Electrical computers and digital processing systems: multicomput – Master/slave computer controlling
Reexamination Certificate
2000-03-20
2002-05-07
Dinh, Dung C. (Department: 2153)
Electrical computers and digital processing systems: multicomput
Master/slave computer controlling
C709S227000, C709S230000, C707S793000
Reexamination Certificate
active
06385645
ABSTRACT:
The invention relates to a data exchange system comprising multiple data processing units of which some, which are portable establish a temporary communication link and of which others, which are not mobile may have a permanent communication link. The processing units comprise data communication means, processing means and memory means, the later comprising an executive program.
DESCRIPTION OF THE RELATED ART
Such a system is known from the international patent application WO-A-87/07063 in which a system for a portable data carrier having multiple application files is described. One of the most important applications of such a portable data carrier is a smart card suitable for multiple applications. The known data carrier is described as a carrier of hierarchically structured data with security features to support multiple applications on the same data carrier. Applications are seen as sets of data. The patent application describes an implementation of an hierarchical file system on a data carrier to store alterable data in combination with an hierarchic set of access permissions. The data carrier responds to a set of common commands. File access permissions are distinct for different operations and granted in dependence on password verification. A password verification attempt counter is introduced as well as the provision of destruction of stored data as sanction against too many attempts of access. The known data carrier is presented primarily as a storage device and not as a processor. Only very simple functions may be performed by the executive program such as binary logic operation. It is not possible to allow the performance of an unspecified set of operations on request of a terminal communicating with the data carrier. The only security option is the introduction of password verification. No other access condition verifications are possible within the known system. Besides, each application of the data carrier has its own file within the memory means of the data carrier. No special measures are taken to enhance the efficiency of the available memory space which, especially on smart cards, is very restrictive and therefore sets limits to the number of possible applications.
EP-A-0,479,655 relates to the implementation of access condition checks in smart cards. One specification technique for that is disclosed, however, it is desirable to provide for measures to include the possibility of other access condition verifications.
EP-A-0,361,491 relates to a chip card programming system to allow protected (re)programming of cards. It describes the use of write-once-access conditions to control access of parts of the programmable memory to be programmed. In this way the number of applications on a single card can be extended. Verification of the access conditions with a variety of techniques including cryptographic protocols is described.
EP-A-0,292,248 relates to loading of applications on a smart card using an unalterable operating system program. It includes the implementation of a data access condition enforcement method using memory zones with assigned access attributes. Specific access conditions are “write-once” (which is only described implicitly) and “execute-only”.
U.S. Pat. No. 4,874,935 relates to card programming using a data dictionary where the data dictionary describes the layout of data elements stored in the card's memory. Data dictionaries are commonly understood to differ from directories in that they not only describe data actually stored, but also data which will be stored later. In addition, data dictionaries usually include a description of the data format. In compiled format data dictionaries are used in database management systems where they are stored on the hard disc as part of the database. They are also found in the object load files resulting from program compilation in software development environments. However, the patent does not claim a representation of data dictionaries particularly suited for smart cards.
EP 0 466 969 A1 relates to providing functions in the smart card executive program to support the correct conduction of a sequence of messages between smart card and terminal by reserving part of the memory of the card as storage of state information and providing specific means to implement a state engine controlling state transitions. Such state information being crucial in determining actions to perform on reception of messages. State engines accepting a variable sequence of messages are well known from computer language compiler design and computational complexity theory. The patent does not address the possibility to implement varied sets of possible actions specific to a number of possible applications which may reside simultaneously in the smart card.
SUMMARY OF THE INVENTION
The main objective of the present invention is to present means to formally, precisely and uniquely describe a system consisting of trusted processing units in the way these processing units will behave when engaged in communication amongst themselves where such communication is intended to transfer value or other trusted information. Such comprehensive descriptions of the possible modes of communication between the data processing units being applicable both to the system as a whole and the detailed operations of the individual processing devices. Such formal description providing the basis for formal reasoning in the verification of correctness of implementations, which will be required for acceptance of systems intended for world wide deployment.
A further object of the present invention is to present means to cope optimally with the restrictions imposed by limited physical dimensions of available memory space on portable data processing units, especially smart cards.
A further object of the present invention is to offer a more general mechanism of protected loading of program codes and to allow such a loading for multiple programs each for one application of each portable data processing unit.
Moreover, the present invention is directed to the provision of the use of access condition verifications not prescribed by the manufacturer of the portable processing unit but chosen by the application designer to suit his particular needs.
Further more the present invention is directed to provide a mechanism to protect the communication between processing units such that the content and orderly sequence can not be disrupted by any intervening or mediating devices.
Therefore the system according to the invention is characterized in that the memory means of the totality of the processing units further comprises descriptions of the possible modes of communication between the data processing units as “interaction contexts” which contain descriptive data structured in accordance with the following data structure:
a. a set of basic distinct communication primitives which are accepted whenever one of the data processing unit communicates with one or more of the other units;
b. a set of procedural descriptions defining the actions to be performed in response to the accepted communication primitives;
c. a set of data elements either permanently stored or computed, which are available for use when the procedures as defined in the procedural descriptions are performed;
d. a set of references to data elements which references are associated to the procedural descriptions, said data elements are accessible to possibly further interaction contexts and are available for use when procedures as defined the procedural descriptions are performed;
e. a, possibly empty, data list comprising a possibly ordered set of references to data elements which are available for explicit reference as part of a communication primitive to be used by the procedural descriptions associated with the communication primitives;
f. a set of access conditions associated to the data elements which are consulted in association to the data elements which are referenced in association to the procedural descriptions;
g. a set of access conditions associated to the list of data references in the data list.
Belle Gate Investments B.V.
Dinh Dung C.
Finnegan Henderson Farabow Garrett & Dunner L.L.P.
LandOfFree
Data exchange system comprising portable data processing units does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Data exchange system comprising portable data processing units, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Data exchange system comprising portable data processing units will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2833597