) | 2006-11-06 | 2006-11-06 | Procede de passation d'instructions entre une station hote et un dispositif electronique portable, et dispositif de mise en oeuvre |
PCT/EP2007/061938 WO2008055902A1 (fr) | 2006-11-06 | 2007-11-06 | Procede de passation d'instructions entre une station hote et un dispositif electronique portable, et dispositif de mise en oeuvre |
Publications (1)
Publication Number | Publication Date |
---|---|
EP2089806A1 true EP2089806A1 (fr) | 2009-08-19 |
Family
ID=38110466
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP07822255A Ceased EP2089806A1 (fr) | 2006-11-06 | 2007-11-06 | Procede de passation d'instructions entre une station hote et un dispositif electronique portable, et dispositif de mise en oeuvre |
Country Status (5)
Country | Link |
---|---|
US (1) | US8327036B2 (fr) |
EP (1) | EP2089806A1 (fr) |
CA (1) | CA2702373C (fr) |
FR (1) | FR2908195B1 (fr) |
WO (1) | WO2008055902A1 (fr) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8856292B2 (en) * | 2009-10-27 | 2014-10-07 | Cisco Technology, Inc. | Managing command compliance in internetworking devices |
CN102053917B (zh) * | 2010-12-29 | 2013-04-24 | 北京握奇数据系统有限公司 | 一种降低内存占用的智能卡及其处理指令的方法 |
US10888119B2 (en) * | 2014-07-10 | 2021-01-12 | Rai Strategic Holdings, Inc. | System and related methods, apparatuses, and computer program products for controlling operation of a device based on a read request |
KR102395190B1 (ko) | 2017-07-31 | 2022-05-06 | 삼성전자주식회사 | 호스트와 인터페이스를 수행하는 스토리지 장치, 호스트 및 스토리지 장치의 동작방법 |
US11853610B2 (en) * | 2021-02-16 | 2023-12-26 | iodyne, LLC | Pass-through command queues for unmodified storage drivers |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050086421A1 (en) * | 2003-10-17 | 2005-04-21 | Sami Nassar | Method and apparatus for smart memory pass-through communication |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001147850A (ja) * | 1999-11-19 | 2001-05-29 | Seiko Epson Corp | コンピューターシステム |
JP2002236767A (ja) * | 2001-02-07 | 2002-08-23 | Sony Corp | 情報処理装置および方法、プログラム格納媒体、並びにプログラム |
JP3641230B2 (ja) * | 2001-10-22 | 2005-04-20 | 株式会社東芝 | メモリカードを制御するための装置および方法 |
CN1260642C (zh) * | 2002-11-18 | 2006-06-21 | 深圳市朗科科技有限公司 | 一种向移动存储装置发送命令和数据的方法 |
US7305535B2 (en) * | 2003-04-17 | 2007-12-04 | Sandisk Corporation | Memory cards including a standard security function |
US7427027B2 (en) * | 2004-07-28 | 2008-09-23 | Sandisk Corporation | Optimized non-volatile storage systems |
US7899986B2 (en) * | 2004-11-10 | 2011-03-01 | Nokia Corporation | Method and system for controlling a hard disk drive using a multimediacard physical interface |
JP4735100B2 (ja) * | 2005-03-08 | 2011-07-27 | ソニー株式会社 | 複合型記憶装置、データ処理方法及びプログラム |
US8078788B2 (en) * | 2005-12-08 | 2011-12-13 | Sandisk Technologies Inc. | Media card command pass through methods |
US7739487B2 (en) * | 2006-01-17 | 2010-06-15 | Nokia Corporation | Method for booting a host device from an MMC/SD device, a host device bootable from an MMC/SD device and an MMC/SD device method a host device may booted from |
-
2006
- 2006-11-06 FR FR0609673A patent/FR2908195B1/fr active Active
-
2007
- 2007-11-06 CA CA2702373A patent/CA2702373C/fr active Active
- 2007-11-06 US US12/513,404 patent/US8327036B2/en active Active
- 2007-11-06 EP EP07822255A patent/EP2089806A1/fr not_active Ceased
- 2007-11-06 WO PCT/EP2007/061938 patent/WO2008055902A1/fr active Application Filing
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050086421A1 (en) * | 2003-10-17 | 2005-04-21 | Sami Nassar | Method and apparatus for smart memory pass-through communication |
Also Published As
Publication number | Publication date |
---|---|
CA2702373A1 (fr) | 2008-05-15 |
US8327036B2 (en) | 2012-12-04 |
US20100070655A1 (en) | 2010-03-18 |
WO2008055902A1 (fr) | 2008-05-15 |
FR2908195B1 (fr) | 2009-02-06 |
CA2702373C (fr) | 2017-05-23 |
FR2908195A1 (fr) | 2008-05-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN1229705C (zh) | 基于生物统计的装置和系统以及相关的安全系统 | |
US8887295B2 (en) | Method and system for enabling enterprises to use detachable memory devices that contain data and executable files in controlled and secure way | |
WO2015188788A1 (fr) | Procédé et appareil de protection de sécurité de paiement par terminal mobile, et terminal mobile | |
US20140359285A1 (en) | Method and system for transferring data instructions through a host file system | |
EP2089806A1 (fr) | Procede de passation d'instructions entre une station hote et un dispositif electronique portable, et dispositif de mise en oeuvre | |
CN111756750B (zh) | 安全访问方法、装置、设备及存储介质 | |
EP1573466A1 (fr) | Procede pour ameliorer l'integrite et la securite de donnees dans un systeme base sur un processeur | |
EP0681242B1 (fr) | Procédé de sécurisation des accès aux cartes amovibles pour ordinateur | |
CN110688657A (zh) | 一种u盘病毒隔离器及其工作方法 | |
US7437563B2 (en) | Software integrity test | |
EP1958418B1 (fr) | Entite electronique portable destinee a etablir une communication voix sur ip securisee | |
CN108600259B (zh) | 设备的认证和绑定方法及计算机存储介质、服务器 | |
CN113141332B (zh) | 一种命令注入识别方法、系统、设备及计算机存储介质 | |
CN112953957B (zh) | 一种入侵防御方法、系统及相关设备 | |
EP2048576B2 (fr) | Procédé de mise à jour sécurisée d'un programme à lancement automatique et entité électronique portable le mettant en oeuvre | |
FR2876644A1 (fr) | Adaptateur pour une modification ulterieure des donnees de logiciels d'un dispositif de commande | |
CN108491745B (zh) | 数据采集方法及装置、计算机可读存储介质 | |
CN114117511A (zh) | 数据脱敏方法、数据脱敏装置以及存储设备 | |
WO2009138641A1 (fr) | Procede d'utilisation d'un terminal hote par un dispositif externe connecte au terminal | |
WO2014106464A1 (fr) | Carte à mémoire flash ainsi que dispositif et procédé permettant d'accéder à une carte à mémoire flash | |
CN113852638B (zh) | 一种攻击检测方法、装置、设备及存储介质 | |
CN111327683B (zh) | 加密信息提取方法、装置、计算机设备及可读存储介质 | |
CN112040248B (zh) | 视频压缩方法、系统、终端设备及存储介质 | |
CN110941835B (zh) | 数据处理方法及电子设备 | |
CN116244728A (zh) | 一种应用程序传输数据的检测方法及装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20090428 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC MT NL PL PT RO SE SI SK TR |
|
17Q | First examination report despatched |
Effective date: 20090831 |
|
DAX | Request for extension of the european patent (deleted) | ||
APBK | Appeal reference recorded |
Free format text: ORIGINAL CODE: EPIDOSNREFNE |
|
APBN | Date of receipt of notice of appeal recorded |
Free format text: ORIGINAL CODE: EPIDOSNNOA2E |
|
APBR | Date of receipt of statement of grounds of appeal recorded |
Free format text: ORIGINAL CODE: EPIDOSNNOA3E |
|
APAF | Appeal reference modified |
Free format text: ORIGINAL CODE: EPIDOSCREFNE |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: OBERTHUR TECHNOLOGIES |
|
APAF | Appeal reference modified |
Free format text: ORIGINAL CODE: EPIDOSCREFNE |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: GC Effective date: 20140115 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R003 |
|
APBT | Appeal procedure closed |
Free format text: ORIGINAL CODE: EPIDOSNNOA9E |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED |
|
18R | Application refused |
Effective date: 20180222 |