GP规范学习（一）

3 Card Architecture

The GlobalPlatform card architecture is comprised of a number of components that ensure hardware and vendor-neutral interfaces to Applications and
off-card management systems. The following figure shows the components in a sample card configuration which includes one or more applications from the CardIssuer; one or more applicationsfrom
one of the business partners of the Card Issuer, referred to as Application Providers; and one or moreapplications providing global services (e.g.
CVM services) to other applications

GlobalPlatform卡片架构由一系列组件构成，为卡上的应用和卡外管理系统之间提供了一套独立于硬件和厂商的接口。下面的图例展现了卡片架构的各个组件，该卡片上运行着若干来自发卡方的应用，若干来自应用提供方的应用，以及若干提供全局服务(如CVM服务)给其他应用的应用。

All applications shall be implemented in a secure runtime environment that includes a hardware-neutral
Application Programming Interface (API) to support application portability. GlobalPlatform does not mandate a specific runtime environment technology.The Card Manager is the primary GlobalPlatform card
component that acts as thecentral administrator for a GlobalPlatform card. Special key and security management applications called Security Domains are created to ensure complete separation of keys between
the Card Issuer and multiple other Security Domain providers.

所有这些应用必须在一个安全的运行时环境中实现，该运行时环境提供了一套硬件中立的应用编程接口以支持应用的可移植性。 GlobalPlatform并不强制规定运行时环境的实现技术。卡片管理器作为GlobalPlatform架构中的首要组件起到了
GlobalPlatform卡片中心管理者的作用，特定的密钥和安全管理应用被称作安全域，负责确保发卡方和其他安全域提供者之间的密钥的完全隔离。

3.1 Security Domains

Security Domains act as the on-card representatives of off-card authorities. There are three
main types of

Security Domain, reflecting the three types of off-card authority recognized by a card:

•
The Issuer Security Domain is the primary, mandatory on-card representative of the Card Administrator, typically the Card Issuer;

• Supplementary Security Domains are additional, optional on-card representatives of Application Providers or the Card Issuer; or their agents (e.g. service bureaus);

•
Controlling Authority Security Domains are a special type of Supplementary Security Domain.A Controlling Authority may exist whose role is to enforce the security policy on all application code loaded to the card. If
so, the Controlling Authority also uses this type of Security Domain as its on-card representative. There may be more than one such Security Domain.

作为卡外授权机构的卡片内代表的安全域，依据现有的三种授权机构，可以划分为三种主流类型：

发卡方安全域（主安全域，ISD），卡片上首要的、强制性存在的安全域，是卡片管理者(通常是发卡方)在卡片内的代表；

补充安全域（辅助安全域，SSD），卡片上次要的、可选择地存在的安全域，是应用提供方或发卡方以及它们的代理方在卡片内的代表；

授权管理者安全域，一种特殊类型的补充安全域，授权管理者负责将某种安全策略贯彻到所有加载到卡片的应用代码上，授权管理者安全域就是授权管理者在卡片内的代表，卡片上可能存在多个这样的安全域。

In the main, all three types are referred to simply as Security Domains in this Specification;

Security Domains support security services such as key handling, encryption, decryption, digital signature generation and verification for their providers' (Card Issuer, Application Provider or Controlling Authority)applications.

Each Security Domain is established on behalf of a Card Issuer, an Application Provider or a Controlling Authority when these off-card entities require the use of keys that are completely isolated from each other.

总而言之，以上三种安全域在本规范中，统称安全域。
安全域负责提供各类安全服务，包括密钥管理、加密解密、针对其提供者(发卡方、应用提供方、授权管理者)的应用进行数字签名的生成与验证。
当发卡方、应用提供方、授权管理者等卡外实体要将用到的密钥从其他实体区隔开来时，就可以通过新的安全域来代理它们实现这个需求。

3.2 Global Services Applications

One or more Global Services Applications may be present on the card to provide services to other

Applications on the card. Examples of such services are Cardholder Verification Method services.

3.2 全局服务应用

卡片上存在一个或者多个全局应用服务，负责向其他应用提供诸如持卡方验证方法之类的服务。

3.3 Runtime Environment

The GlobalPlatform is intended to run on top of any secure, multi-application card runtime environment. This runtime environment is responsible for providing a hardware-neutral API for applications as well as a secure storage
and execution space for applications to ensure that each application's code and data can remain separate and secure from other applications on the card. The card's runtime environment is also responsible for providing communication services between the card
and off-card entities. Cards should comply with appropriate standards: ISO/IEC 7816-3, ISO/IEC 7816-4, ISO/IEC 14443-3 and ISO/IEC 14443-4 in terms of announcing options supported in the ATR/ATQ such as the communications protocol, logical channels and command
chaining.

3.3 运行时环境

GlobalPlatform架构意图运行在一个安全的多应用运行时环境之上。该运行时环境负责向所有应用提供一套硬件中立应用编程接口，一种能确保各个应用的代码和数据能相互区隔的、安全的存储和执行空间分配机制，并提供服务来完成卡片和卡外实体之间的通信。考虑到处理复位应答或请求应答时对通信协议、逻辑通道以及命令序列等方面的支持的差别，
GlobalPlatform卡片应该尊循恰当的标准，包括ISO/IEC 7816-3, ISO/IEC 7816-4, ISO/IEC 14443-3 and ISO/IEC 14443-4。

3.4 Trusted Framework

GlobalPlatform cards may contain one or more Trusted Frameworks, which provide inter-application communication services between Applications. Trusted Frameworks are not Applications or Security Domains, but have a special status
in that they are part of or extensions of the card's run-time environment. They should be assessed for security similarly to the runtime environment’s security assessment. See appendix G - Trusted Framework Inter-Application Communication for further details.

3.4 可信任框架

GlobalPlatform卡包含一个或多个负责提供应用间通信服务的可信任框架。可信任框架既不是应用也不是安全域，但作为运行时环境的组成部分或扩展部分，却具有特殊的地位，对它的安全评估要求应该与对运行时环境的安全评估要求类似。详情请参见附录G：可信任框架的应用间通信

3.5 GlobalPlatform Environment (OPEN)

The main responsibilities of the GlobalPlatform Environment (OPEN) are to provide an API to applications, command dispatch, Application selection, (optional) logical channel management, and Card Content management. These functions
shall be implemented by the OPEN if the runtime environment does not provide them, or if they are provided by the runtime environment in a way that is not compliant with this Specification.

　GlobalPlatform环境又简称OPEN，其主要功能包括：向应用提供API，命令分发，应用选择，逻辑通道管理以及卡片内容管理。当运行时环境没能实现或者没能以符合本规范的方式实现这些功能时，则OPEN必须完成这些实现。

The OPEN performs the
application code loading and related Card Content management and
memory management. The OPEN also manages the installation of applications loaded to the card. The OPEN is responsible for enforcing security principles defined for Card Content management.

OPEN负责应用代码的加载和相关卡片内容管理和内存管理，并负责将加载的应用安装到卡片上。在此期间，还负责根据卡片内容管理的要求，执行预先定义好的安全准则。

Another important function provided by the OPEN is APDU command dispatching and Application selection. When a SELECT command is successfully processed, the OPEN sets the Application referenced in the SELECT command to be the
selected Application and subsequent Application commands shall be dispatched to the selected Application.

OPEN的另一个重要功能包是APDU命令的转发和应用选择。当OPEN成功处理了SELECT 命令后，命令中指定的应用会被标识为已选择应用，接下来的APDU命令必须都转发给这个已选择应用。

The availability of logical channels introduces an additional dimension to the card’s architecture as multiple Applications may be selected concurrently. The OPEN shall rely on the runtime environment to control whether and when
an individual Application can be selected concurrently with itself or another Application.

逻辑通道的可用性为卡片架构带来了一个附加的维度，使得多个应用能被同时选择。OPEN必须借助运行时环境来控制是否或者何时一个应用能够被并行选择，或者和其他应用同时被选择。

When supporting logical channels, the OPEN shall allow for Applications that
have no notion of logical channels as well as those that are multi-selectable. Support of logical channels is optional. Cards may support one or more (up to 19 according to ISO/IEC 7816-4) Supplementary Logical Channels.

如果支持逻辑通道，OPEN必须能同时支持没有逻辑通道概念的应用和能够被并行选择的应用。对逻辑通道的支持是可选的，卡片可以支持一个或多个(根据ISO/IEC 7816-4的规定可以多达19个)补充逻辑通道。

The OPEN owns and uses an internal GlobalPlatform Registry
as an information resource for Card Content management. The GlobalPlatform Registry contains information for
managing the card, Executable Load Files,
Applications, Security Domain associations, and
privileges.

OPEN拥有一个内部的全局平台注册表，并利用它作为信息资源来进行卡片内容管理。全局平台注册表包含了管理卡片、可执行加载文件、应用、安全域关联以及权限所需要的信息。

3.6 GlobalPlatform API

The GlobalPlatform API provides services to
Applications (e.g. Cardholder verification, personalization, or security services). It also provides
Card Content management services (e.g.
card locking or Application Life Cycle State update) to Applications.

For the specification of the Application Programming Interface (API) on a Java Card™, see appendix A.1.

For the specification of the Application Programming Interface (API) on a MULTOS™ card, see appendix

A.2.

GlobalPlatform API向应用提供各种服务，比如持卡方验证服务、个人化服务、安全服务等。此外还提供了卡片内容管理服务，如卡片锁定或应用生命周期状态更新服务。针对Java
Card™平台的API规范, 参见附录A.1，针对MULTOS™平台的API规范, 参见附录A. 2。

3.7 Card Content

3.7
卡片内容

All Card Content, as defined in this specification, is first available on the card in the form of an
Executable Load File. An Executable Load File can either exist in:

• Immutable Persistent Memory in which case it is loaded during the manufacturing stage and

cannot be altered (except being disabled); or

• Mutable Persistent Memory in which case it can be loaded, or removed during Pre-Issuance or

Post-Issuance.

本规范定义所有的卡片内容，首先是以可执行加载文件的形式存在的，且具备下面两种方式之一：

只读内存，驻留在这里的内容是在卡片制造阶段加载的，除了禁止化操作外，不能对其做任何修改；

　　可变内存，驻留在这里的内容是在发卡前或发卡后阶段加载或删除的。

Each Executable Load File may contain one or multiple Executable Modules, being application code. The installation of an Application creates an instance from an Executable Module plus possibly Application data within Mutable
Persistent Memory. Any Application instance and its related data can be removed.

每个可执行加载文件含有一个或多个可执行模块，或者说应用代码。安装应用时，会在可变内存中生成一个实例，包含可执行模块甚至可能还有应用数据。所有的应用实例及其相关数据都可以删除。

A GlobalPlatform card is intended to support multiple Executable Load Files and multiple ExecutableModules and as such multiple Applications may co-exist on a GlobalPlatform card. Note that the foregoing description assumes that
Executable Modules will be present in the Executable Load File: however, their presence is optional and depends on the requirements of the Runtime Environment.

一张GlobalPlatform卡设计为可以支持多个可执行加载文件、多个可执行模块乃至多个应用共处一卡。需要注意的是，前面的描述基于可执行模块存在可执行加载文件之中的假设，但这个假设是可选的，且依赖于运行时环境的要求。

Figure 3-2 represents the relationship between an Executable Load File, an Executable Module (in the case where Executable Modules are present) and an Application.

图片3-2 描绘了可执行加载文件、可执行模块(如果存在的话)和应用之间的关系。



3.8 Card Manager

The Card Manager, as the central administrator of the card, assumes multiple responsibilities.

The Card Manager can be viewed as three entities:

• The GlobalPlatform Environment (OPEN);

• The Issuer Security Domain; and

• Cardholder Verification Method Services.

3.8
卡片管理器

　　卡片管理器作为卡片的管理枢纽，被规划为具备多重职责，可以将其视作以下三个实体：

　　GlobalPlatform环境(OPEN)

　　发卡方安全域

持卡方验证服务