[go: up one dir, main page]

WO2010000131A1 - Smart card, terminal processing for supporting web service system and realizing method thereof - Google Patents

Smart card, terminal processing for supporting web service system and realizing method thereof Download PDF

Info

Publication number
WO2010000131A1
WO2010000131A1 PCT/CN2009/000726 CN2009000726W WO2010000131A1 WO 2010000131 A1 WO2010000131 A1 WO 2010000131A1 CN 2009000726 W CN2009000726 W CN 2009000726W WO 2010000131 A1 WO2010000131 A1 WO 2010000131A1
Authority
WO
WIPO (PCT)
Prior art keywords
smart card
application
web
web service
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2009/000726
Other languages
French (fr)
Chinese (zh)
Inventor
何朔
孟宏文
胡佳
朱俭秋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Unionpay Co Ltd
Original Assignee
China Unionpay Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CN200810039987A external-priority patent/CN101621494A/en
Priority claimed from CN2008100399868A external-priority patent/CN101620758B/en
Application filed by China Unionpay Co Ltd filed Critical China Unionpay Co Ltd
Publication of WO2010000131A1 publication Critical patent/WO2010000131A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Definitions

  • the present invention relates to the field of smart card web applications and information security technologies, and in particular, to a smart card including a web server and a terminal for web communication, and an embedded Web server and web browser and implement terminal processing system for web services.
  • Background technique
  • a smart card is a plastic card that contains an embedded integrated circuit (IC) that contains a tiny central processing unit (CPU), read-only memory, read-write memory, and other peripheral circuitry.
  • IC integrated circuit
  • CPU central processing unit
  • the integrated circuit has similar capabilities to a computer, such as: running programs, processing input and output data.
  • CPU central processing unit
  • it is necessary to provide power and other interface devices from the outside.
  • IC card usually referred to as a CPU card
  • the realization of "one card multi-use" is an urgent development direction.
  • the so-called “one card multi-use” means that there are multiple applications on the same smart card, such as e-wallet application, debit Goods applications, rapid transit applications (such as transportation cards for public transport, rental and subway) and social security applications (such as social security cards).
  • the existing IC card operating system generally follows the directory and file mode based on the IS07816 standard, as shown in FIG. Part 1-7 of ISO 7816, as defined by the International Organization for Standardization, specifies a set of standards covering all aspects of the CPU card.
  • ISO7816 includes: physical characteristics, size and contact locations, electronic signals and transmission protocols, inter-industry exchange instructions, application identifiers, inter-industry data elements, and inter-industry SCQL instructions.
  • FIG. 1 shows the storage mechanism of a smart card based on the ISO7816 standard on application data.
  • the CPU card generally includes file types such as a main file MF (Master File), a dedicated file DF (Dedicated File), and a basic data file EF.
  • the card's dedicated file DF and the basic data file EF present a tree structure.
  • the main file MF is the root directory, which is the root of the smart card file system, which is equivalent to the root directory of DOS, and each card has one and only one MF file;
  • the special file DF is equivalent to a subdirectory of DOS, and can be further divided into ADF and DDF, where DDF is the DF containing the subordinate directory, and ADF is the DF that does not contain the subordinate directory.
  • FIG. 2 is a schematic diagram of communication between the terminal operating system and the terminal smart card using the POS terminal as an example in the prior art. Referring to FIG.
  • the terminal operating system 100 includes an application logic unit 104, which is substantially a terminal processing program in the terminal operating system 100, and includes information such as a user's bank card account number and password, an account opening name, and an available balance.
  • the terminal smart card 102 includes security.
  • Information service 106 which is the material basis for the terminal smart card 102 to display the terminal application logic unit 104.
  • the ISO7816/ISO 14443 standard is used for communication between the terminal operating system 100 and the terminal smart card 102. However, it can be known from the communication process described in FIG. 2 that the application development of the terminal smart card is distributed in the smart card and the terminal, and the development cycle is very long.
  • the present invention provides a terminal smart card based on the HTTP protocol for the above-mentioned drawbacks of the terminal smart card application in the prior art. Because it uses the HTTP protocol in Web technology, it is often called WebCard. In view of the above drawbacks of the smart card application in the prior art, the present invention provides a terminal processing system and an implementation method for supporting a Web service. According to an aspect of the present invention, a smart card is provided, wherein the smart card has at least: an application logic unit for saving a phase of a smart card application in a card application container of the smart card Off data information; and
  • a web server configured to store a logic program of the smart card application, to access the application logic unit, where the service provided by the application in the application logic unit and the corresponding web service for the terminal application accept the terminal operation together System request service.
  • the web server includes at least a web service interpretation layer, a web service communication management layer, a web service symptom container, and a web service application programming interface. Further, the web service interpretation layer invokes the web service application container, and sends the corresponding HTML script file in the web service application container to the terminal operating system for logical display through the web service communication management layer.
  • the Web service communication management layer supports the ISO7816/ISO14443 protocol and the HTTP protocol loaded on ISO7816/ISO14443.
  • the web service communication management layer can directly support one of the HTTP protocol, the TCP/IP protocol, the USB protocol, or a combination thereof.
  • the card application container and the web service application container are in different logical storage areas. Specifically, the physical storage carrier of the card application container is typically manufactured by an EEPROM process, and the physical storage carrier of the web service application container is typically manufactured by the FLASH process.
  • the web service application container accesses the application logic unit in one direction through the web service application programming interface.
  • the application logic unit may include an e-wallet application conforming to the regulations of the People's Bank of China, a debit-keeping application conforming to the regulations of the People's Bank of China, a fast traffic application, a social security application, and other industry applications.
  • a terminal processing system in a smart card application has at least one terminal operating system, and a smart card, wherein a web browser is set in the terminal operating system; and the smart card is At least: an application logic unit, configured to save related data information of the smart card application in a card application container of the smart card; and a web server, configured to store a logic program of the smart card application, to access the application logic unit, where The service provided by the application in the application logic unit and the corresponding web service for the terminal application accept the request service of the terminal operating system.
  • the terminal operating system may be a POS or ATM terminal of a financial terminal or a mobile terminal in a wireless communication system.
  • the web service interpretation layer invokes the web service application container, and sends a corresponding HTML script file in the web service application container to the terminal operating system for logical display. And, the terminal operating system logically displays the smart card application through the web browser.
  • an implementation method for supporting a web application service in a terminal processing system includes at least one terminal operating system and a smart card, and the implementation method includes: Setting a web browser; storing an application logic unit in a card application container of the smart card; setting a web server in the smart card; and communicating with the web server by using the web browser to implement a smart card application Web service.
  • the web browser determines whether it is a remote request or a local request according to the received URL request, and when the URL request is a remote request, the web browser communicates with the remote web server; when the URL request is a local request, and When the port number of the local request is sent as the port number of the smart card, communication is established between the web browser and the web server of the smart card. Wherein, when the URL request is a local request, and the port number of the local request is not the port number of the smart card, the other port agent is queried.
  • the web server includes at least a web service interpretation layer, a web service communication management layer, a web service application container, and a web service application programming interface.
  • the web service interpretation layer invokes the web service application container, and sends a corresponding HTML script file in the web service application container to a web browser of the terminal operating system for logical display.
  • the Web application application container accesses the application logic unit through the Web service application programming interface.
  • the smart card, the terminal processing system and the implementation method thereof of the present invention have an application logic unit migrated from the terminal operating system in the smart card, and a web server is built in the smart card, and the terminal operating system is built in the terminal operating system Web browser, so web communication can be performed between the terminal operating system and the smart card, and the terminal operating system only needs to provide logic display and input of the application interface.
  • FIG. 1 shows an architectural diagram of storing application data on a smart card based on the IS07816 standard directory and file mode.
  • FIG. 2 shows a communication between a terminal operating system and a terminal smart card using a POS terminal as an example in the prior art.
  • FIG. 3 is a schematic diagram of communication between a terminal smart card and a terminal operating system based on the HTTP protocol according to the present invention, taking a POS terminal as an example;
  • FIG. 4 shows a web service application container accessing a smart card through a web service application programming interface.
  • FIG. 5 is a flow chart showing the processing of a received URL request by a web browser in a terminal operating system.
  • the POS terminal selects the e-wallet application in the application logic unit through the terminal operating system, and then accesses and retrieves some data in the security information service of the terminal smart card through the interface of ISO7816/ISO 14443 to identify or authenticate the user card. legality.
  • APDU Application Protocol Data Unit
  • the POS terminal plays a very important role, and the terminal smart card only uses its security letter.
  • the structure of the terminal operating system and the terminal smart card in the POS terminal is not difficult to see. All aspects of the development, deployment, operation and maintenance of the smart card application involve the terminal and the smart card. If the terminal is replaced or the smart card supplier is replaced.
  • FIG. 3 is a schematic diagram showing the communication between the terminal smart card based on the HTTP protocol and the terminal operating system according to the present invention, taking the POS terminal as an example.
  • the terminal operating system 20 includes at least a web browser 202
  • the terminal smart card 30 includes at least a security information service 302, a web server 304, and an application logic unit 306.
  • the web browser 202 in the terminal operating system 20 communicates with the web server 304 in the financial smart card 30 through the HTTP protocol or the HOAP (HTTP Over APDU Protocol), and the web server 304 stores the smart card.
  • HTTP protocol HTTP Over APDU Protocol
  • the terminal operating system contains an application logic unit
  • the terminal smart card only contains a security information service.
  • the terminal operating system of the present invention the terminal operating system has a web browser
  • the terminal smart card includes not only a security information service but also a web server and an application logic unit. That is to say, the application logic unit originally in the terminal operating system is "decentralized" to the financial smart card, and the terminal operating system uses the Web browser to access the terminal smart card based on ISO7816/ISO14443 and the HTTP protocol, and the terminal smart card communicates with the Web through the Web server.
  • the browser communicates, when the application logic unit sends to the terminal operating system through the web service communication management layer, on the web browser
  • the web page is displayed in the form of a web page. Therefore, after the web technology is adopted, the web browser and the web server are respectively introduced in the terminal operating system and the terminal smart card to implement the web application of the terminal smart card.
  • the functions of the POS terminal have been greatly weakened, the positioning is more clear, and it is more suitable for service-oriented applications and application functions.
  • the terminal smart card stores the application logic unit and its security information service, and the terminal only needs to provide the application interface display, input and output, and online functions, etc., then the terminal is changed from the core component of the smart card application to having the ordinary browser function.
  • the shell greatly enhances the scalability and portability of the entire application system.
  • 4 shows a schematic diagram of a web service application container accessing a smart card application container through a web service application programming interface.
  • the terminal smart card has an application container of a card, a web service application container, a web service interpretation layer, and an API interface between the application container of the card and the web service application container.
  • the application container of the card is a storage area of the terminal smart card application, which adopts a traditional implementation manner, does not need to be specifically defined, and does not need to be associated with a specific manufacturer's product, and can be accessed through an application interface of a corresponding application specification. Realization, such as social security regulations, labor practices, financial norms, etc.
  • the web service application container is a storage area of an application displayed by the terminal operating system using a web browser, which is substantially a web application corresponding to each application in the application container of the card.
  • These web applications consist of one or more HTML script files.
  • the web service interpretation layer manages and calls these web applications, and displays the called web applications on the web browser of the terminal operating system through ISO7816/ISO 14443 and HTTP protocols.
  • the API interface only supports one-way access operations, that is, the application container of the card cannot use the API interface to access the web service application container.
  • the terminal smart card of the present invention has both an application container of a card and an application container of a web service.
  • the traditional smart card application container is logically in the form of a file system, just like the FAT file system, and provides a service interface (such as an APDU instruction). Since the application container of the card only needs to provide a small amount of data information such as storage of sensitive data and key service, the physical storage carrier is usually an EEPROM (Electrically Erasable Read Only Memory). The EEPROM is a highly secure storage carrier with a capacity of several Kbytes.
  • the Web application implements application logic and contains a large amount of information such as pictures, text, and process scripts, which are not required for security.
  • the application container of the smart card and the application container of the Web service are stored in one chip by using different storage media, and mutual access between them is also limited.
  • the components participating in the communication in the application system include a Web service communication management layer 400, which supports at least ISO7816, ISO 14443, and HTTP protocols; and an application container 402 of the smart card, which is stored in accordance with the People's Bank of China.
  • Standardized e-wallet application debit-keeping application conforming to the People's Bank of China regulations, fast traffic application, social security application and other industry applications; API interface 404 of Web server; Web service application container 406, corresponding to e-wallet application An HTML script file, an HTML script file corresponding to the debit application, an HTML script file corresponding to the fast traffic application, an HTML script file corresponding to the social security application, and the like; and a Web service interpretation layer 408.
  • the web browser is used by the web browser.
  • the request communicates with the web server in the terminal smart card, and the web service interpretation layer 408 receives the URL request from the web browser and performs corresponding processing.
  • the web service application container 406 accesses the fast traffic application logic located in the smart card's application container 402 via the web server's API interface 404, and the return code from the smart card's application container 402 is directly returned or translated into a standard HTML response code.
  • FIG. 5 is a flow chart showing the processing of a received URL request by a web browser in a terminal operating system.
  • the processing method includes: Step 500: Receive a URL request.
  • the web browser in the terminal operating system receives the URL request;
  • Step 502 The web browser determines whether the URL request is a remote request or a local request by determining a host address of the received URL. If the URL request is a remote request, then web browsing The device requests to communicate with the remote web server, go to step 510; Step 504, if the URL request is a local request, determine whether the port number of the local request is the port number of the terminal smart card, and if yes, go to step 506; If not, go to step 508; Step 506, request to communicate with the terminal smart card; Step 508, determine that the port number for sending the local request is not from the financial smart card, query other port agents; and Step 512, in the Web browser Establishing communication with the web server.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Cash Registers Or Receiving Machines (AREA)

Abstract

A smart card (30), a terminal processing system and a realizing thereof. The smart card (30) comprises an application logic unit (306) which stores the corresponding data information, and a web server (304) which stores the logic program for the smart card application and accesses the application logic unit (306). The terminal processing system at least comprises a terminal operating system (20) and a smart card (30), in which the terminal operating system (20) sets a web browser (202), uses the web browser (202) and the web server (304) to communicate, in order to realize the web service for the smart card application. The terminal processing system has the web browser (202) and the web server (304), so it can perform web communication between the terminal operating system (20) and the smart card (30), and the terminal operating system (20) only provides logic display of application interface, input and output and online function etc. This invention greatly enhances the expansion capacity and portability of the entire terminal processing system, and improves the security, openness and maintainability of system.

Description

一种支持 Web服务的智能卡、 终端处理系统以及其实现方法 技术领域 本发明涉及智能卡 Web应用和信息安全技术领域, 尤其涉及一种内含 Web 服务器与终端进行 Web通讯的智能卡, 以及一种内含 Web服务器和 Web浏览 器并实现 Web服务的终端处理系统。 背景技术  TECHNICAL FIELD The present invention relates to the field of smart card web applications and information security technologies, and in particular, to a smart card including a web server and a terminal for web communication, and an embedded Web server and web browser and implement terminal processing system for web services. Background technique

当前, 人们在出行时经常携带若干银行卡, 以避免因现金业务而带来的不 便和潜在的安全性问题。 随着现有磁条卡在安全方面的不足日趋明显, 国内外 各银行都在逐步推行智能卡来代替磁条卡。 一般而言, 智能卡是一个包含嵌入 集成电路( IC )的塑料卡片 ,在该集成电路中含有一个微型的中央处理器( CPU )、 只读存储器、 读写存储器以及其它附属的外围电路。 该集成电路具有和计算机 类似的能力, 例如: 运行程序、 处理输入和输出数据。 当使用该金融智能卡时, 需要由外部提供电源及其它接口设备。 对于 IC卡(通常指 CPU卡)来说, 实现"一卡多用 "是一个迫切的发展方向, 所谓"一卡多用"是指在同一张智能卡上存在多个应用, 例如电子钱包应用、 借 记货应用、 快速交通应用 (诸如适用于公交、 出租和地铁的交通卡) 和社会保 障应用 (如社保卡) 等等。 现有的 IC卡操作系统一般遵循基于 IS07816标准 的目录和文件方式, 如图 1所示。 国际标准化组织规定的 ISO7816第 1-7部分 规定了一组覆盖 CPU卡各个方面的标准。 其中 ISO7816 包括: 物理特性、 尺 寸和触点位置、 电子信号和传输协议、 行业间交换指令、 应用程序标识符、 行 业间数据元素和行业间 SCQL指令等部分。 图 1示出了基于该 ISO7816标准的 智能卡在应用数据上的存储机制。 CPU卡一般包括主文件 MF ( Master File ) 、 专用文件 DF ( Dedicated File ) 以及基本数据文件 EF等文件类型。 卡的专用文 件 DF与基本数据文件 EF呈现树状结构。 所述主文件 MF即为根目录, 是智能 卡文件系统的根, 相当于 DOS的根目录, 每张卡有且只有一个 MF文件; 所述 专用文件 DF相当于 DOS的子目录, 可以进一步分为 ADF和 DDF, 其中 DDF 为包含下级目录的 DF, 而 ADF为不包含下级目录的 DF。 对于现有 IC卡多应 确认本 用的实现是通过创建多个 ADF达到的。 每个 ADF代表一个应用, 例如应用 1, 应用 2, , 应用 n。 每个 ADF下有相应的文件, 该相应的文件中存放相应 的数据。 现有的终端智能卡都是以安全信息服务的角色出现的, 只有通过开发专门 的终端(例如金融终端的 POS机或者移动终端的手机)才能实现一个完整的应 用, 由智能卡和终端以符合 IS〇7816标准的命令进行通讯。 为了进一步说明 终端和终端智能卡之间的通讯过程, 图 2示出了现有技术中以 POS终端为例的 终端操作系统与终端智能卡之间的通讯示意图。 参照图 2, 在该 POS终端中至 少包括终端操作系统 100和终端智能卡 102。 其中, 终端操作系统 100中含有 应用逻辑单元 104, 它实质上是终端操作系统 100中的终端处理程序, 包括用 户的银行卡账号及密码、 开户名、 可用余额等信息; 终端智能卡 102中含有安 全信息服务 106, 它是该终端智能卡 102展示终端应用逻辑单元 104的物质基 础。 在终端操作系统 100与终端智能卡 102之间采用 ISO7816/ISO 14443标准 进行通讯。 然而, 从图 2 所述的通讯过程可以知晓, 终端智能卡的应用开发分布在智 能卡和终端两个部分, 开发周期很长, 单纯地智能卡开发或者终端开发均会导 致相应的终端或者智能卡无法应用, 可移植性较差。 此外, 智能卡应用的安全 机制是通过智能卡和终端两者共同实现的, 由于终端上应用逻辑单元的安全性 较低使得应用系统整体的安全性下降。 发明内容 针对终端智能卡应用在现有技术中存在的上述缺陷, 本发明提供了一种基 于 HTTP协议的终端智能卡。 因为采用了 Web技术中的 HTTP协议, 通常将其 称为 WebCard。 针对智能卡应用在现有技术中存在的上述缺陷, 本发明提供了一种支持 Web服务的终端处理系统及实现方法。 按照本发明的一个方面, 提供了一种智能卡, 其中, 该智能卡中至少具有: 应用逻辑单元, 用于在所述智能卡的卡片应用容器中保存智能卡应用的相 关数据信息; 和 Currently, people often carry a number of bank cards when they travel to avoid the inconvenience and potential security problems caused by cash business. With the lack of security in the existing magnetic stripe cards, banks at home and abroad are gradually pushing smart cards to replace magnetic stripe cards. In general, a smart card is a plastic card that contains an embedded integrated circuit (IC) that contains a tiny central processing unit (CPU), read-only memory, read-write memory, and other peripheral circuitry. The integrated circuit has similar capabilities to a computer, such as: running programs, processing input and output data. When using the financial smart card, it is necessary to provide power and other interface devices from the outside. For an IC card (usually referred to as a CPU card), the realization of "one card multi-use" is an urgent development direction. The so-called "one card multi-use" means that there are multiple applications on the same smart card, such as e-wallet application, debit Goods applications, rapid transit applications (such as transportation cards for public transport, rental and subway) and social security applications (such as social security cards). The existing IC card operating system generally follows the directory and file mode based on the IS07816 standard, as shown in FIG. Part 1-7 of ISO 7816, as defined by the International Organization for Standardization, specifies a set of standards covering all aspects of the CPU card. ISO7816 includes: physical characteristics, size and contact locations, electronic signals and transmission protocols, inter-industry exchange instructions, application identifiers, inter-industry data elements, and inter-industry SCQL instructions. Figure 1 shows the storage mechanism of a smart card based on the ISO7816 standard on application data. The CPU card generally includes file types such as a main file MF (Master File), a dedicated file DF (Dedicated File), and a basic data file EF. The card's dedicated file DF and the basic data file EF present a tree structure. The main file MF is the root directory, which is the root of the smart card file system, which is equivalent to the root directory of DOS, and each card has one and only one MF file; the special file DF is equivalent to a subdirectory of DOS, and can be further divided into ADF and DDF, where DDF is the DF containing the subordinate directory, and ADF is the DF that does not contain the subordinate directory. For existing IC cards, please confirm this The implementation is achieved by creating multiple ADFs. Each ADF represents an application, such as Application 1, Application 2, and Application n. There is a corresponding file under each ADF, and the corresponding file stores the corresponding data. Existing terminal smart cards are all in the form of security information services. Only through the development of specialized terminals (such as POS machines of financial terminals or mobile phones of mobile terminals) can a complete application be realized, and smart cards and terminals conform to IS〇. 78 16 standard commands for communication. To further illustrate the communication process between the terminal and the terminal smart card, FIG. 2 is a schematic diagram of communication between the terminal operating system and the terminal smart card using the POS terminal as an example in the prior art. Referring to FIG. 2, at least the terminal operating system 100 and the terminal smart card 102 are included in the POS terminal. The terminal operating system 100 includes an application logic unit 104, which is substantially a terminal processing program in the terminal operating system 100, and includes information such as a user's bank card account number and password, an account opening name, and an available balance. The terminal smart card 102 includes security. Information service 106, which is the material basis for the terminal smart card 102 to display the terminal application logic unit 104. The ISO7816/ISO 14443 standard is used for communication between the terminal operating system 100 and the terminal smart card 102. However, it can be known from the communication process described in FIG. 2 that the application development of the terminal smart card is distributed in the smart card and the terminal, and the development cycle is very long. Simply developing the smart card or developing the terminal may cause the corresponding terminal or smart card to be unapplied. Poor portability. In addition, the security mechanism of the smart card application is implemented by both the smart card and the terminal, and the security of the application system as a whole is lowered due to the lower security of the application logic unit on the terminal. SUMMARY OF THE INVENTION The present invention provides a terminal smart card based on the HTTP protocol for the above-mentioned drawbacks of the terminal smart card application in the prior art. Because it uses the HTTP protocol in Web technology, it is often called WebCard. In view of the above drawbacks of the smart card application in the prior art, the present invention provides a terminal processing system and an implementation method for supporting a Web service. According to an aspect of the present invention, a smart card is provided, wherein the smart card has at least: an application logic unit for saving a phase of a smart card application in a card application container of the smart card Off data information; and

Web 服务器, 用于存储所述智能卡应用的逻辑程序, 访问所述应用逻辑单 元, 其中, 所述应用逻辑单元中的应用所提供的服务和相对应的用于终端应用 的 Web服务一起接受终端操作系统的请求服务。 其中, Web服务器中至少包括 Web服务解释层、 Web服务通讯管理层、 Web服务症用容器和 Web服务应用编程接口。 进一步, Web服务解释层调用 Web服务应用容器, 并将 Web服务应用容器中相应的 HTML脚本文件通过该 Web服务通讯管理层发送到终端操作系统进行逻辑展示。 其中, Web 服务通讯管理层支持 ISO7816/ISO14443 协议, 以及在 ISO7816/ISO14443上加载的 HTTP协议。 优选地, 该 Web服务通讯管理层可 以直接支持 HTTP协议、 TCP/IP协议、 USB协议中的一种或者其组合。 其中, 卡片应用容器和 Web服务应用容器处于不同的逻辑存储区中。 具体 来说, 卡片应用容器的物理存储载体通常是 EEPROM工艺制造的, 而 Web服 务应用容器的物理存储栽体通常是 FLASH工艺制造的。 此外, Web服务应用 容器通过 Web服务应用编程接口来单向访问应用逻辑单元。 其中, 应用逻辑单元可以包括符合中国人民银行规范的电子钱包应用、 符 合中国人民银行规范的借记货应用、 快速交通应用、 社会保障应用及其他行业 应用等。 按照本发明的另一个方面, 提供了一种智能卡应用中的终端处理系统, 终 端处理系统至少具有一个终端操作系统, 和一个智能卡, 其中, 在终端操作系 统设置一 Web浏览器; 以及所述智能卡至少具有: 应用逻辑单元, 用于在所述 智能卡的卡片应用容器中保存智能卡应用的相关数据信息; 和 Web服务器, 用 于存储所述智能卡应用的逻辑程序, 访问所述应用逻辑单元, 其中, 所述应用 逻辑单元中的应用所提供的服务和相对应的用于终端应用的 Web 服务一起接 受终端操作系统的请求服务。 其中, 终端操作系统可以是金融终端的 POS或者 ATM终端, 或者是无线 通信系统中的移动终端。 其中, Web服务解释层调用所述 Web服务应用容器, 并将所述 Web服务应 用容器中相应的 HTML 脚本文件发送到所述终端操作系统进行逻辑展示。 并 且, 终端操作系统通过所述 Web浏览器对所述智能卡应用进行逻辑展示。 按照本发明的第三方面, 提供了一种在终端处理系统中支持 Web应用服务 的实现方法, 终端处理系统至少包括一个终端操作系统和一个智能卡, 该实现 方法包括: 在所述终端操作系统中设置一 Web浏览器; 将应用逻辑单元存储在所述智能卡的卡片应用容器; 在所述智能卡中设置一 Web服务器; 以及 利用所述 Web 浏览器和所述 Web服务器进行通讯, 以实现智能卡应用的 Web服务。 其中, Web浏览器根据接收的 URL请求来判断是远程请求还是本地请求, 当该 URL请求是远程请求时, 所述 Web浏览器与远程 Web服务器进行通讯; 当该 URL 请求是本地请求时, 并且发送所述本地请求的端口号为智能卡的端 口号时, 在 Web浏览器与所述智能卡的 Web服务器之间建立通讯。 其中, 当所述 URL请求是本地请求, 并且发送所述本地请求的端口号不是 智能卡的端口号时, 查询其他端口代理程序。 其中, Web服务器中至少含有 Web服务解释层、 Web服务通讯管理层、 Web服务应用容器和 Web服务应用编程接口。 进一步, Web服务解释层调用 所述 Web服务应用容器, 并将所述 Web服务应用容器中相应的 HTML脚本文 件发送到所述终端操作系统的 Web浏览器进行逻辑展示。 其中, Web l 务应用容器通过 Web服务应用编程接口来单向访问应用逻辑 单元。 采用本发明的智能卡, 终端处理系统及其实现方法, 由于在智能卡中具有 从终端操作系统中迁移而来的应用逻辑单元, 并在该智能卡内建有 Web 服务 器, 在该终端操作系统中建有 Web浏览器, 因此可以在终端操作系统和智能卡 之间进行 Web通讯, 而此时终端操作系统只需提供应用界面的逻辑展示、输入 输出及联机功能等, 大大增强了整个终端处理系统的扩展能力和可移植性, 也 提高了系统的安全性、 开放性和可维护性。 附图说明 在参照附图阅读了本发明的具体实施方式以后, 将会更清楚地了解本发明 的各个方面。 其中, 图 1示出了基于 IS07816标准的目录和文件方式在智能卡上存储应用数据 的架构图; 图 2示出了现有技术中以 POS终端为例的终端操作系统与终端智能卡之间 的通讯示意图; 图 3示出了以 POS终端为例根据本发明的基于 HTTP协议的终端智能卡与 终端操作系统之间的通讯示意图; 图 4示出了 Web服务应用容器通过 Web服务应用编程接口来访问智能卡应 用容器的示意图; 而 图 5示出了终端操作系统中的 Web浏览器对于所接收的 URL请求进行处理 的流程示意图。 具体实施方式 在详细阐述本发明的具体实施方式之前, 再次结合图 2 来进一步了解现有 技术中智能卡和终端之间的通讯机制。 本领域的技术人员应当理解, 这里的终 端不仅可以是金融终端 POS , 也可以是移动终端或者 ATM终端。 以智能卡的 典型应用之电子钱包为例, 整个消费过程主要涉及用户卡和 POS终端。 首先, POS终端通过终端操作系统来选择应用逻辑单元中的电子钱包应用, 然后通过 ISO7816/ISO 14443 的接口访问和调取终端智能卡的安全信息服务中的某些数 据用子识别或认证用户卡的合法性。 当发送专用的应用程序协议数据单元 ( APDU: Application Protocol Data Unit )指令时, 完成电子钱包的消费。 在这 个过程中, POS终端扮演了十分重要的角色, 而终端智能卡只是利用其安全信 有技术中 POS终端内终端操作系统和终端智能卡的结构, 不难看出, 智能卡应 用的开发、 部署、 运行和维护等所有环节都涉及到终端和智能卡两个环节, 如 果更换终端或者更换智能卡供应商, 则必须在智能卡和终端上的某些方面进行 重新调整或开发。 单纯地更换终端, 或者更换智能卡, 并不能实现一个完整的 应用。 此外, 应用逻辑单元位于终端中的终端操作系统, 当终端受到攻击时, 该应用逻辑单元将会处于危险之中。 至此, 如何将终端从智能卡应用的"繁重" 劳动中解放出来, 是有关技术人员急需解决的问题。 a web server, configured to store a logic program of the smart card application, to access the application logic unit, where the service provided by the application in the application logic unit and the corresponding web service for the terminal application accept the terminal operation together System request service. The web server includes at least a web service interpretation layer, a web service communication management layer, a web service symptom container, and a web service application programming interface. Further, the web service interpretation layer invokes the web service application container, and sends the corresponding HTML script file in the web service application container to the terminal operating system for logical display through the web service communication management layer. Among them, the Web service communication management layer supports the ISO7816/ISO14443 protocol and the HTTP protocol loaded on ISO7816/ISO14443. Preferably, the web service communication management layer can directly support one of the HTTP protocol, the TCP/IP protocol, the USB protocol, or a combination thereof. The card application container and the web service application container are in different logical storage areas. Specifically, the physical storage carrier of the card application container is typically manufactured by an EEPROM process, and the physical storage carrier of the web service application container is typically manufactured by the FLASH process. In addition, the web service application container accesses the application logic unit in one direction through the web service application programming interface. The application logic unit may include an e-wallet application conforming to the regulations of the People's Bank of China, a debit-keeping application conforming to the regulations of the People's Bank of China, a fast traffic application, a social security application, and other industry applications. According to another aspect of the present invention, a terminal processing system in a smart card application is provided, the terminal processing system has at least one terminal operating system, and a smart card, wherein a web browser is set in the terminal operating system; and the smart card is At least: an application logic unit, configured to save related data information of the smart card application in a card application container of the smart card; and a web server, configured to store a logic program of the smart card application, to access the application logic unit, where The service provided by the application in the application logic unit and the corresponding web service for the terminal application accept the request service of the terminal operating system. The terminal operating system may be a POS or ATM terminal of a financial terminal or a mobile terminal in a wireless communication system. The web service interpretation layer invokes the web service application container, and sends a corresponding HTML script file in the web service application container to the terminal operating system for logical display. And, the terminal operating system logically displays the smart card application through the web browser. According to a third aspect of the present invention, an implementation method for supporting a web application service in a terminal processing system is provided. The terminal processing system includes at least one terminal operating system and a smart card, and the implementation method includes: Setting a web browser; storing an application logic unit in a card application container of the smart card; setting a web server in the smart card; and communicating with the web server by using the web browser to implement a smart card application Web service. The web browser determines whether it is a remote request or a local request according to the received URL request, and when the URL request is a remote request, the web browser communicates with the remote web server; when the URL request is a local request, and When the port number of the local request is sent as the port number of the smart card, communication is established between the web browser and the web server of the smart card. Wherein, when the URL request is a local request, and the port number of the local request is not the port number of the smart card, the other port agent is queried. The web server includes at least a web service interpretation layer, a web service communication management layer, a web service application container, and a web service application programming interface. Further, the web service interpretation layer invokes the web service application container, and sends a corresponding HTML script file in the web service application container to a web browser of the terminal operating system for logical display. The Web application application container accesses the application logic unit through the Web service application programming interface. The smart card, the terminal processing system and the implementation method thereof of the present invention have an application logic unit migrated from the terminal operating system in the smart card, and a web server is built in the smart card, and the terminal operating system is built in the terminal operating system Web browser, so web communication can be performed between the terminal operating system and the smart card, and the terminal operating system only needs to provide logic display and input of the application interface. Output and online functions greatly enhance the scalability and portability of the entire terminal processing system, and also improve the security, openness and maintainability of the system. BRIEF DESCRIPTION OF THE DRAWINGS [0007] Various aspects of the invention will be apparent from the Detailed Description of the Drawing. 1 shows an architectural diagram of storing application data on a smart card based on the IS07816 standard directory and file mode. FIG. 2 shows a communication between a terminal operating system and a terminal smart card using a POS terminal as an example in the prior art. FIG. 3 is a schematic diagram of communication between a terminal smart card and a terminal operating system based on the HTTP protocol according to the present invention, taking a POS terminal as an example; FIG. 4 shows a web service application container accessing a smart card through a web service application programming interface. A schematic diagram of an application container; and FIG. 5 is a flow chart showing the processing of a received URL request by a web browser in a terminal operating system. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Before explaining the specific embodiments of the present invention in detail, the communication mechanism between the smart card and the terminal in the prior art will be further understood by referring to FIG. 2 again. Those skilled in the art should understand that the terminal herein may be not only a financial terminal POS, but also a mobile terminal or an ATM terminal. Taking the electronic wallet of a typical application of a smart card as an example, the entire consumption process mainly involves a user card and a POS terminal. First, the POS terminal selects the e-wallet application in the application logic unit through the terminal operating system, and then accesses and retrieves some data in the security information service of the terminal smart card through the interface of ISO7816/ISO 14443 to identify or authenticate the user card. legality. When the dedicated Application Protocol Data Unit (APDU) command is sent, the consumption of the electronic wallet is completed. In this process, the POS terminal plays a very important role, and the terminal smart card only uses its security letter. In the technology, the structure of the terminal operating system and the terminal smart card in the POS terminal is not difficult to see. All aspects of the development, deployment, operation and maintenance of the smart card application involve the terminal and the smart card. If the terminal is replaced or the smart card supplier is replaced. , must be re-adjusted or developed in some aspects of smart cards and terminals. Simply replacing the terminal, or replacing the smart card, does not allow for a complete application. In addition, the application logic unit is located in the terminal operating system in the terminal, and when the terminal is attacked, the application logic unit will be in danger. At this point, how to liberate the terminal from the "heavy" labor of the smart card application is an urgent problem for the technical personnel.

下面参照附图, 对本发明的具体实施方式作进一步的详细描述。 图 3示出了以 POS终端为例根据本发明的基于 HTTP协议的终端智能卡与 终端操作系统之间的通讯示意图。 参照图 3, 该终端操作系统 20至少包括 Web 浏览器 202,以及该终端智能卡 30至少包括安全信息服务 302、 Web服务器 304 和应用逻辑单元 306。 其中, 终端操作系统 20中的 Web浏览器 202通过 HTTP 协议或者 HOAP( HTTP Over APDU Protocol:在 APDU协议的基础上加载 HTTP 协议) 与金融智能卡 30中的 Web服务器 304进行通讯, Web服务器 304存储 智能卡应用的逻辑程序, 这些逻辑程序与应用逻辑单元 306中的应用相对应。 当 Web浏览器 202请求某个 URL时,通过 Web服务器 304来调用应用逻辑单 元 306中的相应的 Web应用, 以实现终端智能卡的应用。 本领域的普通技术人 员应当理解, 虽然图 3所示的终端操作系统 20与终端智能卡 30之间的通讯采 用的是在 APDU协议的基础上加载 HTTP协议,但是随着软件编程技术的发展, 该终端智能卡与终端操作系统之间的交互可以直接支持 HTTP 协议, 或者 TCP/IP协议, 或者 USB协议。 为了更加清晰地了解本发明, 结合图 2 和图 3, 不难看出, 现有技术中的 POS终端中, 终端操作系统含有应用逻辑单元, 而终端智能卡只含有安全信息 服务。 相比之下, 本发明的终端操作系统中, 终端操作系统具有 Web浏览器, 而终端智能卡不仅包括安全信息服务, 还包括 Web服务器和应用逻辑单元。 也 就是说, 原本处于终端操作系统的应用逻辑单元"下放"到金融智能卡, 终端操 作系统利用 Web浏览器并且基于 ISO7816/ISO14443和 HTTP协议来访问终端 智能卡, 而终端智能卡通过 Web服务器来与该 Web浏览器进行通讯, 当应用 逻辑单元通过 Web服务通讯管理层发送至终端操作系统, 在 Web浏览器上以 Web 网页的形式展示出来。 因此, 本发明采用了 Web技术后, 分别在终端操 作系统和终端智能卡中引入 Web 浏览器和 Web 服务器以实现终端智能卡的 Web应用。 与此同时, POS终端的功能大大被弱化了, 定位更加清晰, 更适合 面向服务的应用系统和应用功能。 还需要指出的是, 终端智能卡保存有应用逻 辑单元和其安全信息服务, 终端只需提供应用界面的展示、 输入输出及联机功 能等, 则终端由智能卡应用的核心部件蜕变为具有普通浏览器功能的外壳, 大 大增强了整个应用系统的扩展能力和可移植性。 图 4示出了 Web服务应用容器通过 Web服务应用编程接口来访问智能卡应 用容器的示意图。 参照图 4, 终端智能卡具有卡片的应用容器、 Web服务应用 容器、 Web服务解释层以及在卡片的应用容器与 Web服务应用容器之间的 API 接口。 更具体地, 卡片的应用容器是终端智能卡应用的存储区域, 采用传统的 实现方式, 不需要具体进行定义, 也不需要和具体厂家的产品关联, 通过相应 的应用规范的应用接口来访问即可实现, 例如社保规范、 劳动规范、 金融规范 等。 Web服务应用容器是终端操作系统利用 Web浏览器所展示的应用的存储 区, 其实质上是与卡片的应用容器中的每一个应用相对应的 Web 应用。 这些 Web应用由一个或多个 HTML脚本文件组成, Web服务解释层管理和调用这 些 Web应用, 并通过 ISO7816/ISO 14443以及 HTTP协议将被调用的 Web应用 在终端操作系统的 Web浏览器上展示出来。 此外, 利用该 Web服务的 API接 是, 该 API接口只支持单向访问操作, 即, 卡片的应用容器不能利用 API接口 来访问 Web服务应用容器。 本发明的终端智能卡中既具有卡片的应用容器, 又具有 Web服务的应用容 器。 那么如何实现 Web 服务器将卡片的应用容器中的应用在终端操作系统的 Web浏览器上进行展示呢? 一般来说, 传统的智能卡应用容器逻辑上是以文件 系统内的形式存在的,就像 FAT文件系统一样,同时提供了服务接口(如 APDU 指令) 。 由于该卡片的应用容器只需提供敏感数据的存储和密钥服务等少数数 据信息,其物理存储载体通常为 EEPROM(电可擦除只读存储器)。该 EEPROM 是一种安全性较高的存储载体, 容量为数 K字节; 但是, Web应用是实现应用 逻辑的, 含有大量的图片、 文字以及流程脚本等信息, 对安全性要求不高。 虽 然逻辑上也是以文件系统内的形式存在, 但是相对于卡片应用容器而言, 数据 量巨大, 通常需要达到 M 级字节才能满足要求, 而这么大的存储空间是 EEPROM工艺无法达到的, 目前多采用可擦写的 FLASH实现。 由此可知, 智 能卡的应用容器与 Web 服务的应用容器采用不同的存储介质而存于一个芯片 中, 它们之间的相互访问也有一定的限制。 如图 4所示, 该应用系统内参与通 讯的组分包括 Web服务通讯管理层 400, 它至少支持 ISO7816、 ISO 14443和 HTTP 协议; 智能卡的应用容器 402, 该存储区中保存有符合中国人民银行规 范的电子钱包应用、 符合中国人民银行规范的借记货应用、 快速交通应用、 社 会保障应用及其他行业应用等; Web服务器的 API接口 404; Web服务应用容 器 406, 具有对应于电子钱包应用的 HTML 脚本文件、 对应于借记货应用的 HTML脚本文件、对应于快速交通应用的 HTML脚本文件和对应于社会保障应 用的 HTML脚本文件等; 以及 Web服务解释层 408。 DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, embodiments of the present invention will be further described in detail with reference to the accompanying drawings. FIG. 3 is a schematic diagram showing the communication between the terminal smart card based on the HTTP protocol and the terminal operating system according to the present invention, taking the POS terminal as an example. Referring to FIG. 3, the terminal operating system 20 includes at least a web browser 202, and the terminal smart card 30 includes at least a security information service 302, a web server 304, and an application logic unit 306. The web browser 202 in the terminal operating system 20 communicates with the web server 304 in the financial smart card 30 through the HTTP protocol or the HOAP (HTTP Over APDU Protocol), and the web server 304 stores the smart card. Application logic programs that correspond to applications in application logic unit 306. When the web browser 202 requests a certain URL, the corresponding web application in the application logic unit 306 is invoked through the web server 304 to implement the application of the terminal smart card. It should be understood by those skilled in the art that although the communication between the terminal operating system 20 and the terminal smart card 30 shown in FIG. 3 uses the HTTP protocol based on the APDU protocol, with the development of software programming technology, The interaction between the terminal smart card and the terminal operating system can directly support the HTTP protocol, or the TCP/IP protocol, or the USB protocol. For a clearer understanding of the present invention, in conjunction with FIG. 2 and FIG. 3, it is not difficult to see that in the prior art POS terminal, the terminal operating system contains an application logic unit, and the terminal smart card only contains a security information service. In contrast, in the terminal operating system of the present invention, the terminal operating system has a web browser, and the terminal smart card includes not only a security information service but also a web server and an application logic unit. That is to say, the application logic unit originally in the terminal operating system is "decentralized" to the financial smart card, and the terminal operating system uses the Web browser to access the terminal smart card based on ISO7816/ISO14443 and the HTTP protocol, and the terminal smart card communicates with the Web through the Web server. The browser communicates, when the application logic unit sends to the terminal operating system through the web service communication management layer, on the web browser The web page is displayed in the form of a web page. Therefore, after the web technology is adopted, the web browser and the web server are respectively introduced in the terminal operating system and the terminal smart card to implement the web application of the terminal smart card. At the same time, the functions of the POS terminal have been greatly weakened, the positioning is more clear, and it is more suitable for service-oriented applications and application functions. It should also be pointed out that the terminal smart card stores the application logic unit and its security information service, and the terminal only needs to provide the application interface display, input and output, and online functions, etc., then the terminal is changed from the core component of the smart card application to having the ordinary browser function. The shell greatly enhances the scalability and portability of the entire application system. 4 shows a schematic diagram of a web service application container accessing a smart card application container through a web service application programming interface. Referring to FIG. 4, the terminal smart card has an application container of a card, a web service application container, a web service interpretation layer, and an API interface between the application container of the card and the web service application container. More specifically, the application container of the card is a storage area of the terminal smart card application, which adopts a traditional implementation manner, does not need to be specifically defined, and does not need to be associated with a specific manufacturer's product, and can be accessed through an application interface of a corresponding application specification. Realization, such as social security regulations, labor practices, financial norms, etc. The web service application container is a storage area of an application displayed by the terminal operating system using a web browser, which is substantially a web application corresponding to each application in the application container of the card. These web applications consist of one or more HTML script files. The web service interpretation layer manages and calls these web applications, and displays the called web applications on the web browser of the terminal operating system through ISO7816/ISO 14443 and HTTP protocols. . In addition, using the API of the web service, the API interface only supports one-way access operations, that is, the application container of the card cannot use the API interface to access the web service application container. The terminal smart card of the present invention has both an application container of a card and an application container of a web service. So how do you implement the Web server to display the application in the application container of the card on the web browser of the terminal operating system? In general, the traditional smart card application container is logically in the form of a file system, just like the FAT file system, and provides a service interface (such as an APDU instruction). Since the application container of the card only needs to provide a small amount of data information such as storage of sensitive data and key service, the physical storage carrier is usually an EEPROM (Electrically Erasable Read Only Memory). The EEPROM is a highly secure storage carrier with a capacity of several Kbytes. However, the Web application implements application logic and contains a large amount of information such as pictures, text, and process scripts, which are not required for security. Though Logically, it exists in the form of a file system. However, compared with the card application container, the amount of data is huge, and it is usually necessary to reach the M-level byte to meet the requirements. Such a large storage space cannot be achieved by the EEPROM process. More rewritable FLASH implementation. It can be seen that the application container of the smart card and the application container of the Web service are stored in one chip by using different storage media, and mutual access between them is also limited. As shown in FIG. 4, the components participating in the communication in the application system include a Web service communication management layer 400, which supports at least ISO7816, ISO 14443, and HTTP protocols; and an application container 402 of the smart card, which is stored in accordance with the People's Bank of China. Standardized e-wallet application, debit-keeping application conforming to the People's Bank of China regulations, fast traffic application, social security application and other industry applications; API interface 404 of Web server; Web service application container 406, corresponding to e-wallet application An HTML script file, an HTML script file corresponding to the debit application, an HTML script file corresponding to the fast traffic application, an HTML script file corresponding to the social security application, and the like; and a Web service interpretation layer 408.

以快速交通应用为例, 当应用逻辑单元中的应用所提供的服务和相对应的 用于终端应用的 Web 服务一起接受终端操作系统对于快速交通应用的这一应 用请求服务时, 由 Web浏览器请求与终端智能卡中的 Web服务器进行通讯, Web服务解释层 408接收来自 Web浏览器的 URL请求并作相应的处理。首先, Web服务应用容器 406通过 Web服务器的 API接口 404来访问位于智能卡的 应用容器 402中的快速交通应用逻辑, 来自智能卡的应用容器 402中的返回代 码被直接返回或翻译成标准的 HTML 响应代码; 然后, Web 服务解释层 408 调用 Web服务应用容器 406, 将对应于快速交通应用的 HTML脚本文件通过 IS07816/IS014443和 HTTP协议, 发送至终端操作系统中的 Web浏览器进行 i£辑展示。 图 5示出了终端操作系统中的 Web浏览器对于所接收的 URL请求进行处理 的流程示意图。 该处理方法包括: 步骤 500, 接收 URL请求。 处于终端操作系统中的 Web浏览器接收 URL 请求;  Taking the fast traffic application as an example, when the service provided by the application in the application logic unit and the corresponding web service for the terminal application are accepted by the terminal operating system for the application request service of the fast traffic application, the web browser is used by the web browser. The request communicates with the web server in the terminal smart card, and the web service interpretation layer 408 receives the URL request from the web browser and performs corresponding processing. First, the web service application container 406 accesses the fast traffic application logic located in the smart card's application container 402 via the web server's API interface 404, and the return code from the smart card's application container 402 is directly returned or translated into a standard HTML response code. Then, the Web service interpretation layer 408 calls the Web service application container 406, and sends the HTML script file corresponding to the fast traffic application to the Web browser in the terminal operating system through the IS07816/IS014443 and HTTP protocols for display. FIG. 5 is a flow chart showing the processing of a received URL request by a web browser in a terminal operating system. The processing method includes: Step 500: Receive a URL request. The web browser in the terminal operating system receives the URL request;

步骤 502,该 Web浏览器通过判断所接收的 URL的主机地址来确定该 URL 请求是远程请求还是本地请求。 如果该 URL请求是远程请求, 那么 Web浏览 器请求与远程 Web服务器进行通讯, 转至步骤 510; 步骤 504, 如果该 URL请求是本地请求, 判断发送该本地请求的端口号是 否为终端智能卡的端口号, 如果是, 则转至步骤 506; 如果不是, 则转至步骤 508; 步骤 506 , 请求与该终端智能卡进行通讯; 步骤 508, 确定发送该本地请求的端口号不是来自金融智能卡, 查询其他端 口代理程序; 以及 步骤 512 ,在 Web浏览器与 Web服务器之间建立通讯, 当 Web服务器成功 地调用终端智能卡中的应用逻辑单元后, 将与该应用逻辑单元相对应的 Web 应用在终端操作系统的 Web浏览器上进行逻辑展示。 上文中, 参照附图描述了本发明的具体实施方式。 但是, 本领域中的普通 技术人员能够理解, 在不偏离本发明的精神和范围的情况下, 还可以对本发明 的具体实施方式作各种变更和替换。 这些变更和替换都落在本发明权利要求书 所限定的范围内。 Step 502: The web browser determines whether the URL request is a remote request or a local request by determining a host address of the received URL. If the URL request is a remote request, then web browsing The device requests to communicate with the remote web server, go to step 510; Step 504, if the URL request is a local request, determine whether the port number of the local request is the port number of the terminal smart card, and if yes, go to step 506; If not, go to step 508; Step 506, request to communicate with the terminal smart card; Step 508, determine that the port number for sending the local request is not from the financial smart card, query other port agents; and Step 512, in the Web browser Establishing communication with the web server. After the web server successfully invokes the application logic unit in the terminal smart card, the web application corresponding to the application logic unit is logically displayed on the web browser of the terminal operating system. Hereinabove, the specific embodiments of the present invention have been described with reference to the drawings. However, it will be apparent to those skilled in the art that various modifications and changes can be made in the embodiments of the present invention without departing from the spirit and scope of the invention. Such changes and substitutions are intended to fall within the scope of the appended claims.

Claims

权 利 要 求 书 Claim 1.一种智能卡, 其特征在于, 在所述智能卡中至少具有: 应用逻辑单元,用于在所述智能卡的卡片应用容器中保存智能卡应用的相 关数据信息; 和 A smart card, characterized in that the smart card has at least: an application logic unit for storing related data information of a smart card application in a card application container of the smart card; Web服务器, 用于存储所述智能卡应用的逻辑程序,访问所述应用逻辑单 元, 其中, 所述应用逻辑单元中的应用所提供的服务和相对应的用于终端应用 的 Web服务一起接受终端操作系统的请求服务。 a web server, configured to store a logic program of the smart card application, to access the application logic unit, where the service provided by the application in the application logic unit and the corresponding web service for the terminal application accept the terminal operation together System request service. 2.如权利要求 1所述的智能卡, 其特征在于, 所述智能卡还包括智能卡应用 中的安全信息服务的数据信息。 The smart card according to claim 1, wherein the smart card further comprises data information of a security information service in the smart card application. 3.如权利要求 1 所述的智能卡, 其特征在于, 所述 Web服务器中至少包括 Web月 务解释层、 Web服务通讯管理层、 Web服务应用容器和 Web服务应用 编程接口。 The smart card according to claim 1, wherein the web server comprises at least a web monthly interpretation layer, a web service communication management layer, a web service application container, and a web service application programming interface. 4.如权利要求 3所述的智能卡, 其特征在于, 所述 Web服务解释层调用所述 Web月良务应用容器, 并将所述 Web服务应用容器中相应的 HTML脚本文件通 过 Web服务通讯管理层发送到所述终端操作系统进行逻辑展示。  The smart card according to claim 3, wherein the web service interpretation layer invokes the web service application container, and manages a corresponding HTML script file in the web service application container through web service communication. The layer is sent to the terminal operating system for logical presentation. 5.如权利要求 4所述的智能卡, 其特征在于, 所述 HTML脚本文件可以与所 述应用逻辑单元的智能卡应用相对应。 The smart card according to claim 4, wherein the HTML script file corresponds to a smart card application of the application logic unit. 6.如权利要求 3所述的智能卡, 其特征在于, 所述 Web服务通讯管理层支持 ISO7816/IS014443协议, 以及在 ISO7816/ISO14443上加载的 HTTP协议。 The smart card according to claim 3, wherein the web service communication management layer supports the ISO7816/IS014443 protocol and the HTTP protocol loaded on the ISO7816/ISO14443. 7.如权利要求 3所述的智能卡, 其特征在于, 所述 Web服务通讯管理层直接 支持 HTTP协议、 TCP/IP协议、 USB协议中的一种或者其组合。 The smart card according to claim 3, wherein the web service communication management layer directly supports one of a HTTP protocol, a TCP/IP protocol, a USB protocol, or a combination thereof. 8.如权利要求 3所述的智能卡, 其特征在于, 所述卡片应用容器和所述 Web 服务应用容器处于不同的逻辑存储区中。 8. The smart card of claim 3, wherein the card application container and the web service application container are in different logical storage areas. 9.如权利要求 8所述的智能卡, 其特征在于, 所述卡片应用容器的物理存储 载体通常是 EEPROM工艺制造的。 9. The smart card of claim 8, wherein the physical storage carrier of the card application container is typically fabricated by an EEPROM process. 10.如权利要求 8所述的智能卡, 其特征在于, 所述 Web服务应用容器的物 理存储载体通常是 FLASH工艺制造的。 10. The smart card of claim 8, wherein the physical storage carrier of the web service application container is typically manufactured by a FLASH process. 11.如权利要求 8所述的智能卡, 其特征在于, 所述 Web服务应用容器通过 所述 Web服务应用编程接口来单向访问所述应用逻辑单元。 The smart card according to claim 8, wherein the web service application container unidirectionally accesses the application logic unit through the web service application programming interface. 12.如权利要求 1 所述的智能卡, 其特征在于, 所述应用逻辑单元包括符合 中国人民银行规范的电子钱包应用、 符合中国人民银行规范的借记货应用、 快 速交通应用和社会保障应用及其他行业应用。 The smart card according to claim 1, wherein the application logic unit comprises an e-wallet application conforming to the regulations of the People's Bank of China, a debit-keeping application conforming to the regulations of the People's Bank of China, a rapid transit application and a social security application, and Other industry applications. 13.—种智能卡应用中的终端处理 系统, 所述终端处理系统至少具有一个终端操作系统和一个智能卡, 其特征在 于, 13. A terminal processing system in a smart card application, the terminal processing system having at least one terminal operating system and a smart card, characterized in that 所述终端操作系统设置一 Web浏览器; 以及 所述智能卡至少具有: 应用逻辑单元,用于在所述智能卡的卡片应用存储区中保存智能卡应用的 相关数据信息; 和  The terminal operating system is configured with a web browser; and the smart card has at least: an application logic unit configured to save related data information of the smart card application in a card application storage area of the smart card; and Web服务器, 用于存储所述智能卡应用的逻辑程序,访问所述应用逻辑单 的 Web服务一起接受终端操作系统的请求服务。 a web server, configured to store a logic program of the smart card application, and access a web service of the application logic sheet to receive a request service of the terminal operating system. 14.如权利要求 13所述的终端处理系统, 其特征在于, 所述终端操作系统是 金融终端的 POS、 ATM终端或者无线通信系统中的移动终端。 The terminal processing system according to claim 13, wherein the terminal operating system is a POS of a financial terminal, an ATM terminal, or a mobile terminal in a wireless communication system. 15.如权利要求 13所述的终端处理系统, 其特征在于,所述 Web服务器中至 少包括 Web服务解释层、 Web服务通讯管理层、 Web服务应用容器和 Web服 务应用编程接口。 The terminal processing system according to claim 13, wherein the web server comprises at least a web service interpretation layer, a web service communication management layer, a web service application container, and a web service application programming interface. 16.如权利要求 15所述的终端处理系统, 其特征在于,所述 Web服务解释层 调用所述 Web服务应用容器, 并将所述 Web服务应用容器中相应的 HTML脚 本文件通过所述 Web服务通讯管理层发送到所述终端操作系统进行逻辑展示。 The terminal processing system according to claim 15, wherein the web service interpretation layer calls the web service application container, and passes a corresponding HTML script file in the web service application container through the web service. The communication management layer sends the terminal operating system to perform logical display. 17.如权利要求 16所述的终端处理系统, 其特征在于, 所述终端操作系统通 过所述 Web浏览器对所述智能卡应用进行逻辑展示。 The terminal processing system according to claim 16, wherein the terminal operating system logically displays the smart card application through the web browser. 18.—种在终端处理系统中支持 Web应用服务的实现方法, 所述终端处理系 统至少包括一个终端操作系统和一个智能卡, 其特征在于, 所述终端操作系统中设置一 Web浏览器; 将应用逻辑单元存储在所述智能卡的卡片应用容器; 所述智能卡中设置一 Web服务器; 利用所述 Web浏览器和所述 Web服务器进行通讯, 以实现智能卡应用的 Web 服务。 、 18. A method for supporting a web application service in a terminal processing system, the terminal processing system comprising at least one terminal operating system and a smart card, wherein a web browser is set in the terminal operating system; The logic unit is stored in the card application container of the smart card; a web server is disposed in the smart card; and the web browser is used to communicate with the web server to implement a web service of the smart card application. , 19.如权利要求 18所述的实现方法, 其特征在于, 所述 Web浏览器根据接收 的 URL请求来判断是远程请求还是本地请求, 当该 URL请求是远程请求时, 所述 Web浏览器与远程 Web服务器进行通讯; 当该 URL请求是本地请求时, 并且发送所述本地请求的端口号为智能卡的端口号时,在 Web浏览器与所述智 能卡的 Web服务器之间建立通讯。 The implementation method according to claim 18, wherein the web browser determines whether the remote request or the local request is according to the received URL request, and when the URL request is a remote request, the web browser and the web browser The remote web server communicates; when the URL request is a local request, and the port number of the local request is the port number of the smart card, communication is established between the web browser and the web server of the smart card. 20.如权利要求 19所述的实现方法, 其特征在于, 当所述 URL请求是本地 请求, 并且发送所述本地请求的端口号不是智能卡的端口号时, 查询其他端口 代理程序。 The implementation method according to claim 19, wherein when the URL request is a local request, and the port number of the local request is not the port number of the smart card, the other port agent is queried. 21.如权利要求 18所述的实现方法, 其特征在于, 所述 Web服务器中至少含 有 Web服务解释层、 Web服务通讯管理层、 Web服务应用容器和 Web服务应用 编程接口。 The implementation method according to claim 18, wherein the web server includes at least a web service interpretation layer, a web service communication management layer, a web service application container, and a web service application programming interface. 22.如权利要求 21所述的实现方法, 其特征在于, 所述 Web服务解释层调用 所述 Web服务应用容器, 并将所述 Web服务应用容器中相应的 HTML脚本文 件发送到所述终端操作系统的 Web浏览器进行逻辑展示。 The implementation method of claim 21, wherein the web service interpretation layer invokes the web service application container, and sends a corresponding HTML script file in the web service application container to the terminal operation The system's web browser performs logical presentations. 23.如权利要求 21所述的实现方法, 其特征在于, 所述 Web服务应用容器通 过所述 Web服务应用编程接口来单向访问所述应用逻辑单元。 The implementation method according to claim 21, wherein the web service application container accesses the application logic unit in one direction through the web service application programming interface. 24.如权利要求 18所述的实现方法, 其特征在于, 所述 Web浏览器和所述 Web服务器均支持 ISO7816/ISO14443协议, 以及在 ISO7816/ISO14443上加载 的 HTTP协议。 The implementation method according to claim 18, wherein the web browser and the web server both support an ISO7816/ISO14443 protocol, and an HTTP protocol loaded on ISO7816/ISO14443. 25.如权利要求 18所述的实现方法, 其特征在于, 所述 Web浏览器和所述 Web服务器均直接支持 HTTP协议、 TCP/IP协议和 USB协议中的一种或者其 组合。 The implementation method according to claim 18, wherein the web browser and the The web server directly supports one or a combination of the HTTP protocol, the TCP/IP protocol, and the USB protocol.
PCT/CN2009/000726 2008-07-01 2009-06-30 Smart card, terminal processing for supporting web service system and realizing method thereof Ceased WO2010000131A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN200810039987.2 2008-07-01
CN200810039987A CN101621494A (en) 2008-07-01 2008-07-01 Terminal processing system and realization method for supporting Web service
CN2008100399868A CN101620758B (en) 2008-07-01 2008-07-01 A Smart Card Supporting Web Services
CN200810039986.8 2008-07-01

Publications (1)

Publication Number Publication Date
WO2010000131A1 true WO2010000131A1 (en) 2010-01-07

Family

ID=41465468

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/000726 Ceased WO2010000131A1 (en) 2008-07-01 2009-06-30 Smart card, terminal processing for supporting web service system and realizing method thereof

Country Status (1)

Country Link
WO (1) WO2010000131A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102420838A (en) * 2010-09-27 2012-04-18 上海拉扎斯信息科技有限公司 System capable of accessing sale terminal equipment through Web
CN110320879A (en) * 2019-07-23 2019-10-11 上海一芯智能科技有限公司 Smart card production line control system and method
US12020202B2 (en) 2021-12-01 2024-06-25 T-Mobile Usa, Inc. Smart container and orchestration engine configured to dynamically adapt multi-carrier transport processes

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1742462A (en) * 2003-02-21 2006-03-01 意大利电信股份公司 Method and system for managing network access devices using smart cards
CN100375478C (en) * 1999-10-28 2008-03-12 Cp8技术公司 A secure terminal with a smart card reader for communicating with a server via an internet-type network

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100375478C (en) * 1999-10-28 2008-03-12 Cp8技术公司 A secure terminal with a smart card reader for communicating with a server via an internet-type network
CN1742462A (en) * 2003-02-21 2006-03-01 意大利电信股份公司 Method and system for managing network access devices using smart cards

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102420838A (en) * 2010-09-27 2012-04-18 上海拉扎斯信息科技有限公司 System capable of accessing sale terminal equipment through Web
CN110320879A (en) * 2019-07-23 2019-10-11 上海一芯智能科技有限公司 Smart card production line control system and method
US12020202B2 (en) 2021-12-01 2024-06-25 T-Mobile Usa, Inc. Smart container and orchestration engine configured to dynamically adapt multi-carrier transport processes

Similar Documents

Publication Publication Date Title
US7191288B2 (en) Method and apparatus for providing an application on a smart card
US7374099B2 (en) Method and apparatus for processing an application identifier from a smart card
US7140549B2 (en) Method and apparatus for selecting a desired application on a smart card
US7165727B2 (en) Method and apparatus for installing an application onto a smart card
CN101965597B (en) Method and device for installing and retrieving linked MIFARE applications
CN102067184B (en) Method of accessing applications in secure mobile environment
US8942672B2 (en) Mobile integrated distribution and transaction system and method for NFC services, and a mobile electronic device thereof
CN101383017B (en) Intelligent SD card and intelligent SD card access method
AU2018200554A1 (en) Systems, methods, and computer program products for providing a contactless protocol
CN103310537B (en) A kind of many application identifications access method, smart card and POS
CN101620758B (en) A Smart Card Supporting Web Services
CN105243407A (en) Method and device for reading and writing smart card
CN106663017B (en) Method, terminal, data routing method and device for realizing host card simulation
CN100438409C (en) Intelligent card with financial-transaction message processing ability and its method
CN101957921A (en) Display method, device and system of radio frequency identification application information
WO2010000131A1 (en) Smart card, terminal processing for supporting web service system and realizing method thereof
JP7325423B2 (en) Method and Apparatus for Trusted Service Management
CN101621494A (en) Terminal processing system and realization method for supporting Web service
EP1575005B1 (en) Method and apparatus for processing an application identifier from a smart card
CN101425120B (en) Card reader and executing method thereof
CN105830084B (en) The integrated distribution of movement and transaction system and method and its mobile electronic device for NFC transaction
CN102546721B (en) Physical smart card and carry out the method for virtual smart card communication wherein
CN102567752B (en) The method for visualizing of virtual smart card
US8484237B2 (en) Terminal, web application operating method and program
CN101122940A (en) USBKEY integration method and device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09771901

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09771901

Country of ref document: EP

Kind code of ref document: A1