EP1741029A2 - Gestion d'une systeme de fichiers dans un support de donnees portable - Google Patents

Gestion d'une systeme de fichiers dans un support de donnees portable

Info

Publication number
EP1741029A2
EP1741029A2 EP05740488A EP05740488A EP1741029A2 EP 1741029 A2 EP1741029 A2 EP 1741029A2 EP 05740488 A EP05740488 A EP 05740488A EP 05740488 A EP05740488 A EP 05740488A EP 1741029 A2 EP1741029 A2 EP 1741029A2
Authority
EP
European Patent Office
Prior art keywords
file system
file
processes
data carrier
visibility information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP05740488A
Other languages
German (de)
English (en)
Inventor
Robert Hockauf
Thorsten Ulbricht
Rudolf Schubert
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Giesecke+Devrient GmbH
Original Assignee
Giesecke+Devrient GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Giesecke+Devrient GmbH filed Critical Giesecke+Devrient GmbH
Publication of EP1741029A2 publication Critical patent/EP1741029A2/fr
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/77Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/176Support for shared access to files; File sharing support
    • G06F16/1767Concurrency control, e.g. optimistic or pessimistic approaches
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6281Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2147Locking files

Definitions

  • the invention relates generally to the technical field of maintaining a file system in a portable data carrier, the data carrier having an operating system that supports concurrent - that is, parallel or quasi-parallel - processes.
  • a portable data carrier in the sense of the present document can be, in particular, a chip card (smart card) in various designs or a chip module or some other resource-limited system.
  • Portable data carriers are being manufactured with more and more storage space and ever greater computing power.
  • An internal research project by Giesecke & Devrient GmbH is currently investigating the extent to which a multitasking operating system can be implemented in a modern, portable data carrier.
  • the implementation of a U ⁇ IX®-like operating system e.g. of the operating system known under the Linux® brand.
  • significant problems arise from the fact that the resource requirements of a typical Linux implementation fully utilize or even exceed the storage and computing capacity of today's portable data carriers. For this reason, the use of resource-saving processes is of crucial importance.
  • a phone book is created by one process and a second process checks whether a phone book is available. If the creation of the phone book fails - e.g. because of a sudden interruption of the energy supply of the data carrier - then the created file must be removed without residue because of the requirement for an atomic execution of the process. If the second process happened to have performed a file query during the brief existence of the file, it could come to the erroneous result that there is a telephone book.
  • US Pat. No. 6,220,510 discloses a chip card which is capable of executing several application programs. Each application program is assigned a static and a dynamic memory area, which are shielded from the other application programs. Tasks can be delegated from a first application program to a second application program via a command / response mechanism; in this connection the commands and responses are written to a public data storage area.
  • the object of the invention is to provide a mechanism for managing a file system in a portable data carrier, by means of which at least some errors in the creation of structures in the file system and / or deletion of structures from the file system can be avoided with little resource expenditure.
  • inconsistencies of the type mentioned above which can occur due to access by concurrent processes to the file system, are to be prevented.
  • the invention is based on the basic idea of managing process-specific visibility information for at least some structures in the file system in order to cause an operation in which a process creates a structure in the file system or deletes it from the file system for the other processes, at least until successful Completion of this process remains hidden.
  • a newly created file will only be visible if the complete process of creating the file - including, if necessary, saving data to the file - has been successfully completed, i.e. if there is no longer any possibility of canceling or failing this process consists. Errors caused by access conflicts can thus be reliably avoided.
  • a particular advantage of the invention is that - with a suitable implementation - only little memory is required for the visibility information. Furthermore, no complex additional operations - for example, making extensive backup copies in a shadow memory or rollback buffer - are required.
  • the visibility information contains, at least for those structures of the file system which are currently being created or for which the deletion process has not yet been completed, an identifier of the process responsible for the creation or deletion process and a mark ifl g) which indicates whether it is a creation or a delete operation.
  • the visibility information can consist of a mark that indicates whether or not a visibility check should be carried out first when an attempt is made to access the structure to which the visibility information is assigned. If a visibility check is to be carried out, an attachment can be provided in these configurations, which indicates the process for which the respective structure is visible or hidden.
  • the visibility information for this structure is set such that the structure is only visible to the generating process. Only after the creation process has been successfully completed - for example after confirmation with a Commii command - are the Visibility information set so that the structure is generally visible. Depending on the type and meaning of the visibility information, this setting can be made, for example, by deleting the visibility information or by setting a process identifier contained in it to an invalid value. If the process is terminated, the structure that was never visible to the other processes is deleted from the file system.
  • the visibility information is initially set such that the structure is hidden from the process requesting the deletion, but remains visible to all other processes. Only when it is certain that the deletion is to be carried out irrevocably will the structure actually be deleted from the file system. If the deletion process is terminated - if the structure also for the person requesting the deletion
  • the process involving the creation or deletion of the structure is an atomic process, which is either carried out completely or is terminated without residue.
  • the termination can be triggered, for example, by an occurring error or power failure or by an abort command.
  • Successful completion requires confirmation by a Co zt command in some embodiments, while in other embodiments the operation is successfully completed if no error occurs.
  • the process can be, for example, an atomic transaction or an atomic process in which initially a file is created and then data is saved in this file.
  • the invention can be used in connection with all structures in the file system that can be created and / or deleted by concurrent processes - these can be processes of the operating system and / or an application program.
  • Such structures can e.g. Files or directories.
  • Refinements are also provided in which only files are viewed as structures in the sense of the invention. This includes configurations in which directories in the file system are designed as a special type of file.
  • the computer program product according to the invention can be a physical medium with stored program instructions, for example a semiconductor memory or a floppy disk or a CD-ROM.
  • the computer program product can also be a non-physical medium, for example a signal transmitted over a computer network.
  • the data carrier and / or the computer program product have features which correspond to the features described above and / or to the features mentioned in the dependent method claims.
  • 1 is a block diagram with functional units of a data carrier according to an embodiment of the invention
  • 2 shows a representation of the access of processes to a file system during the operation of the data carrier from FIG. 1,
  • Fig. 3 is a flowchart of the creation of a file in the disk of Fig. 1, and
  • FIG. 4 shows a flow diagram of the deletion of a file in the data carrier from FIG. 1.
  • the data carrier 10 shown in FIG. 1 has a processor 12, a memory 14 and an interface circuit 16 for contactless or contact-based communication with an external terminal (not shown in FIG. 1) on a single semiconductor chip.
  • the memory 14 is divided in a manner known per se into a plurality of memory fields designed in different technologies - RAM, ROM and EEPROM in the present exemplary embodiment.
  • the memory 14 there is program code which implements an operating system 18.
  • the operating system 18 is a variant of the operating system known under the Linux brand, tailored to use in the data carrier 10.
  • the memory 14 contains at least one application program 20 and a file system 22 which has file and directory structures in a tree-like arrangement.
  • the processes 24x can system processes of the operating system 18 and / or user processes of the application program 20 his.
  • Each of the processes 24x has a unique process identifier PID (process identifier); 2, the process identifiers "1001", "1002" and "1003" are shown by way of example.
  • the operating system 18 controls and coordinates the concurrent flow of the processes 24x.
  • Processes 24x can also access file system 22 via operating system 18. 2 shows two structures 26A, 26B and two files 26C, 26D as structures of the file system 22; these and other structures contained in the file system 22 are referred to in the following as 26x.
  • FIG. 3 shows an exemplary sequence in which the process 24 A - process identifier "1001" - creates a new file in a successful transaction - here the file 26C as an example - and writes data to this file.
  • the vertical arrows in Fig. 3 indicate the timing of the process;
  • the sequence of different states of the file system 22 during the process is illustrated in the column headed “file system”.
  • the file 26C is assigned visibility information 32, which contains the identifier PID of the commanding process - in the present case the identifier "1001" of the process 24A - and a label M (fing).
  • the mark M indicates a visibility mode for the file 26C.
  • the visibility mode "1" used here when creating a file generally means that the process identifier PID contained in the visibility information 32 indicates the process for which the file is to be visible. The file should be hidden for all other processes.
  • a visibility mode "0" would indicate that the process identifier PID contained in the visibility information 32 indicates the - only - process for which the file is to be hidden. This visibility mode "0" is used in connection with the deletion of a file to be described.
  • the file 26C generated after the execution of the command 30 is only visible for the process 24A with the process identifier "1001" and is hidden for all other processes 24B, 24C, .... If such another process 24B, 24C, ... were to request a listing of the structures 26x contained in the file system 22 at the present time, then the file 26C would not be contained therein. Likewise, the other process 24B, 24C, ... would try to get an error message about a non-existent file when trying to access file 26C.
  • process 24A writes data to newly created file 26C.
  • the visibility information 32 remains unchanged changed.
  • the file 26C is therefore still only visible to the process 24A and hidden for all other processes 24B, 24C, ...
  • the process 24A confirms the transaction with a Corarmt command 36
  • the successful completion of the transaction is indicated by the process identifier PID contained in the visibility information 32 being set to an invalid value - e.g. the value "0" - is set.
  • the visibility information 32 is thus invalid overall, which means that there are no longer any restrictions regarding the visibility of the file 26C. All processes 24x can now see the file 26C and have unlimited access to it.
  • the file 26C is deleted from the file system 22. This can take place immediately in response to the abort command or the next time the data carrier 10 is started up or at another suitable point in time. Except for the process 24A executing the transaction, in this case no other process 24B, 24C, ... could at any time have knowledge of the temporarily created file 26C.
  • commands 30 and 34 can be combined into a single command that writes data to a new file to be created.
  • this command - or command 30 shown in FIG. 3 - can implicitly indicate the start of a new transaction, so that command 28 can be omitted.
  • commands 30 and 34 can be combined into a single command that writes data to a new file to be created.
  • this command - or command 30 shown in FIG. 3 - can implicitly indicate the start of a new transaction, so that command 28 can be omitted.
  • a Coraraz ' t command can implicitly indicate the start of a new transaction confirmation by a Coraraz ' t command.
  • FIG. 4 illustrates the course of a process in which an existing file in the file system 22 - here the file 26D as an example - is deleted.
  • the initial state for this process is that the file 26D is contained in the file system 22 and is visible 24x to all processes. This can e.g. are indicated by missing or invalid visibility information 32 - in the present example by an invalid process identifier PID with the value "0".
  • process 24A requests operating system 18 to start a new transaction and delete file 26D.
  • the operating system 18 does not yet delete the file 26D from the file system 22 at this time, but only hides it from the process 24A requesting the deletion.
  • the value "1001" is entered in the visibility information 32 as the process identifier PID of the process 24A requesting the deletion and the value "0" as the visibility mode M; the meaning of this value for the visibility mode M has already been explained above.
  • the file 26D is thus still visible to all other processes 24B, 24C, ...
  • the operating system 18 does not actually initiate the actual deletion of the file 26D from the file system 22 in response to the receipt of a Commz ⁇ command 42 to confirm the transaction. Only at this point in time can the other processes 24B, 24C,.. - Get transaction. If the deletion transaction is not completed successfully, but is canceled, the file 26D remains in the file system 22.
  • the visibility information 32 is then set again - for example by setting the process identifier PID to the invalid value "0" - that the file 26D is available to everyone Processes is visible 24x.
  • Processes other than process 24A issuing delete command 40 - continuously visible.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Mathematical Physics (AREA)
  • Data Mining & Analysis (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

Procédé de gestion d'un système de fichiers (22) dans un support de données portable, procédé dans lequel des informations de visibilité (32), spécifiques du procédé, sont gérées, au moins pour certaines structures (26x) dans le système de fichiers (22), de telle façon qu'une situation durant laquelle un processus (24A) crée une structure (26x) dans le système de fichiers (22) ou la supprime de ce système (22), demeure cachée pour d'autres processus exécutés concurremment, du moins jusqu'à la fin de cette situation. Un support de données portable et un progiciel présentent des caractéristiques correspondantes. L'invention permet qu'au moins certaines séquences erronées qui se présentent lorsqu'on crée des structures (26x) dans un système de fichiers (22) et/ou lorsqu'on supprime ces structures (26x) dudit système (22), soient évitées avec une faible dépense en ressources.
EP05740488A 2004-04-22 2005-04-19 Gestion d'une systeme de fichiers dans un support de donnees portable Ceased EP1741029A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102004019683A DE102004019683A1 (de) 2004-04-22 2004-04-22 Verwalten eines Dateisystems in einem tragbaren Datenträger
PCT/EP2005/004182 WO2005104018A2 (fr) 2004-04-22 2005-04-19 Gestion d'une systeme de fichiers dans un support de donnees portable

Publications (1)

Publication Number Publication Date
EP1741029A2 true EP1741029A2 (fr) 2007-01-10

Family

ID=35160225

Family Applications (1)

Application Number Title Priority Date Filing Date
EP05740488A Ceased EP1741029A2 (fr) 2004-04-22 2005-04-19 Gestion d'une systeme de fichiers dans un support de donnees portable

Country Status (3)

Country Link
EP (1) EP1741029A2 (fr)
DE (1) DE102004019683A1 (fr)
WO (1) WO2005104018A2 (fr)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102008051575A1 (de) 2008-10-14 2010-04-15 Giesecke & Devrient Gmbh Verfahren und Vorrichtung zur Verwaltung eines Datenspeichers
DE102012106405B4 (de) 2012-07-17 2016-06-16 Kirchhoff Automotive Deutschland Gmbh Verfahren zum Herstellen eines umgeformten und zumindest bereichsweise gehärteten Metallblechbauteils sowie Verwendung eines Presshärtwerkzeuges zum Herstellen eines solchen Bauteiles
CN119201152B (zh) * 2024-11-28 2025-03-04 麒麟软件有限公司 一种Linux系统的动态可执行文件管理方法及系统

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5297283A (en) * 1989-06-29 1994-03-22 Digital Equipment Corporation Object transferring system and method in an object based computer operating system

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB9126779D0 (en) * 1991-12-17 1992-02-12 Int Computers Ltd Security mechanism for a computer system
US5878206A (en) * 1997-03-25 1999-03-02 Hewlett-Packard Company Commit scope control in hierarchical information processes
DE19835177A1 (de) * 1998-08-04 2000-02-10 Alcatel Sa Verfahren, Module und Vermittlungsstelle zum Kennzeichnen von Prozessen sowie von deren Daten und Betriebsmitteln
US6484185B1 (en) * 1999-04-05 2002-11-19 Microsoft Corporation Atomic operations on data structures
FR2820847B1 (fr) * 2001-02-12 2003-05-30 Gemplus Card Int Controle d'acces de sujets a des objets notamment dans une carte a microcontroleur

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5297283A (en) * 1989-06-29 1994-03-22 Digital Equipment Corporation Object transferring system and method in an object based computer operating system

Also Published As

Publication number Publication date
DE102004019683A1 (de) 2005-11-17
WO2005104018A2 (fr) 2005-11-03
WO2005104018A3 (fr) 2006-04-20

Similar Documents

Publication Publication Date Title
DE69507940T2 (de) Rechner-verfahren und gerät für asynchrone geordnete operationen
DE3854667T2 (de) Datenbasissystem mit einer Baumstruktur.
DE69802437T2 (de) Feinkörniger übereinstimmungsmechanismus für optimistische parallelsteuerung mit verriegelungsgruppen
DE69126067T2 (de) Verfahren und Gerät zur Verwaltung von Zustandsidentifizierern zur effizienten Wiederherstellung
DE3856055T2 (de) Verfahren und Einrichtung, um gleichzeitigen Zugriff zu indizierten sequentiellen Dateien zu ermöglichen
DE69621841T2 (de) Rechnersicherungssystem mit offenen Dateien
DE69604882T2 (de) Einzeltransaktionsverfahren für ein Dateiensystem mit Logging-Möglichkeit in einem Rechnerbetriebssytem
DE69528339T2 (de) Applikationspezifische Konfliktlösung für schwachkonsistente replizierte Datenbanken
DE69131545T2 (de) Verfahren für den Zugriff auf gemeinsame Daten
DE69112694T2 (de) Verfahren zum Betrieb eines Datenverarbeitungssystems zur Ausführung von Datenbanktransaktionen.
DE69119222T2 (de) Datensicherung und Beseitigung in einem Datenverarbeitungssystem
DE4216871C2 (de) Ausführungsordnen zum Sicherstellen der Serialisierbarkeit verteilter Transaktionen
DE4435751B4 (de) Dateiname- und Verzeichnis- Erfassungsverfahren zur Verwendung mit einem Betriebssystem
DE3788444T2 (de) Verfahren zum Wiederanlauf einer langlaufenden fehlertoleranten Operation in einem transaktionsorientierten Datenbasissystem.
DE60312746T2 (de) Wiederherstellung nach fehlern in datenverarbeitungsanlagen
DE69311952T2 (de) Verfahren und System zur inkrementalen Datensicherung
DE69129678T2 (de) Verfahren und System für eine konsequente Zeitfestlegung in verteilten Rechnerdatenbanken
DE69312781T2 (de) Verfahren und System zum Seitendatei Statusabrufen in einem Nullzeittyp Sicherungskopieprozess
DE69718715T2 (de) Verfahren zur geschichteter Transaktionsverarbeitung
DE69615230T2 (de) Relationales Datenbanksystem und Verfahren mit grosser Verfügbarkeit der Daten bei der Umstrukturierung von Tabellendaten
DE4220198C2 (de) Transaktionsverarbeitungsverfahren für einen digitalen Computer und Transaktionsverarbeitungssystem
EP0929864B1 (fr) Systeme de coordination
DE69505629T2 (de) Verfahren zur Verwaltung von Rückwärts- und Vorwärtslogbüchern eines Transaktionsobjekts
DE60306674T2 (de) Verfahren und systeme zur regelung des zugriffs auf ein datenobjekt mittels sperren
DE112005002402T5 (de) Hybride Hardware-/Software-Implementierung eines Transaktionsspeicherzugriffs

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20061122

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU MC NL PL PT RO SE SI SK TR

DAX Request for extension of the european patent (deleted)
17Q First examination report despatched

Effective date: 20070903

REG Reference to a national code

Ref country code: DE

Ref legal event code: R003

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20120325