The present invention relates to a data transmission system and to a method for operating a data transmission system.
Data transmission systems, particularly transmission systems using “contactless chip cards”, allow data interchange between a data storage medium and a usually stationary read/write unit with the aim of identifying the cardholder, for example, for making a cashless payment or the like.
One of the fundamental advantages of such a data transmission system is the wide variety of use options for the cardholder. The memory means integrated in the data storage medium allow particular applications to be stored, which can include a plurality of functions or parameters, for example for checking security. The memory of a data storage medium is split, on the basis of the prior art, into sectors constructed from individual rows. The number of rows is chosen on the basis of the size of the application. To protect highly sensitive data, the memory of the data storage medium stores a plurality of keys which are associated with a sector, belonging to an application, and which provide authorization only for reading, for reading and writing data or for debiting or for crediting and debiting values, for example.
To access the executable applications stored on the data storage medium, the data transmission system normally has knowledge of statically stipulated start addresses for the sector associated with the individual application so that each application has an associated firm start address within the memory. However, if a specific application area of the data storage medium has no provision for execution of an application, the data segment or the sector provided for this application remains unused. Hence, although the memory space is not occupied by data, it is not possible to allocate it to a further application, since it needs to remain in a reserved status. Another drawback is the use of a table which is stored in the memory and which associates start addresses for the sectors with identification numbers for the applications. To ensure that the identification numbers are determinate, they need to have a particular number of bits. In addition, the result of looking for a start address for an application is that the entire table needs to be searched, which disadvantageously increases the data processing time.
It is therefore an object of the invention to configure a data processing system such that the data processing time is significantly shortened and the utilization of the memory is optimized. Another object is to specify a method for operating a data processing system for this.
The above object is achieved by a data transmission system according to the present invention. The data transmission system is configured to execute applications which are independent of one another and which are reciprocally protected by secret keys.
The data transmission system includes a data storage medium that has a segmented memory that stores an application directory that has an attribute for identifying an application area of the data storage medium and has a logical application number which is associated with an executable application and which is determinately specified by the attribute. The logical application number is used as an index within the application directory.
The data transmission system further includes a read/write unit that stores the attribute and the logical application number of the application. The read/write unit is configured to execute the application by using the logical application number in the application directory for indexing and finding a start address for a sector of the memory which stores the executable application.
Further aspects and features of the exemplary in-situ vision gauge disclosed herein can be appreciated from the appended Figures and accompanying written description.
The invention is explained in more detail below using exemplary embodiments with reference to the figures. Identical or corresponding elements in different figures have been provided with the same reference symbols.
a to 4c show a detailed illustration of the memory's memory organization shown in
According to one aspect of the present invention, a data transmission system is configured such that a memory associated therewith stores an application directory that has an attribute for identifying an application area of the data storage medium and has a logical application number associated with an executable application. The logical application number is used as an index within the application directory. The system further includes a read/write unit that has knowledge of the attribute and the logical application number of the application, and the read/write unit is configured to execute the application by using the logical application number in the application directory for indexing and finding a start address for a sector of the memory which stores the executable application.
The present invention further achieves the above object for the method in that the read/write unit in the present data transmission system evaluates the attribute, prior to execution of the application, in order to establish whether the application area associated with the data storage medium has provision for execution of the application. If the result of the evaluation is positive, the system uses a logical application number, corresponding to the executable application, in the application directory as an index in order to read a start address for a sector of the memory which stores the executable application.
The application directory includes a table of start addresses for sectors which can have an associated application. In order to access an application, the exact table entry in the application directory can be read immediately on the basis of the logical application number known to the read/write unit without reading the entire directory. In the next step, the application's associated sector's start address associated with the logical application number is used in order to execute the application.
In one advantageous embodiment, the start address of the application is encoded in a sector by the respective memory position of the logical application number within the application directory. The arrangement of the applications within the memory or the association with a sector can therefore be handled independently and entirely flexibly.
Advantageously, by way of example, an application A with a logical application number “1” can be erased at any time, so that the memory space or this sector A1 which has become free is available for a programmable new application B. By way of example, the data transmission system knows the logical application number “2” for the new application B, said application number being written to the memory position for the logical application number “2” in the application directory. Independently of this, the application B can be allocated the former start address of the sector A1. In addition, the entry of the logical application number “1” is used to indicate that the application A is now no longer in the memory of the data storage medium.
The attribute for identifying the application area of the data storage medium is advantageously used to establish whether the present data storage medium associated with an application area has provision for execution of a particular application. The attribute occupies the first bits of the application directory and is able to be divided into two parts, with one part, for example, the less significant bits, being used to specify the data storage medium and a further part, for example, the more significant bits, being used to indicate the application area. Admissible executable applications are freely definable for each application area.
It is particularly advantageous that the logical application number has not only an associated start address for the sector but also an associated key number. The read/write unit reads the key number for the sector protected by a key against unauthorized access and accesses a table which is stored in the memory of the read/write unit and in which the key number has an associated physical memory address in the memory in the data storage medium for the key required for accessing the sector.
In another advantageous embodiment, the number of executable applications is limited by the number of logical application numbers shown in the application directory. Specific logical application numbers known to the data transmission system can be used to indicate start addresses for the next available sector for programming a new application or currently unused sectors but ones which were formerly already associated with an application or to refer to a further application directory stored in the data storage medium. This further application directory allows access to further sectors and hence execution of further applications.
Now referring to the Figures,
Within the data transmission system, it is necessary to set global default parameters which are known to the users, that is to say known to the read/write unit and to the data storage medium. The default parameters allow appropriate use of the system. By way of example, the following conventions can be agreed:
maximum number of sectors which can be used for applications,
number of keys per sector,
start address of the memory area or of the sector at which the application directory is stored,
a stipulated maximum size for the application directory, and
protection of the application directory by means of encryption.
A maximum number of useable sectors simultaneously implies a maximum number of keys which can be used for this data storage medium. In small-sized memories, the number of required keys per sector can be reduced to the number 1.
In the application directory, the logical application numbers therefore have associated start addresses for sectors, that is to say a start address is stored as an entry in the application directory, with the logical application number being used as an index within the application directory, and the memory position of the entry corresponding to the logical application number and encoding it in this way.
To execute an application associated with the sectors, the read/write unit reads the attribute in field 1 and verifies whether the data storage medium has an associated application area which has provision for execution of the desired application. If the result is positive, that is to say that the application can be executed and/or is stored in the memory of the data storage medium, the read/write unit uses a logical application number, corresponding to the executable application, in the application directory as an index in order to read a start address for a sector of the memory which stores the executable application. If the read/write unit indexes the logical application number “1” in field 2, for example, the encoding of the start address of the sector in which the application starts means that the memory position in field 2 refers directly to the start address. In addition, the key number associated with the logical application number is evaluated. To this end, a table which is described in
a to 4c show a detailed illustration of the memory organization of the memory 1 which is shown in
In
In
The data transmission system according to one of the embodiments of the present invention allows flexible use of a memory integrated in a data storage medium, since memory areas can be assigned to new applications at any time. The data processing time is significantly shortened, since access to the applications is effected very quickly.
It will be appreciated by persons skilled in the art that the present invention is not limited to the embodiments described thus far with reference to the accompanying drawings; rather the present invention is limited only by the following claims
Number | Date | Country | Kind |
---|---|---|---|
103 39 212.2 | Aug 2003 | DE | national |
The present application is a continuation of International Patent Application Serial No. PCT/DE2004/001880, filed Aug. 25, 2004, published in the German language, which claims priority to German Patent Application Serial No. 10339212.2, filed Aug. 26, 2003, both of which are hereby expressly incorporated by reference in their entireties.
Number | Date | Country | |
---|---|---|---|
Parent | PCT/DE04/01880 | Aug 2004 | US |
Child | 11364819 | Feb 2006 | US |