简体繁体 English

更改JavaCard Applet的版本

[英]Change version of a javacard applet

原文 2013-11-10 05:57:42 4 2 javacard/ object-lifetime/ securitydomain

Consider a situation in which personalization is done on card and amount of new data are stored in javacard, If we have a small change in aplet and wants to update applet version on javacard, what would happend to previousely stored data on card, as each applet has its own security domain(SD), I think all data are stored in the current applet's SD, so new installation yields to deletion of previous applet, Then what happend to store data? 考虑一种情况，其中对卡进行个性化并且将新数据存储在javacard中。如果我们对aplet进行了很小的更改，并且想要更新javacard上的applet版本，则先前存储在card上的数据会发生什么情况，因为每个applet有自己的安全域（SD），我认为所有数据都存储在当前applet的SD中，因此新安装会导致删除以前的applet，那么存储数据又发生了什么？

Regards 问候

2 个解决方案

Found the answer googling the web : check this link 找到了在网上搜寻的答案：请检查此链接

In the link, safarmer said: 萨法默在链接中说：

Unfortunately you can only delete and the install again. 不幸的是，您只能删除并重新安装。 From my understanding this is due to the limited resources on the card. 据我了解，这是由于卡上的资源有限。 You would need to have two copies of the applet on the card to do an atomic update and then delete the original. 您将需要在卡上拥有applet的两个副本，以进行原子更新，然后删除原始副本。 I don't think this is a very feasible approach. 我认为这不是一种非常可行的方法。

The key to doing this is having it done in a controlled environment so you have complete control and can rerun in case of card tear etc. ie not update online across the internet. 这样做的关键是要在受控的环境中完成操作，这样您就可以完全控制并可以在卡断开等情况下重新运行。例如，不能通过Internet在线更新。

Also: 也：

You define an applet that stores data and a SIO that you can use to access this applet. 您定义了一个存储数据的applet和一个可用于访问此applet的SIO。 The business logic goes into another applet and calls the methods on the interface to get or set data in the other applet. 业务逻辑进入另一个小程序，并调用接口上的方法以获取或设置另一个小程序中的数据。 Your business logic can be deleted and reinstalled without affecting data. 您的业务逻辑可以删除并重新安装而不会影响数据。 This is the simplified one paragraph version. 这是简化的一个段落版本。

This is the result of my searching about SIO : 这是我搜索SIO的结果：

Shareable interfaces are a feature in the Java Card API to enable applet interaction.To the owning context, the SIO is a normal object whose fields and methods can be accessed. 共享接口是Java Card API中启用小程序交互的功能。对于拥有的上下文，SIO是可访问其字段和方法的普通对象。 To any other context, the SIO is an instance of the shareable interface, and only the methods defined in the shareable interface are accessible. 在任何其他上下文中，SIO都是可共享接口的实例，并且只能访问可共享接口中定义的方法。 All other fields and methods of the SIO are protected by the firewall. SIO的所有其他字段和方法均受防火墙保护。 Shareable interfaces provide a secure mechanism for inter-applet communication, as follows: 共享接口提供了一种用于小程序间通信的安全机制，如下所示：

Server applet A builds a Shareable Interface Object 服务器小程序A构建一个可共享的接口对象

To make an object available for sharing with another applet in a different context, applet A first defines a shareable interface, SI. 为了使对象可用于在不同上下文中与另一个小程序共享，小程序A首先定义了一个可共享的接口SI。 A shareable interface extends the interface javacard.framework.Shareable. 可共享的接口扩展了接口javacard.framework.Shareable。 The methods defined in the shareable interface, SI, represent the services that applet A makes accessible to other applets. 共享接口SI中定义的方法表示小程序A使其他小程序可以访问的服务。
Applet A then defines a class C that implements the shareable interface SI. 然后，小应用程序A定义了一个类C，该类实现了可共享的接口SI。 C implements the methods defined in SI. C实现了SI中定义的方法。 C may also define other methods and fields, but these are protected by the applet firewall. C还可以定义其他方法和字段，但是这些方法和字段受到applet防火墙的保护。 Only the methods defined in SI are accessible to other applets. 其他小应用程序只能访问SI中定义的方法。
Applet A creates an object instance O of class C. O belongs to applet A, and the firewall allows A to access any of the fields and methods of O. Applet A创建类C的对象实例O。O属于Applet A，并且防火墙允许A访问O的任何字段和方法。

Client applet B obtains the Shareable Interface Object 客户端小程序B获得可共享接口对象

Applet B can request service from applet A by invoking one of the shareable interface methods of SIO. 小程序B可以通过调用SIO的一种共享接口方法来向小程序A请求服务。 During the invocation the Java Card VM performs a context switch. 在调用期间，Java Card VM执行上下文切换。 The original currently active context (B) is saved on a stack and the context of the owner (A) of the actual object (O) becomes the new currently active context. 原始的当前活动上下文（B）保存在堆栈中，实际对象（O）的所有者（A）的上下文成为新的当前活动上下文。 A's implementation of the shareable interface method (SI method) executes in A's context. A的可共享接口方法（SI方法）的实现在A的上下文中执行。
The SI method can find out the AID of its client (B) via the JCSystem.getPreviousContextAID method. SI方法可以通过JCSystem.getPreviousContextAID方法找到其客户端（B）的AID。 The method determines whether or not it will perform the service for applet B. 该方法确定是否将为小程序B执行服务。
Because of the context switch, the firewall allows the SI method to access all the fields and methods of object O and any other object in the context of A. At the same time, the firewall prevents the method from accessing non-shared objects in the context of B. 由于上下文切换，防火墙允许SI方法访问对象O以及A上下文中任何其他对象的所有字段和方法。同时，防火墙阻止该方法访问对象中非共享对象。 B的上下文。
The SI method can access the parameters passed by B and can provide a return value to B. SI方法可以访问B传递的参数，并可以向B提供返回值。
During the return, the Java Card VM performs a restoring context switch. 在返回期间，Java Card VM执行恢复上下文切换。 The original currently active context (B) is popped from the stack, and again becomes the currently active context. 原始的当前活动上下文（B）从堆栈中弹出，并再次成为当前活动上下文。
Because of the context switch, the firewall again allows B to access any of its objects and prevents B from accessing non-shared objects in the context of A. 由于上下文切换，防火墙再次允许B访问其任何对象，并阻止B访问A上下文中的非共享对象。