EP4217864A1 - Speicherreservierung für häufig verwendete anwendungen in einem eingebetteten sicheren element - Google Patents

Speicherreservierung für häufig verwendete anwendungen in einem eingebetteten sicheren element

Info

Publication number
EP4217864A1
EP4217864A1 EP21770041.8A EP21770041A EP4217864A1 EP 4217864 A1 EP4217864 A1 EP 4217864A1 EP 21770041 A EP21770041 A EP 21770041A EP 4217864 A1 EP4217864 A1 EP 4217864A1
Authority
EP
European Patent Office
Prior art keywords
application
volatile memory
execution
execution data
level operating
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP21770041.8A
Other languages
English (en)
French (fr)
Inventor
Olivier Van Nieuwenhuyze
Amedeo Veneroso
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ST Ericsson Belgium N V
STMicroelectronics SRL
Original Assignee
Proton World International NV
STMicroelectronics SRL
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from FR2009752A external-priority patent/FR3114671B1/fr
Priority claimed from FR2009751A external-priority patent/FR3114670B1/fr
Application filed by Proton World International NV, STMicroelectronics SRL filed Critical Proton World International NV
Publication of EP4217864A1 publication Critical patent/EP4217864A1/de
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • G06F9/4406Loading of operating system
    • G06F9/441Multiboot arrangements, i.e. selecting an operating system to be loaded
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/0223User address space allocation, e.g. contiguous or non contiguous base addressing
    • G06F12/0284Multiple user address space allocation, e.g. using different base addresses
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/52Program synchronisation; Mutual exclusion, e.g. by means of semaphores
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/20Employing a main memory using a specific memory technology
    • G06F2212/205Hybrid memory, e.g. using both volatile and non-volatile memory
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149Restricted operating environment

Definitions

  • the present disclosure generally concerns electronic systems and, more particularly, embedded electronic systems.
  • the present disclosure more particularly concerns the use of memories in an embedded electronic system.
  • An embedded electronic system is a self-contained electronic and software system capable of being embedded in an electronic device and/or electronic equipment.
  • the design issues of an embedded system are frequently due to management constraints of memories internal or external to the embedded system.
  • the system may comprise non-volatile memories, rewritable or not, and volatile memories, each capable of storing data of different types with the constraints and assets specific to each type of memory.
  • the management of these memories generates constraints in terms of data security, particularly when the system is used for different applications.
  • US 2018/0113817 discloses a virtualization-based platform protection technology in which two memories are used for different applications.
  • US 2018/0165008 discloses a memory transaction prioritization technology.
  • US 2015/ 0113257 discloses a system and method for dual OS memory switching, in which an application replaces the other in volatile memory .
  • device firmware saves content of overlapped memory location being used for the first OS in volatile memory to nonvolatile memory and loads contents of second OS to overlapped memory locations in volatile memory .
  • EP 1 524 597 discloses a method for managing threads in a memory-constrained system .
  • An embodiment of a first aspect provides an embedded electronic system comprising :
  • said volatile memory comprises : at least a first portion reserved to execution data of a first application; and at least a second portion intended to store execution data of at least a second application, the execution data of the first application remaining in the volatile memory in case of a deactivation or of a setting to standby of this first application .
  • An embodiment of the first aspect provides a method implemented by an embedded electronic system comprising :
  • said volatile memory comprises : at least a first portion reserved to execution data of a first application; and at least a second portion intended to store execution data of at least a second application, the execution data of the first application remaining in the volatile memory in case of a deactivation or of a setting to standby of this first application .
  • data of execution of one of a plurality of tasks of an application are partly trans ferred, by the low-level operating system, from said volatile memory to a nonvolatile memory when the execution of said task is interrupted by the execution of at least one task of another application .
  • a volatile memory area is allocated to the second application while the second application is not executed, the execution data of this second application being trans ferred into the non-volatile memory i f the available volatile memory si ze is not suf ficient for the execution of a third application .
  • An embodiment of a second aspect provides an embedded electronic system comprising :
  • At least one low-level operating system managing the allocation of volatile memory areas to a plurality of high- level operating systems , each comprising one or a plurality of applications , wherein execution data of one or a plurality of tasks of said first application are partly trans ferred, by the low-level operating system, from said volatile memory to a non-volatile memory when the execution of said task of the first application is interrupted by the execution of at least one task of a second application .
  • An embodiment of the second aspect provides a method implemented in an embedded electronic system comprising :
  • At least one low-level operating system managing the allocation of volatile memory areas to a plurality of high- level operating systems , each comprising one or a plurality of applications , wherein execution data of one or a plurality of tasks of said first application are partly trans ferred, by the low-level operating system, from said volatile memory to an area of a non-volatile memory when the execution of said task of the first application is interrupted by the execution of at least one task of a second application .
  • the applications of a high-level operating system do not have access to the volatile memory areas allocated to the applications of another high-level operating system.
  • a memory management function or unit executed by the low-level operating system forbids the access of the execution data of an application to other applications.
  • the memory management function or unit adapts the size of the first and second portions of the volatile memory according to the needs of the different applications.
  • the execution data of a plurality of applications are simultaneously present in the volatile memory.
  • the non-volatile memory is external to the embedded electronic system.
  • an execution code of an application is transferred to the volatile memory for its execution.
  • the non-volatile memory is internal to the embedded electronic system.
  • an execution code of an applications remains in the non-volatile memory during the execution of a task.
  • a non-volatile memory area allocated to a high- level operating system is seen by the latter as a volatile working memory.
  • the high-level operating systems manage a virtual image of the memories where the volatile and non-volatile memories are one and the same.
  • a main task of an application is allocated a volatile memory area.
  • part of its execution data if transferred into the volatile memory when the application need specifically of the one that are not yet loaded into the volatile memory.
  • An embodiment provides an embedded secure element, configured for the implementation of the described system or method.
  • Figure 1 schematically shows in the form of blocks an embodiment of hardware components of an embedded secure element or embedded electronic system
  • Figure 2 very schematically shows in the form of blocks a software architecture of an embedded electronic system
  • Figure 3 shows views (a) , (b) , and (c) schematically illustrating in the form of blocks the implementation of a method of execution of applications of the embedded electronic system of Figures 1 and 2;
  • Figure 4 shows views (a) , (b) , and (c) schematically illustrating in the form of blocks an implementation mode of a method of execution of applications of the embedded electronic system of Figures 1 and 2;
  • Figure 5 shows views (a) , (b) , and (c) schematically illustrating in the form of blocks the implementation of a method of execution of applications of the embedded electronic system of Figures 1 and 2;
  • Figure 6 shows views (a) , (b) , and (c) schematically illustrating in the form of blocks another implementation mode of a method of execution of applications of the embedded electronic system of Figures 1 and 2.
  • FIG 1 very schematically shows in the form of blocks an embodiment of hardware components HW (Hardware) of an embedded secure element E or embedded electronic system.
  • HW Hardware
  • Element E is made in the form of an electronic circuit comprising, in hardware form:
  • PU digital processing units
  • CPU central processing unit
  • programmable logic circuit etc .
  • PU digital processing units
  • RAM volatile
  • NVM nonvolatile
  • circuit 1 - one or a plurality of data, address, and/or control buses 14 between the different elements internal to circuit 1;
  • circuit 1 - one or a plurality of input/output interfaces 15, (I/O) of wired or wireless communication with the outside of circuit 1;
  • NFC near-field communication circuit 16
  • FCT short distance communication device
  • Bluetooth standard for example using the Bluetooth standard, biometric sensors, etc.
  • Figure 2 schematically shows in the form of blocks a software architecture 100 of an embedded secure element E, or secure embedded electronic system.
  • Software architecture 100 is implemented by the hardware components HW of the secure element E described in Figure 1.
  • Architecture 100 comprises a primary platform 110, generally called virtual primary platform (VPP) comprising the access to the electronic components 111 (HW) of secure element E and comprising one or a plurality of low-level operating systems 113 (LLOS) .
  • VPP virtual primary platform
  • HW electronic components 111
  • LLOS low-level operating systems 113
  • Low-level operating systems 113 are operating systems enabling to ease the communication between one or a plurality of high-level operating systems (HLOS1, HLOS2, HLOS) 124A, 124B (two high-level operating systems in the case illustrated in Figure 1) of secure element E and the components 111 of element E.
  • the low-level operating systems comprise software driving components 111.
  • a low-level operating system 113 is formed of an execution code (or executable code) and of execution data.
  • the execution code contains instructions enabling to execute functions of the program. By definition, the instructions are invariable for a given program, except for an update of the program, which then modifies the instructions.
  • the execution data are used by the execution code to contextualize the execution and perform the desired function.
  • the execution data may be distributed in two categories. So-called “temporary” execution data and so- called “permanent" or "fixed” execution data.
  • the execution code contains instructions of verification of the PIN code while the permanent execution data contain the reference PIN code and the number of remaining tests and the temporary execution data contain the PIN code submitted to the verification.
  • the low-level system manages the memory components of the element, that is, the physical memories, volatile 12 ( Figure 1) and non-volatile (13 (rewritable or not) .
  • High-level operating systems 124A and 124B use virtual images of the memories available for the management of the execution codes and of the execution data. Due to this technique, high-level operating systems do not have a direct access to the management of physical memories, be they volatile or non-volatile. In other words, in the described embodiments, high-level operating systems manage a virtual image of the memories where the volatile and nonvolatile memories are confounded. The management of the physical distribution in the volatile and non-volatile memories is ensured by the low-level operating system (s) .
  • Platform 110 has, according to the described embodiments, particularly the roles of;
  • HW hardware components
  • Low-level operating system 113 uses a memory management function (MMF) 115 to control or manage the access of the high-level operating systems to the physical memories by linking the virtual memories and the physical memories according to the needs and requests of high-level operating systems 124A and 124B . More particularly, low- level operating systems 113 , by using memory management function 115 (MMF) , implement the isolation of high-level operating systems 124A and 124B from one another and manage the access of high-level operating systems 124A, 124B to the di f ferent memories .
  • MMF memory management function
  • low-level operating systems 113 may manage data stored in the memories and more particularly manage the access to these data, especially in the case where a plurality of high-level operating systems are present in secure element E .
  • Low-level operating systems 113 may for example forbid the access to certain data to a high-level operating system .
  • Architecture 100 further comprises applications capable of being implemented by primary platform 110 .
  • Such applications are for example capable of processing control signals originating from communication interfaces , such as for example a bank transaction using a near- field communication device .
  • Each of these applications is implemented by means of fixed data forming the application, for example , instructions , code lines , or permanent data such as user data such as an identi bomb, and of temporary data, execution data, or variable data such as data stacks , temporary cipher keys .
  • the execution data of an application are data used by the application only during its execution and which are not kept once the execution of the application has ended .
  • an application implements one or a plurality of tasks, each task for example being a succession of instructions. The implementation of a task generates execution data. Certain execution data may be used by different tasks of the application while other may only be used by a single task. It is considered that an application may only implement a single task at a time.
  • main task the task which is being executed by the application
  • secondary tasks the other tasks of the application which are not being executed.
  • the execution tasks are for example tasks which have not been implemented yet and which have not enabled to generate execution data, or tasks which have already been implemented but which have been, for example, interrupted (and paused) , and which thus have already enabled to generate execution data.
  • execution data relative to the main task can be distinguished from execution data relative to the secondary tasks.
  • the applications may be of different types, for example, a SIM (Subscriber Identity Module) application, a payment application, an application enabling to validate a public transport ticket, etc.
  • SIM Subscriber Identity Module
  • payment application an application enabling to validate a public transport ticket, etc.
  • an application 121 is capable of being directly implemented by primary platform 110.
  • Application 121 is for example an application enabling to perform payments by communicating with a near-field communication (NFC) device.
  • NFC near-field communication
  • an application 122 is capable of sending control signals to primary platform 110 via one of the high-level operating systems, for example, operating system 124B.
  • This high-level operating system may for example be one of the operating systems of secure element E exchanging control signals with primary platform 110 .
  • the high-level operating system as well as all the applications attached thereto are an application adapted to being implemented by primary platform 110 .
  • an application 123 is adapted to sending commands to primary platform 110 via an execution environment 125 (ENV) and one of the high-level operating systems , for example operating system 124A.
  • the operating environment is for example of Java or JavaCard type .
  • the operating system, as well as all the applications which are attached thereto are an application capable of being implemented by primary platform 110 .
  • the components 111 of secure element E more particularly comprise at least one non-volatile memory and at least one volatile memory .
  • the non-volatile memory is generally used to store fixed data and the execution code of one or a plurality of applications .
  • the volatile memory is generally used to store the execution data of one or a plurality of applications .
  • a protection for example , a protection software and/or a firewall mechanism, enabling to prevent an application from accessing the fixed data and the execution data of another application .
  • This function is , as previously indicated, implemented by a memory management function 115 MME or memory management unit (MMU) .
  • Function 115 enables to link the "virtual" memory known by the application and the physical memories (volatiles and non-volatile ) .
  • the high-level operating systems ( 124A and 124B ) do not "directly" have access to the physical memory management . They use a virtual image of this memory .
  • the management of this virtual image or virtual memory is divided to enable the high-level operating systems ( 124A and 124B ) to manage the execution codes , as well as the fixed data or the execution data according to their nature .
  • the high-level operating systems are indeed those which manage their data and not the low- level operating systems .
  • the low-level operating systems and the memory management function achieve the correspondence between the virtual execution data ( the virtual memory) and their storage in the physical memory .
  • At least one area or portion of the non-volatile memory is used as a working memory .
  • this area of the non-volatile memory operates , as seen from the high-level applications , as a volatile memory, to store temporary data used by the applications during their operation .
  • the non-volati le memory may be internal or external to secure element E ( internal or external to circuit HW) . According to whether the non-volatile memory ( its area used as a working memory by the high-level operating systems ) is internal or external to the secure element , the management of this memory di f fers during the execution of a high-level operating system .
  • the high-level operating system may be directly executed from the memory where the operating system is located ( is loaded) . It is spoken of an " in place” execution (XIP ) .
  • XIP " in place" execution
  • the low-level operating systems then enable to manage the execution of a plurality of high- level operating systems.
  • the instruction portion (the execution code) of the application remains in the nonvolatile memory; the execution data (permanent and temporary) may then be displaced into the working memory (non-volatile memory) .
  • an application may be in at least three different states:
  • an active or state of execution (running) by primary platform 110 an active or state of execution (running) by primary platform 110; a standby state, that is, its execution is interrupted but it can be resumed at any time; and an inactive or deactivated state, that is, its execution cannot be restarted without one or a plurality of previous operations.
  • all or part of the data relative to its main task are stored in the volatile memory of the circuit and are used for the implementation of the application .
  • the data relative to secondary tasks of the application may be stored in the volatile memory or in the working memory (non-volatile ) .
  • certain execution data (permanent or temporary) relative to the main task may be located in the working memory (non-volatile ) and be loaded into the volatile memory when the main task requires it .
  • This management is performed by memory management function 115 .
  • the temporary data are in a working memory assimilated, by the virtual image used by this operating system, to a volatile memory .
  • the execution data of a plurality of di f ferent applications of a plurality of di f ferent high- level operating systems are located at the same time in the volatile memory .
  • each application only has access to its own data and does not have access to the data of the other application ( s ) .
  • the applications are not aware of the presence of data of other applications in the volatile memory .
  • Figures 3 to 6 illustrate di f ferent implementations of applications of secure element E , and more particularly the use of the volatile and non-volatile physical (working) memories .
  • Figure 3 comprises three views ( a ) , (b ) , and ( c ) , each illustrating a phase of an implementation of a method of execution of applications App20 and App21 of the secure element E described in relation with Figures 1 and 2 . These three views more particularly illustrate the use of working memory WM using the non-volatile memory ( Physical NVM) , considered by the applications as a volatile memory, and of the real volatile memory RAM ( Physical RAM) , of secure element E during the execution of applications App20 and App21 .
  • Applications App20 and App21 may be located in a same high-level operating system or in two different high-level operating systems .
  • Application App20 is also deactivated but has never been started. It thus has not generated execution data yet.
  • application App20 is started by secure element E. More particularly, application App20 is started by low-level operating system 113. Application App20 is then running. Execution data, relative to the main task of application App20, are downloaded or loaded into volatile memory RAM.
  • application App20 stores its execution data in volatile memory RAM.
  • application App21 keeps on running, and modifies in volatile memory RAM its execution data relative to its main task and, possibly, to secondary tasks. Data are for this purpose transferred from non-volatile working memory WM to volatile memory RAM.
  • Figure 4 comprises three views (a) , (b) , and (c) , each illustrating applications App30 and App31 of the secure element E described in relation with Figures 1 and 2. These three views more particularly illustrate the use of nonvolatile working memory WM and of a volatile memory RAM of secure element E during the activation of applications App30 and App31.
  • Applications App30 and App31 may be located in a same high-level operating system or in two different high-level operating systems .
  • application App30 is a frequent-use application, or resident application, or implements a frequent-use task, or resident task.
  • the fact of considering an application as being "frequent" is decided, requested, and/or indicated by the high-level operating system which hosts the application.
  • the execution data relative to resident application App30 are stored in a reserved area PRAM30 of volatile memory RAM.
  • the area (or physical address range) PRAM30 of memory RAM is always available to store the execution data of application App30, and the execution data of one or of other applications cannot be stored therein.
  • application App30 is set to standby. Execution data relative to the main task of application App30 are stored in area PRAM30.
  • the main task of application App30 is for example a resident task.
  • Application App31 is then started by secure element E. Execution data, relative to the main task and, possibly, to secondary tasks, of application App31 are downloaded or loaded into an area PRAM31 of volatile memory RAM. Area PRAM31 is distinct from area PRAM30. Application App31 is then running.
  • application App31 stores its execution data in area PRAM31 of volatile memory RAM.
  • An advantage of this embodiment is that a frequent- use application, or resident application, is guaranteed to have space in physical volatile memory PRAM to store its execution data therein.
  • a frequent- use application, or resident application is guaranteed to have space in physical volatile memory PRAM to store its execution data therein.
  • the size of the resident volatile memory requested by a new resident application which should be activated would be greater than the size of physical volatile memory PRAM, its activation would be denied until memory PRAM is freed, or the available size of memory PRAM is sufficient, or the size of the so- called resident memory requested by the application to be activated is compatible with the available size of memory PRAM. This case may occur if a plurality of resident applications is activated.
  • both applications are running in a secure environment (both are executed by the secure element -
  • data may be copied into an external non-volatile memory for the application that are not executed, but the execution is always inside the secure element) .
  • application App30 which is considered as frequently used or resident benefits from an allocated or reserved area in volatile memory.
  • an application here App30
  • an application which is considered as a priority application, can claim the fact not to be unloaded from the physical volatile memory and that its execution data ( or part of them) stay in this physical volatile memory, even in standby and when another application (here App 31 ) needs to be executed .
  • the management by the low-level operating system, of the allocation of a dedicated portion of the volatile memory to a given application is configured based on a request sent by this given application at first loading ( or in its mapping definition or its memory image ) .
  • This information related to this App30 may be unloaded from this physical volatile memory only i f the application is deactivated ( or deleted) .
  • An advantage is to avoid downloading the execution data of the priority application from the volatile memory to the non-volatile memory, which allows a fast activation of the priority application, while allowing another application to use the rest of the volatile memory .
  • Figure 5 comprises three views ( a ) , (b ) , and ( c ) , each illustrating a phase of an implementation of a method of execution of applications App40 and App41 of the secure element E described in relation with Figures 1 and 2 . These three views more particularly illustrate the use of the non-volatile working memory WM and of the volatile memory RAM of secure element E during the activation of applications App40 and App41 .
  • App40 and App41 might be located in a same high-level operating system or in two di f ferent high-level operating systems .
  • a first phase application App40 requests being run by secure element E, and then becomes "running". Starting and operation execution data relative to application App40 are transferred, downloaded, or loaded into an area PRAM40 of volatile memory RAM, from area WM40 of non-volatile working memory WM, when the main task of application App40 needs it.
  • application App41 requests in turn being run by secure element E.
  • the execution data relative to the main task of application App41 are transferred, downloaded, or loaded into an area PRAM41 of volatile memory RAM, from area WM41 of nonvolatile working memory WM.
  • the data are stored after the execution data relative to application App40 in volatile memory RAM.
  • Application App41 then is running, and application App40 is then at standby.
  • Figure 6 comprises three views (a) , (b) , and (c) , each illustrating a phase of an implementation mode of a method of execution of applications App50 and App51 of the secure element E described in relation with Figure 1.
  • the three views more particularly illustrate the use of the nonvolatile working memory WM and of the volatile memory RAM of secure element E during the activation of applications App50 and App51.
  • App50 and App51 might be located in a same high-level operating system or in two different high-level operating systems .
  • application App50 is a frequent-use application, called resident application hereafter, also described in relation with Figure 4.
  • resident application App50 requests being run by secure element E .
  • Execution, starting, and operating data relative to application App50 are trans ferred, downloaded, or loaded into a reserved area PRAM50 of volatile memory RAM, from area WM50 of nonvolatile working memory WM .
  • Area PRAM50 is an area of volatile memory RAM always available to store the execution data of application App50 , and which cannot be used to store execution data of other applications .
  • Application App50 is then running .
  • application App51 requests being executed by secure element E .
  • Execution, starting, and operating data relative application App51 are trans ferred, downloaded, or loaded into an area PRAM51 of volatile memory RAM, from area WM51 of non-volatile working memory WM . These data are stored after the execution data relative to application App50 in volatile memory RAM .
  • Application App51 is then running, and application App50 is then at standby .
  • An advantage of the described embodiments is that all the applications are loaded into a memory seen, by the high-level operating systems of these applications , as a volatile memory . This allows a fast restarting of each application . Furthermore, when an application claims not to be unloaded from its dedicated area of the phys ical volatile memory, this further speeds up its restarting .
  • Another advantage of the described embodiments is that a frequent-use application is guaranteed to have space in the voltage memory RAM of the circuit to store its operation execution data therein .
  • the low-level operating systems 113 described in relation with Figure 2 manage the allocation of the memory areas and their filling with the execution data of the applications ( resident or not ) . More particularly, the low-level operating systems are capable of detecting whether an application is a resident application or not .
  • a secure element E may comprise a plurality of resident applications .
  • Low-level operating systems 113 are further capable of denying the installation of an application as a resident application, for example , i f secure element E comprises too many resident applications , particularly when too large a portion, for example , more than hal f , of volatile memory RAM is reserved to execution data of resident applications .
  • low-level operating systems 113 are capable of configuring the si zes of the portions of volatile memory RAM reserved for execution data of resident applications .
  • low level operating systems 113 are capable of configuring the si ze of a portion of the volatile memory RAM reserved for execution data of a resident application, to make it equal to zero .
  • the secure element comprises a plurality of resident applications , then the execution data of these resident applications are all stored in a same " resident" portion of volatile memory RAM . When this " resident" portion is full , the execution data relative to secondary tasks of the resident applications are displaced towards non-volatile working memory WM .
  • the execution data of an application which is inactive or at standby which are stored in working memory WM are only trans ferred into the volatile memory, during a new activation of this application, as and when needed by the application .
  • This action is performed by the low-level operating system and is transparent for the application and the corresponding high-level operating system . Indeed, data displacements between the volatile memory and the non-volatile working memory and conversely are not seen by the high-level operating systems .
  • the low-level operating system previously displaces , towards the working memory, execution data which are considered as the oldest ( those which have been used less recently) or the less often used .
  • An advantage of the disclosed embodiments is that several applications stay present in the volatile memory even when non active . This allows fast toggling from one application of another .
  • Another advantage of the disclosed embodiments is that the allocation of the volatile memory is "dynamic" , i . e . , used from an application or another . In other words , execution data of an application are trans ferred into the non-volatile memory only when space in the volatile memory is needed by a second application .
  • an application might be divided into one or a plurality of resident sub-applications and one or a plurality of non-resident sub-applications .
  • the resident application might be a portion of another application .

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Techniques For Improving Reliability Of Storages (AREA)
EP21770041.8A 2020-09-25 2021-09-20 Speicherreservierung für häufig verwendete anwendungen in einem eingebetteten sicheren element Pending EP4217864A1 (de)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
FR2009752A FR3114671B1 (fr) 2020-09-25 2020-09-25 Elément sécurisé embarqué
FR2009751A FR3114670B1 (fr) 2020-09-25 2020-09-25 Elément sécurisé embarqué
PCT/EP2021/075780 WO2022063721A1 (en) 2020-09-25 2021-09-20 Memory reservation for frequently-used applications in an embedded secure element

Publications (1)

Publication Number Publication Date
EP4217864A1 true EP4217864A1 (de) 2023-08-02

Family

ID=77750308

Family Applications (2)

Application Number Title Priority Date Filing Date
EP21770041.8A Pending EP4217864A1 (de) 2020-09-25 2021-09-20 Speicherreservierung für häufig verwendete anwendungen in einem eingebetteten sicheren element
EP21770040.0A Pending EP4217861A1 (de) 2020-09-25 2021-09-20 Speicherverwaltung für anwendungen eines in mehrere betriebssysteme eingebetteten sicheren elements

Family Applications After (1)

Application Number Title Priority Date Filing Date
EP21770040.0A Pending EP4217861A1 (de) 2020-09-25 2021-09-20 Speicherverwaltung für anwendungen eines in mehrere betriebssysteme eingebetteten sicheren elements

Country Status (3)

Country Link
EP (2) EP4217864A1 (de)
CN (2) CN116235147A (de)
WO (2) WO2022063720A1 (de)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170357450A1 (en) * 2016-06-10 2017-12-14 Apple Inc. Reserved memory in memory management system

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB1233190A (de) 1968-05-31 1971-05-26
DE1759736A1 (de) 1968-05-31 1971-07-01 Rheinstahl Union Ag Vorrichtung zum UEberbruecken von Dehnungsfugen
US6678712B1 (en) * 1996-01-19 2004-01-13 International Business Machines Corporation Method and system for executing a program under one of a plurality of mutually exclusive operating environments
EP1524597A1 (de) 2003-10-14 2005-04-20 Axalto S.A. Verfahren zur Verwaltung von Ausführungsfäden in einem speicherbegrentzten System
US7529921B2 (en) * 2004-12-17 2009-05-05 Cardiac Pacemakers, Inc. Fast initialization of medical device system having multiple operating systems
US7949008B2 (en) * 2006-01-30 2011-05-24 International Business Machines Corporation Method, apparatus and computer program product for cell phone security
US20120047313A1 (en) * 2010-08-19 2012-02-23 Microsoft Corporation Hierarchical memory management in virtualized systems for non-volatile memory models
US8495731B1 (en) * 2010-10-01 2013-07-23 Viasat, Inc. Multiple domain smartphone
US20130297924A1 (en) * 2012-04-03 2013-11-07 Insyde Software Method of running multiple operating systems on an x86-based computer
US9678863B2 (en) * 2012-06-12 2017-06-13 Sandisk Technologies, Llc Hybrid checkpointed memory
US10007552B2 (en) 2013-10-23 2018-06-26 Insyde Software Corp. System and method for dual OS memory switching
US9842065B2 (en) 2015-06-15 2017-12-12 Intel Corporation Virtualization-based platform protection technology
US10073629B2 (en) * 2016-12-13 2018-09-11 International Business Machines Corporation Memory transaction prioritization

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170357450A1 (en) * 2016-06-10 2017-12-14 Apple Inc. Reserved memory in memory management system

Also Published As

Publication number Publication date
EP4217861A1 (de) 2023-08-02
WO2022063720A1 (en) 2022-03-31
CN116209982A (zh) 2023-06-02
CN116235147A (zh) 2023-06-06
WO2022063721A1 (en) 2022-03-31

Similar Documents

Publication Publication Date Title
CN101196974B (zh) 用于软件应用程序的自动配置的方法和系统
US11847225B2 (en) Blocking access to firmware by units of system on chip
US8176142B2 (en) Shared JAVA jar files
KR102277238B1 (ko) 업데이트가능한 집적 회로 무선장치
US8434127B2 (en) Access control system, access control method, electronic device and control program
US11768943B2 (en) Secure element and method for starting an application by a low-level operating system
JP6326047B2 (ja) 集積回路型無線
US12217057B2 (en) Embedded system
EP3286682B1 (de) Verfahren zur verwaltung von applikationen in einem sicheren element wenn das betriebsystem aktualisiert wird
US11720358B2 (en) Embedded system
US11039318B2 (en) Multi-configuration secure element and associated method
US12045336B2 (en) Embedded secure element
WO2022063721A1 (en) Memory reservation for frequently-used applications in an embedded secure element
US10489775B2 (en) Integrated circuit card adapted to transfer first data from a first application for use by a second application
JP5057829B2 (ja) 携帯可能電子装置およびicカード
KR20160102040A (ko) 집적 회로 무선장치
WO2025054246A1 (en) Method and system for upgrading the firmware of a device
CN119337361A (zh) 云环境下双体系可信度量结构中程序阻断方法及系统

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20230418

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20240612

RAP3 Party data changed (applicant data changed or rights of an application transferred)

Owner name: STMICROELECTRONICS BELGIUM

Owner name: STMICROELECTRONICS S.R.L.