View All Documents & Correspondence
“Method And Apparatus For Installing Patches In A Portable Data Carrier”
Abstract: The present invention provides a patching method for implementation in a portable data carrier wherein the patch after serving the purpose of modifying existing program contained in the non-erasable memory gets deleted, wherein the said deletion is either prior to a predetermined state or upon satisfying of a predetermined condition. The present invention also provides a portable data carrier implementing the said patching method.
Notices, Deadlines & Correspondence
Patent Information
Applicants
GIESECKE & DEVRIENT INDIA PVT. LTD.
Inventors
1. MANTRI Deepen
2. GUPTA Sumit
Specification
Field of the Invention:
The present invention generally relates to the technical field of installing patches in a portable data carrier.
Background of the Invention:
In a typical native portable data carrier, original program code (containing an operating system and various applications) particularly resides in non-reprogrammable and non-volatile memory (ROM). Program Code which per se should not be modified and/or stored permanently into the portable data carrier is usually resided in the ROM. Therefore during the portable data carrier manufacturing once the ROM image is masked and product is shipped, future modifications to such a code are not possible. Even if the original program codes are prepared with great care, occurrence of error cannot be ruled out completely.
Any kind of software bug occurring in the field which can render the portable data carrier useless, no doubt will result in a great loss vis-à-vis cost and reputation to its vendor and issuer. Ingeniously, for such a code, portable data carrier manufacturers and vendors provide the facility of code correction with the help of special patching mechanism. A patch code, which acts as a replacement of an erroneous ROM code, is loaded into a re-programmable non-volatile memory (EEPROM) which is usually available in the portable data carrier.
The idea of providing a patch (alternatively referred to as patching) is, when execution reaches the erroneous code in ROM, the flow automatically gets transferred to the rectified code in the EEPROM patch area. After execution of this patch code, flow is again re-directed back to the ROM code from where the normal execution continues. In this way the patch code in EEPROM is able to skip or override the functionality of incorrect portion of the ROM code.
It may be noted that presence of patch code modifies the original EEPROM memory organization, particularly resulting in the reduction of EEPROM area which is used for storing the application specific data in the form of portable data carrier file system.
Taking a smart card product as an example of the portable data carrier, since, the smart card products are used for payment related aspects, for ensuring interoperability and compliance to the payment specifications, the payment system operators have defined a stringent, exhaustive, time consuming and costly certification process known as Type Approval for the smart card products. Once the smart card product gets Type Approved, no later changes whatsoever are allowed in the certified smart card product. Thus, ideally speaking any lacuna in the smart card software must be detected and rectified by adopting the patching method prior to its Type Approval.
Let us take and evaluate one unfortunate scenario in which a show-stopper bug occurs in the portable data carrier software after completion of the Type Approval process. The problem is found to be lying in the OS initialization code and occurs only during a particular life cycle stage of the portable data carrier for example, initialization. In other words, there is absolutely no chance that the problem can occur in subsequent stages for example, during pre-personalization or personalization or field mode.
It has been found that simply writing a persistent patch code in EEPROM that fixes the problem of the aforesaid type (by adopting any of the existing patching methods) is not an ideal solution for the reason that providing a patch code changes the card (EEPROM) image. Thus, if a patch code is provided subsequent to a Type Approval process, it becomes necessary to perform once again the Type Approval process before sending the patched products into the market. This results in months of delay and tens of thousands of dollars. Of course, performing the Type Approval process once again is highly undesirable from the card vendor’s and issuer’s perspective. On the contrary, the same is unavoidable due to security requirements of the payment schemes.
Thus some solution is desirable through which the aforesaid type of problem be solved without requiring the need for Type Approval.
Glossary of Terms:
There follows a glossary of terms, some of which are conventional and others have been coined:
Non-volatile rewritable memory: In the specification, the term has been used to mean a non-volatile rewriteable memory supporting reading and writing operations such as an Electrically Erasable Programmable Read Only Memory (EEPROM) or Erasable Programmable Read Only Memory (EPROM) or FLASH Memory.
Patch: According to a common parlance, a “patch” refers to at least a piece of program code which does not represent a self-contained system or application program, but which serves the purpose of modifying an existing program, in particular for error correction or functional extension. A patch is designed to fix program code problems, also called software bugs, or to update program code or to update supporting data. Patches exist in different patch types, wherein a first program code type is mainly patched by binary executables instead of concrete program source code. Alternatively, the patches are in form of program code modifications in higher programming languages, wherein the patches consist of textual differences between two program code files. A patch in the sense of this application is not limited to any kind of type or program code size. It is possible that bulky patches are used with a significantly change of program code or it can be used as a small piece of fixing program code.
Portable Data Carrier: A portable data carrier is preferably a data carrier with appropriate safety features. The portable data carrier can be a hardware component, such as smart card, USB-token, chip card, a mass memory card, a multimedia card, a subscriber identification module in a mobile radio network and/or an electronic identification document, such as an electronic identity card, a passport with a machine readable chip or secure elements. The portable data carrier can be hardware or software component, such as a trusted execution technology (TXT) or a trusted execution environment (TEE) wherein a ROM code needs to be patched. A TXT is a hardware extension to microprocessors or chipsets which are intended to provide computer users or systems a higher level of trust and control over their computing devices, also known as trusted platform modules TPM. On the other hand a TEE is a standardized software platform for mobile devices in which a secure area residing the main processor of the mobile devices guarantees that sensitive data is stored, processed and protected. It enables the offering of safe execution of authorized software, known as trusted applications (or TRUSTLET®) and therefore enables to enforce protection, confidentiality, integrity and access rights of data, which belong to these TRUSTLETS®. In particular, the term portable data carrier relates to a smart card with a microchip, such as a credit or debit payment card, a health card, an access authorization card, an identification card and/or an electronic vehicle registration card.
RAM: In the specification, the term has been used to mean a volatile rewriteable working memory such as a Random Access Memory.
ROM: In the specification, the term has been used to mean a non-erasable memory supporting read-only operation such as a Read-only-Memory including program code which can not be modified in the ROM. ROM refers to mask-ROM which is fabricated with the desired data which should to be stored permanently; such desired data can be security data such as secrets e.g. passwords, personal identification numbers (PIN), private keys personal data, or program code which the designer of the program code does not want to be changed, e.g. critical cryptographic algorithm, signature algorithm, access right algorithm or the operating system itself.
Secure element: A secure element might be designed as a hardware component or a software component. Designed as a hardware component, the secure element might be arranged as a fixed integrated component in a terminal such as mobile devices. Therein it can be removed from the terminal, such as a chip card or it can be arranged un-removable, for example, as M2M module, co-processor and trusted base. Alternatively, the security element is designed as a software component in the form of a trusted platform module e.g. as a trusted part of the operating system kernel of the mobile terminal or as a security software.
Summary of the Invention:
Accordingly, the present invention provides a portable data carrier comprising:
a microprocessor; and
memory comprising non-erasable memory supporting read-only operation (ROM), non-volatile rewriteable memory supporting reading and writing operations (EEPROM) and volatile rewriteable working memory (RAM),
wherein the said non-volatile rewriteable memory comprises at least one self deleting patch which serves the purpose of modifying an existing program contained in the non-erasable memory and gets deleted prior to a predetermined state or upon satisfying of a predetermined condition, the said modifying including error correction or functional extension.
In an embodiment of the present invention, the said non-volatile rewriteable memory comprises a first storage location and a second storage location, the said first storage location comprising an address of said second storage location and the said second storage location comprising the said at least one self deleting patch.
In another embodiment of the present invention, the said non-erasable memory comprises at least one code storage area and at least one address storage area, the said at least one address storage area storing address of the said first storage location of the non-volatile rewritable memory.
In yet another embodiment of the present invention, the said at least one code storage area of the non-erasable memory stores at least an operating system and an application software, the said operating system and application software supporting implementation of at least one code patching technique.
In still another embodiment of the present invention, the self deleting patch comprises:
a. a first functional block containing modifying code executable whenever modification is intended;
b. a second functional block for calculating and updating a return address where execution control must be transferred after executing the modifying code; and
c. a third functional block for adjusting the non-volatile rewritable memory and erasing the memory occupied by the self deleting patch.
In a further embodiment of the present invention, the third functional block makes memory code and data organisation of the non-volatile rewriteable exactly identical to the one which would have been in absence of the self-deleting patch currently under consideration.
In a furthermore embodiment of the present invention, the return address is an address to which operation of the microprocessor is transferred after executing the modifying code, this return address can vary and point to either of the memories (non-erasable or non-volatile rewriteable memory) as per the situation (patch code) at hand and can also vary according to the patching technique implemented in the portable data carrier.
In another embodiment of the present invention, the predetermined state is one of the life cycle states of the portable data carrier which it undergoes after successful loading/installation of the self-deleting patch code, typically, the states being initialization, pre-personalization and personalization.
In yet another embodiment of the present invention, the predetermined condition is a logical condition being fulfilled during or after execution of a particular command within a course of a life cycle state of the portable data carrier.
According to another aspect of the present invention, there is provided a portable data carrier comprising:
a microprocessor; and
memory comprising non-erasable memory supporting read-only operation (ROM), non-volatile rewriteable memory supporting reading and writing operations (EEPROM) and volatile rewriteable working memory (RAM),
the said non-volatile rewriteable memory comprising a first storage location and a second storage location, the said first storage location comprising an address of said second storage location and the said second storage location comprising at least one self deleting patch which serves the purpose of modifying an existing program contained in the non-erasable memory and gets deleted prior to a predetermined state or upon satisfying of a predetermined condition, the said modifying including error correction or functional extension; and
the said non-erasable memory comprises at least one code storage area and at least one address storage area, the said at least one address storage area stores address of the first storage location of the erasable memory.
In an embodiment of the present invention, the said at least one code storage area of the non-erasable memory stores at least an operating system and an application software, the said operating system and application software supporting implementation of at least one code patching technique.
In another embodiment of the present invention, the self deleting patch comprises:
a. a first functional block containing modifying code executable whenever modification is intended;
b. a second functional block for calculating and updating a return address where execution control must be transferred after executing the modifying code; and
c. a third functional block for adjusting the non-volatile rewritable memory and erasing the memory occupied by the self deleting patch.
In yet another embodiment of the present invention, the third functional block makes memory code and data organisation of the non-volatile rewriteable exactly identical to the one which would have been in absence of the self-deleting patch currently under consideration.
In still another embodiment of the present invention, the return address is an address to which operation of the microprocessor is transferred after executing the modifying code, this return address can vary and point to either of the memories (non-erasable or non-volatile rewriteable memory) as per the situation (patch code) at hand and can also vary according to the patching technique implemented in the portable data carrier.
In a further embodiment of the present invention, the predetermined state is one of the life cycle states of the portable data carrier which it undergoes after successful loading/installation of the self-deleting patch code, typically, the states being initialization, pre-personalization and personalization.
In a furthermore embodiment of the present invention, the predetermined condition is a logical condition being fulfilled during or after execution of a particular command within a course of a life cycle state of the portable data carrier.
According to another aspect of the present invention, a portable data carrier comprising:
a microprocessor; and
memory comprising non-erasable memory supporting read-only operation (ROM), non-volatile rewriteable memory supporting reading and writing operations (EEPROM) and volatile rewriteable working memory (RAM),
the said non-volatile rewriteable comprises a first to a third storage locations, said first storage location comprises beginning address(es) of said non-erasable memory storing thereupon program needing modification, said second storage location comprises address of a third storage location, said third storage location comprising one or more self deleting patch which serves the purpose of modifying the existing program contained in the non-erasable memory and gets deleted prior to a predetermined state or upon satisfying of a predetermined condition, the said modifying including error correction or functional extension.
In an embodiment of the present invention, the said non-erasable memory comprises at least one code storage area storing at least an operating system and an application software, the said operating system and application software supporting implementation of at least one code patching technique.
In another embodiment of the present invention, the self deleting patch comprises:
a. a first functional block containing modifying code executable whenever modification is intended;
b. a second functional block for calculating and updating a return address where execution control must be transferred after executing the modifying code; and
c. a third functional block for adjusting the non-volatile rewritable memory and erasing the memory occupied by the self deleting patch.
In yet another embodiment of the present invention, the third functional block makes memory code and data organisation of the non-volatile rewriteable exactly identical to the one which would have been in absence of the self-deleting patch currently under consideration.
In still another embodiment of the present invention, the return address is an address to which operation of the microprocessor is transferred after execution of modifying code, the return address can vary and point to either of the memories (non-erasable or non-volatile rewriteable memory) as per the situation (patch code) at hand and can also vary according to the patching technique implemented in the portable data carrier.
In a further embodiment of the present invention, the predetermined state is one of the life cycle states of the portable data carrier which it undergoes after successful loading/installation of the self-deleting patch code, typically, the states being initialization, pre-personalization and personalization.
In a furthermore embodiment of the present invention, the predetermined condition is a logical condition being fulfilled during or after execution of a particular command within a course of a life cycle state of the portable data carrier.
According to further aspect of the present invention, there is provided a method for storing a self deleting patch on a portable data carrier, said method comprising storing one or more self deleting patch(es) in a non-volatile rewriteable memory at a location outside of an existing program wherein the said one or more self deleting patch(es) serves the purpose of modifying existing program contained in the non-erasable memory and gets deleted prior to a predetermined state or upon satisfying of a predetermined condition, the said modification including error correction or functional extension.
In an embodiment of the present invention, the self deleting patch corresponds to portions of the program needing modification.
In another embodiment of the present invention, the method for storing further comprises storing in the non-erasable memory the address of the non-volatile rewritable memory to which operation of the microprocessor must be transferred upon encountering the program needing modification.
In yet another embodiment of the present invention, the method for storing further comprises storing the address of the corresponding self deleting patch at the location to which operation of the microprocessor is thus transferred.
In still another embodiment of the present invention, the method for storing further comprises storing in the non-volatile rewritable memory the beginning address of the non-erasable memory storing thereupon program needing modification.
In a further embodiment of the present invention, the beginning address is stored at a first storage location of the non-volatile rewritable memory.
In a furthermore embodiment of the present invention, the method for storing further comprises storing on the non-volatile rewritable memory the address of the corresponding self deleting patch.
According to another aspect, the present invention provides a method of patching a program stored in non-erasable memory of a portable data carrier, said method comprising the steps of:
(a) executing a modifying code forming part of a patch thus contained on non-volatile rewriteable memory, said patch serving the purpose of modifying an existing program contained in the non-erasable memory, the said modifying including error correction or functional extension; and
(b) executing an erase function that deletes the patch thus executed in step (a), if a predetermined condition is satisfied or a predetermined state has been reached.
In an embodiment of the present invention, the method of patching further comprises determining whether the program contained in the non-erasable memory needs error correction or functional extension.
In another embodiment of the present invention, if it is determined that the program contained in the non-erasable memory needs an error correction or functional extension, modifying code forming part of a corresponding patch thus contained on the non-volatile rewriteable memory is executed.
In still another embodiment of the present invention, the modifying code is executed if it is determined that the program contained in the non-erasable memory needs error correction or functional extension, the method of patching further comprises obtaining an address of the corresponding patch thus contained on the non-volatile rewriteable memory.
In yet another embodiment of the present invention, the step of obtaining the address of the corresponding patch comprises obtaining an address of a first storage location from an address storage area contained on the non-erasable memory, the first storage location being contained on the non-volatile rewriteable memory; and obtaining an address of a second storage location from the first storage location, the second storage location storing thereupon the corresponding patch and being contained on the non-volatile rewriteable memory.
In a further embodiment of the present invention
the method of patching further comprises adjusting the non volatile rewritable memory if the erase function is being executed.
In a further embodiment of the present invention, the method patching further comprises calculating and updating a return address if the modifying code is executed and the erase function is not executed.
In a furthermore embodiment of the present invention, the step of adjusting makes a memory code and data organisation of the non-volatile rewritable memory exactly identical to the one which would have been in absence of the self-deleting patch currently under consideration.
In an embodiment of the present invention, the return address is an address to which operation of the microprocessor is transferred after executing the modifying code, the return address can vary and point to either of the memories (non-erasable or non-volatile rewriteable memory) as per the situation (patch code) at hand and can also vary according to the patching technique implemented in the portable data carrier.
In another embodiment of the present invention, the step of executing an erase function comprises erasing the memory occupied by the entire patch under consideration if the predetermined condition is satisfied or the predetermined state has been attained.
In yet another embodiment of the present invention, the step of executing the erase function leaves no residual data or code bytes of the patch under consideration in the non-volatile rewritable memory.
In still another embodiment of the present invention, the step of executing the erase function includes releasing the space thus occupied by the patch under consideration on the non-volatile rewritable memory for re-utilization.
In a further embodiment of the present invention, the step of executing the erase function includes invoking an erase function as provided by an operating system stored on the non-erasable memory.
In a further more embodiment of the present invention, the predetermined state is one of the life cycle states of the portable data carrier which it undergoes after successful loading/installation of the self-deleting patch code, typically, the states being initialization, pre-personalization and personalization.
In another embodiment of the present invention, the predetermined condition is a logical condition being fulfilled during or after execution of a particular command within a course of a life cycle state of the portable data carrier.
According to another aspect, the present invention provides a method of patching an existing program stored in non-erasable memory of a portable data carrier, said method comprising the steps of:
(a) obtaining address of a first storage location contained on non-volatile rewriteable memory if the existing program contained in the non-erasable memory needs modification;
(b) retrieving from the first storage location an address of a second storage location contained on the non-volatile rewriteable memory;
(c) executing a modifying code forming part of a patch thus contained at the second storage location on the non-volatile rewriteable memory, said patch serving the purpose of modifying the existing program contained in the non-erasable memory, the modifying including error correction or functional extension;
(d) executing an erase function that deletes the patch thus executed in step (c), if a predetermined condition is satisfied or a predetermined state has been reached; and
(e) executing remaining portion of the existing program thus contained on the non-erasable memory.
In an embodiment of the present invention, if it is determined that the program contained in the non-erasable memory needs an error correction or functional extension, modifying code forming part of a corresponding patch thus contained on the non-volatile rewriteable memory is executed.
In another embodiment of the present invention,
the method of patching further comprises adjusting the non volatile rewritable memory if the erase function is being executed.
In a further embodiment of the present invention, the method patching further comprises calculating and updating a return address if the modifying code is executed and the erase function is not executed.
In yet another embodiment of the present invention, the step of adjusting makes a memory code and data organisation of the non-volatile rewritable memory exactly identical to the one which would have been in absence of the self-deleting patch currently under consideration.
In still another embodiment of the present invention, the return address is an address to which operation of the microprocessor is transferred after executing modifying code, the return address can vary and point to either of the memories (non-erasable or non-volatile rewriteable memory) as per the situation (patch code) at hand and can also vary according to the patching technique implemented in the portable data carrier.
In a further embodiment of the present invention, the step of executing an erase function comprises erasing the memory occupied by the entire patch under consideration if the predetermined condition is satisfied or the predetermined state has been attained.
In a furthermore embodiment of the present invention, the step of executing the erase function leaves no residual data or code bytes of the patch under consideration in the non-volatile rewritable memory.
In another embodiment of the present invention, the step of executing the erase function includes releasing the space thus occupied by the patch under consideration on the non-volatile rewritable memory for re-utilization.
In yet another embodiment of the present invention, the step of executing the erase function includes invoking an erase function as provided by an operating system stored on the non-erasable memory.
In still another embodiment of the present invention, the predetermined state is one of the life cycle states of the portable data carrier which it undergoes after successful loading/installation of the self-deleting patch code, typically, the states being initialization, pre-personalization and personalization.
In a further embodiment of the present invention, the predetermined condition is a logical condition being fulfilled during or after execution of a particular command within a course of a life cycle state of the portable data carrier.
According to another aspect, the present invention provides a computing device that supports patching, comprising a microprocessor and memory comprising non-erasable memory supporting read-only operation (ROM), non-volatile rewriteable memory supporting reading and writing operations (EEPROM) and volatile rewriteable working memory (RAM), wherein said non-volatile rewriteable memory comprises at least one self deleting patch which serves the purpose of modifying an existing program contained in the non-erasable memory and gets deleted prior to a predetermined state or upon satisfying of a predetermined condition, the said modifying including error correction or functional extension.
In an embodiment of the present invention, the said non-erasable memory comprises at least one code storage area and at least one address storage area, the said at least one address storage area transfers operation of the microprocessor to the non-volatile rewritable memory.
In another embodiment of the present invention, the said non-volatile rewriteable memory comprises a first storage location and a second storage location, the said first storage location comprising an address of said second storage location and the said second storage location comprising the said at least one self deleting patch.
In yet another embodiment of the present invention, the address storage area contained on the non-erasable memory stores address of the first storage location on the said non-volatile rewriteable memory, wherein the first storage location stores address of a corresponding self deleting patch.
In still another embodiment of the present invention, the said at least one code storage area of the non-erasable memory stores at least an operating system and an application software, the said operating system and application software supporting implementation of at least one code patching technique.
In a further embodiment of the present invention, the self deleting patch comprises:
a. a first functional block containing modifying code executable whenever modification is intended;
b. a second functional block for calculating and updating a return address where execution control must be transferred after executing the modifying code; and
c. a third functional block for adjusting the non-volatile rewritable memory and erasing the memory occupied by the self deleting patch.
In a furthermore embodiment of the present invention, the third functional block makes the non-volatile rewriteable memory code and data organisation exactly identical to the one which would have been in absence of the self-deleting patch currently under consideration.
In an embodiment of the present invention, the return address is an address to which operation of the microprocessor is transferred after executing the modifying code, the return address can vary and point to either of the memories (non-erasable or non-volatile rewriteable memory) as per the situation (patch code) at hand and can also vary according to the patching technique implemented in the portable data carrier.
In another embodiment of the present invention, the predetermined state is one of the life cycle states of the portable data carrier which it undergoes after successful loading/installation of the self-deleting patch code, typically, the states being initialization, pre-personalization and personalization.
In yet another embodiment of the present invention, the predetermined condition is a logical condition being fulfilled during or after execution of a particular command within a course of a life cycle state of the portable data carrier.
According to yet another aspect of the present invention, there is provided a method for storing a self deleting patch on a computing device, said method comprising storing one or more self deleting patch(es) in a non-volatile rewriteable memory that supports reading and writing operations at a location outside of an existing program, wherein the said one or more self deleting patch(es) serve the purpose of modifying an existing program contained in said non-erasable memory and gets deleted prior to a predetermined state or upon satisfying a predetermined condition, said modifying including error correction or functional extension.
In an embodiment of the present invention, the self deleting patch corresponds to portions of the program needing modification.
In another embodiment of the present invention, the method for storing further comprises storing in the non-erasable memory the address of the non-volatile rewritable memory to which operation of the microprocessor must be transferred upon encountering the program needing modification.
In yet another embodiment of the present invention, the method for storing further comprises storing the address of the corresponding self deleting patch at the location to which operation of the microprocessor is thus transferred.
In still another embodiment of the present invention, the method for storing further comprises storing in the non-volatile rewritable memory the beginning address of the non-erasable memory storing thereupon program needing modification.
In a further embodiment of the present invention, the beginning address is stored at a first storage location of the non-volatile rewritable memory.
In a furthermore another embodiment of the present invention, the method for storing further comprises storing on the non-volatile rewritable memory the address of the corresponding self deleting patch.
According to still another aspect, the present invention provides a method of patching an existing program stored in a non-erasable memory that supports only reading operation of a computing device, said method comprising the steps of (a) executing a modifying code forming part of a patch thus contained on non-volatile rewriteable memory, said patch serving the purpose of modifying an existing program contained in the non-erasable memory, the said modifying including error correction or functional extension and (b) executing an erase function that deletes the patch thus executed in step (a), if a predetermined condition is satisfied or a predetermined state has been reached.
In an another embodiment of the present invention, the method of patching further comprises determining whether the program contained in the non-erasable memory needs error correction or functional extension.
In another embodiment of the present invention, if it is determined that the program contained in the non-erasable memory needs an error correction or functional extension, modifying code forming part of a corresponding patch thus contained on the non-volatile rewriteable memory is executed.
In yet another embodiment of the present invention, the modifying code is executed if it is determined that the program contained in the non-erasable memory needs error correction or functional extension, the method further comprises obtaining an address of the corresponding patch thus contained on the non-volatile rewriteable memory.
In still another embodiment of the present invention, the step of obtaining the address of the corresponding patch comprises obtaining an address of a first storage location from an address storage area contained on the non-erasable memory, the first storage location being contained on the non-volatile rewriteable memory; and obtaining an address of a second storage location from the first storage location, the second storage location storing thereupon the corresponding patch and being contained on the non-volatile rewriteable memory.
In a further embodiment of the present invention,
the method of patching further comprises adjusting the non volatile rewritable memory if the erase function is being executed.
In a further embodiment of the present invention, the method patching further comprises calculating and updating a return address if the modifying code is executed and the erase function is not executed.
In a furthermore embodiment of the present invention, the step of adjusting makes a memory code and data organisation of the non-volatile rewritable memory exactly identical to the one which would have been in absence of the self-deleting patch currently under consideration.
In an embodiment of the present invention, the return address is an address to which operation of the microprocessor is transferred after execution of modifying code, the return address can vary and point to either of the memories (non-erasable or non-volatile rewriteable memory) as per the situation (patch code) at hand and can also vary according to the patching technique implemented in the portable data carrier.
In another embodiment of the present invention, the step of executing an erase function comprises erasing the memory occupied by the entire patch under consideration if the predetermined condition is satisfied or the predetermined state has been attained.
In still another embodiment of the present invention, the step of executing the erase function leaves no residual data or code bytes of the patch under consideration in the non-volatile rewritable memory.
In a further another embodiment of the present invention, the step of executing the erase function frees the space on the non-volatile rewritable memory thus occupied by the patch under consideration for re-utilization.
In a furthermore embodiment of the present invention, the step of executing the erase function comprises invoking an erase function as provided by an operating system stored on the non-erasable memory.
Brief Description of the Drawings:
In the drawings accompanying the specification
Figure 1 represents an integrated circuit portion of the portable data carrier in accordance with the teachings of the present invention.
Figure 2 represents a typical implementation of a patching mechanism in accordance with the teachings of prior art with reference to memories contained in the Portable data carrier;
Figure 3 represents a typical implementation of the patching mechanism in accordance with the teachings of the present invention;
Figure 4 represents a typical implementation of a patching mechanism in accordance with the teachings of the present invention with reference to memories contained in the Portable data carrier; and
Figure 5 represents another implementation of the patching mechanism in accordance with the teachings of the present invention with reference to memories contained in the Portable data carrier.
DETAILED DESCRIPTION
While the invention is susceptible to various modifications and alternative forms, specific embodiment thereof has been shown by way of example in the drawings and will be described in detail below. It should be understood, however that it is not intended to limit the invention to the particular forms disclosed, but on the contrary, the invention is to cover all modifications, equivalents, and alternative falling within the spirit and the scope of the invention as defined by the appended claims.
The method steps have been represented where appropriate by conventional symbols in the drawings, showing only those specific details that are pertinent to understanding the embodiments of the present invention so as not to obscure the disclosure with details that will be readily apparent to those of ordinary skill in the art having benefit of the description herein.
The terms “comprises”, “comprising”, or any other variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method that comprises a list of steps does not include only those steps but may include other steps not expressly listed or inherent to such process, method. Similarly, one or more elements in a system or apparatus proceeded by “comprises… a” does not, without more constraints, preclude the existence of other elements or additional elements in the system or apparatus.
The features of the present invention are set forth with particularity in the appended claims. The invention itself, together with further features and attended advantages, will become apparent from consideration of the following detailed description, taken in conjunction with the accompanying drawings. One or more embodiments of the present invention are now described, by way of example only, with reference to a specific example of smart card. The invention is by no means bound by this particular example.
Referring to figure 1, integrated circuit portion of the portable data carrier (10) includes a microprocessor (11) associated with a memory element (12). The "memory" may be formed on the same integrated circuit as the microprocessor, or may be formed as a separate device on the portable data carrier (10). Generally, the memory includes non-erasable memory supporting read-only operation (such as Read Only Memory (ROM)) (13), non-volatile rewriteable memory supporting reading and writing operations (such as Electrically Erasable Programable Read Only Memory (EEPROM)) (14), and volatile rewriteable working memory (such as Random Access Memory (RAM)) (15). However, some or all of these presently-used memory elements may be replaced by battery backed-up RAM, flash memory, or other electronic data storage media. The portable data carrier (10) may additionally comprise terminals (16) that are used for interfacing. By way of example, the terminals (16) can include one or more of power terminals, at least one input/output (I/O) port, a reset port, and a clock (clk) signal port.
Not illustrated but also included in this invention is a trusted software kernel as a portable data carrier, executing trusted application with access rights to a ROM and an EEPROM. The EEPROM stores patches for patching program code resided in the ROM. As way of example, a mobile phone device, including the ROM and EEPROM further comprises a main processor and a TXT or TEE for securing and protection of data and applications within the mobile phone. An inventive patch might be downloaded via an over-the-air download procedure and securely stored in an EEPROM section of the mobile phone, wherein this section is only accessible via said trusted applications. After executing the patch thus contained on non-volatile rewriteable memory, said patch serving the purpose of modifying an existing program contained in the non-erasable memory, the said modifying including error correction and functional extension, an erase function is executed wherein the erase function deletes the executed patch if a predetermined condition is satisfied or a predetermined state has been reached.
Referring to figure 2, a typical logical structuring of the portable data carrier and implementation of a patching mechanism in accordance with the teachings of the prior art includes:
• setting multiple patch call points (171, 172, 173, … 17n) in advance in the ROM (13), right before portable data carrier production, each of the said patch call point resulting in a jump to pre-decided patch area (18) on the EEPROM (14);
• during execution of the original code contained in the ROM, as soon as the program counter reaches to such a patch call point, it gets jumped into EEPROM patch area (as illustrated by the bold straight pointers, only one of which is numbered as 19 for the purposes of retaining clarity of the drawing);
• if any patch code corresponding to this patch call point is present at location identified by the reference number 20, then it gets executed, thus rectifying the incorrect portion of the ROM code (as illustrated by the curved pointer 21); and
• after successful execution of the patch code, program counter returns back to the required location in the ROM (as illustrated by dashed straight pointers, only one of which is numbered as 22 for the purposes of retaining clarity of the drawing) and normal execution of the codes contained therein continues until another patch call point is encountered.
As illustrated in figure 2, the EEPROM is divided into a plurality of logical areas, including, an operating system random data area (23) and an application area (24). The pre-decided patch area (18) does not form part of either of the operating system random data area (23) and the application area (24) and forms part of a separate area (referred to as fixed patch area and numbered as 25). Also, the area (20) storing thereupon the patch does not form part of either of the operating system random data area (23) and the application area (24) and forms part of a separate area (referred to as variable patch area and numbered as 26). Further, the EEPROM stores key for enabling secure transactions at location 27. Furthermore, the said ROM comprises at least one code storage area (281, 282, 283,…, 28n). Each patch call point (171, 172, 173, … 17n) thus contained on the ROM (13) is alternatively referred to as address storage area and the same stores address of the said pre-decided patch area (18) (alternatively referred to as first storage location of the EEPROM).
Referring to figures 3 and 4, a typical implementation of a patching mechanism (30) in accordance with the teachings of the present invention includes:
(a) a step (312) of executing a modifying code forming part of a patch thus contained on non-volatile rewriteable memory (14), said patch serving the purpose of modifying an existing program contained in the non-erasable memory (13), the said modifying including error correction and functional extension; and
(b) a step (323) of executing an erase function that deletes the patch thus executed in step (a), if a predetermined condition is satisfied or a predetermined state has been reached.
If it is determined in step (31), which comes subsequent to the step (33) of execution of the existing program contained in the non-erasable memory (13), that the modifying code is needed to be executed for the purpose of error correction and/or functional extension the method further comprises obtaining an address of the corresponding patch thus contained on the non-volatile rewriteable memory (14) (steps 310 and 311).
By way of an example, the address of the corresponding patch can be obtained by obtaining an address of a first storage location (alternatively referred to as pre-decided patch area (118)) from an address storage area (alternatively referred to as patch call points (1171, 1172, 1173, … 117n)) (step 310); and obtaining an address of a second storage location (identified by the reference number 120) from the first storage location (118) (step 311), wherein the second storage location (120) stores thereupon the corresponding patch. In the example described above, the non-erasable memory (13) comprises the said at least one address storage area (1171, 1172, 1173, … 117n) while the first storage location (118) is being contained in the non-volatile rewriteable memory (14).
It may be noted that after the step (312) of executing the modifying code forming part of the patch, a step (313) for calculating and updating a return address is executed and thereafter the operation returns to step 33.
As it can be understood by a person skilled in the art, the return address thus calculated in step (313) is an address to which operation of the microprocessor must be transferred after execution of modifying code. Although in figure 3 the execution flow returns to step (33) i.e. execution of the original program as contained in the ROM (13), in other alternatives, the same can vary and point to either of the memories (non-erasable or non-volatile rewriteable memory) as per the situation (patch code) at hand and can also vary according to the patching technique implemented in the portable data carrier.
The step (323) of executing an erase function comprises erasing the memory (120) occupied by the entire patch and the said step is performed only if it is determined in step 32 that the predetermined condition is satisfied or the predetermined state has been attained. Particularly, the step of executing the erase function leaves no residual data or code bytes pertaining to the patch under consideration in the non-volatile rewritable memory. More particularly, the step of executing the erase function includes releasing the space (120) thus occupied by the patch on the non-volatile rewritable memory for re-utilization. By way of example, the step of executing the erase function includes invoking an erase function as provided by an operating system stored on the non-erasable memory (13).
It is pertinent to observe that prior to executing the erase function, the non-volatile rewritable memory is adjusted in step (322) so as to make the code and data organisation of the non-volatile rewritable memory exactly identical to the one which would have been in absence of the self-deleting patch currently under consideration and the code corresponding to this step executes only when it is determined to perform the step of executing an erase function.
As stated above, some of the steps such as the step of adjusting the non-volatile rewritable memory and the step of executing an erase function for deleting the corresponding patch are performed only if a predetermined condition is satisfied or a predetermined state has been reached. In this regard, the predetermined state can be one of the life cycle states of the portable data carrier which it undergoes after the successful loading/installation of the self-deleting patch code, typically, the states being initialization, pre-personalization and personalization. Alternatively, the predetermined condition is a logical condition being fulfilled during or after execution of a particular command within a course of a life cycle state of the portable data carrier.
If it is determined in step 32, which comes subsequent to the step 33 and more particularly if it is determined in step 31 that the modifying code is needed to be executed, that the predetermined condition is satisfied or the predetermined state has been reached, the method further comprises obtaining an address of the corresponding patch thus contained on the non-volatile rewriteable memory (14) (steps 320 and 321). It can be said that steps 320 and 321 are substantially similar to steps steps 310 and 311.
Contrary to the above, if it is determined in step 32 that the predetermined condition is satisfied or the predetermined state has been reached, the operation returns to step 33. Also, after executing the erase function, the operation returns to step 33. Under both of the scenarios, in other alternatives, the operation can return to either of the memories (non-erasable or non-volatile rewriteable memory) as per the situation (patch code) at hand and can also vary according to the patching technique implemented in the portable data carrier.
As illustrated in figure 4, the said ROM comprises at least one code storage area (1281, 1282, 1283, … 128n) and at least one patch call point (1171, 1172, 1173, … 117n). Each patch call point (1171, 1172, 1173, … 117n) thus contained on the ROM (13) is alternatively referred to as address storage area and the same stores address of the said pre-decided patch area (118) (alternatively referred to as first storage location of the EEPROM).
Although not essential, as illustrated in figure 4, it is possible that the EEPROM (13) may be divided into a plurality of logical areas, including for example, an operating system random data area (123) and an application area (124). It is possible that the pre-decided patch area (118) does not form part of either of the operating system random data area (123) and the application area (124) and forms part of a separate area (referred to as fixed patch area and numbered as 125). Similarly, it is further possible that the area (120) storing thereupon the self deleting patch does not form part of the operating system random data area (123). However, contrary to the prior art, it is possible that the area (120) storing thereupon the self deleting patch forms part of the application area (124). In an embodiment, patches which get erased in accordance with the teachings of the present invention are preferably stored in the application area (124), while patches which do not get erased are stored in a separate area (130) (referred to as variable patch area and numbered as 126). Further, the EEPROM may store keys for enabling secure transactions at location 127.
In an alternative process which is adoptable in a non-erasable memory (13) that does not comprise an address storage area (and which does not substantially deviate from the process described above), the manner of obtaining the address of the patch consists of a step (311 or 321, as the case may be) of obtaining an address of a second storage location (identified by the reference number 120) from the first storage location (118).
By way of example, the patch which is stored in the area (120) (alternatively referred to as self deleting patch) comprises:
a. a first functional block containing modifying code executable whenever modification is intended;
b. a second functional block for calculating and updating a return address where execution control must be transferred after executing the modifying code; and
c. a third functional block for adjusting the non-volatile rewritable memory and erasing the memory occupied by the self deleting patch.
To enable storing of the patch which is self deleting in nature, the present invention also provides a method comprising:
storing one or more self deleting patch(es) in a non-volatile rewriteable memory at a location outside of an existing program;
wherein the said one or more self deleting patch(es) serves the purpose of modifying existing program contained in the non-erasable memory and gets deleted prior to a predetermined state or upon satisfying of a predetermined condition, the said modification including error correction or functional extension.
Referring to figure 5, another typical implementation of a patching mechanism in accordance with the teachings of the present invention includes:
1. Initial ROM management record (45) is placed (or masked) into ROM (40) during manufacture. The Initial ROM management record indexes the programs in ROM. (For example, initial ROM management record may be a vector table storing the start addresses for each program in ROM, but might be any other convenient record or algorithm);
2. The initial ROM management record is identified by a ROM management record address indicator (47) stored in the global data object reserve space (46) in Read/Write memory (50);
3. Patch code (51) corresponding to original code (42) stored in the ROM (40) is downloaded, installed and stored in the erasable read/write memory (50);
5. Further, a new ROM management record (49) is created in Read/Write memory (50);
6. Finally, the ROM management record address indicator (47) stored in the global data object reserve space (46) is updated to reflect the presence of the new ROM management record (49) in the Read/Write memory (50);
7. Once the ROM management record address indicator (47) has been updated, all queries to the ROM management record will be made to the New ROM management record (49) rather than the initial ROM management record (45);
It would be pertinent to note that the portable data carrier and more particularly, the ROM (40) may additionally comprise operating system data area (41) and application area (44). Also, the read/write memory (50) may additionally comprise file directory (48). In this regard, if the patch is of a self deleting type, during its code installation (as stated in step 3 above), the relevant initial entries are preserved from the initial ROM management record (45). Just before self-deletion operation of patch code i.e. before executing the erase function, the corresponding entries in the new ROM management record (49) of read/write memory (50) are replaced with the values of the initial entries of the corresponding ROM program which were preserved from the initial ROM management record (45). The self-deleting patch code reference is thus removed from the ROM management record (49) of read/write memory (50).
If we consider a scenario wherein the EEPROM (13) is divided into an operating system random data area (123), an application area (124), fixed patch area (125), variable patch area (126) and area storing keys (127), during the process of storing the self deleting patch (120) which is in accordance with a preferred aspect of the present invention, the same is preferentially stored in the application area (124). If the self deleting patch is stored as part of variable patch area (126) (as is the case in the prior art), the memory address allotted to “application area start location” will undergo a change. More particularly, the address allotted to the “application area start location” during the presence of the self deleting patch will be different from the address allotted to the “application area start location” in the absence of the self deleting patch. As the address of the “application area start location” is stored in the form of pointer in the fixed patch area (125), when the said address undergoes a change (because of deletion of the self deleting patch), it becomes necessary to change the pointer references within fixed patch area (125) (i.e. after deletion of the self deleting patch). On the other hand, if the self deleting patch (120) is preferentially stored in the application area (124), minimum efforts are spent in adjusting the non-volatile rewriteable memory. More particularly, it is no more needed to change the pointer references within fixed patch area 9125) after deletion of the self deleting patch. On the other hand, the variable patch area (126) may still be used for storing non deleting type patch (130) in a manner similar to the conventionally followed technique.
Advantages of the present invention:
The present invention provides one or more of the following advantages:
• linking the action of deletion of the patch to “satisfying a prescribed condition or attaining a prescribed state” ensures protection against accidental deletion of the patch as well as accidental non-deletion of the patch;
• the present invention does not impact in any manner other patch entries existing in ROM (whether non-deleting type or self deleting type) and their execution;
• the present invention does not result in reduction in available application area;
• saving of memory as the memory occupied by self deleting patches in the non-volatile rewritable memory (EEPROM) are released for other applications after the deletion process;
• the present invention helps in avoiding delay in time to market of the product, as Re-Type approval is not required;
• the present invention helps in saving substantial cost involved in Re-Type Approval;
• the present invention avoids any security breach of security requirements as the EEPROM image after execution of the patch remains identical to the one certified in the Type Approval;
• the present invention does not require any change in existing production processes i.e. no additional efforts required form production perspective;
• the patch does not delete itself before a predetermined condition or state occurs however it gets deleted once predetermined condition or state has been achieved even if the error condition does not occur.
While the particular preferred embodiments of the present invention have been shown and described, it will be obvious to those skilled in the art that changes and modifications may be made without departing from the teachings of the invention. It is therefore contemplated that the present invention cover any and all modifications, variations or equivalents that fall within the scope of the basic underlying principles disclosed above and claimed herein.
We Claim:
1. A method of patching a program stored in non-erasable memory of a portable data carrier, said method comprising the steps of:
(a) executing a modifying code forming part of a patch thus contained on non-volatile rewriteable memory, said patch serving the purpose of modifying an existing program contained in the non-erasable memory, the said modifying including error correction and functional extension; and
(b) executing an erase function that deletes the patch thus executed in step (a), if a predetermined condition is satisfied or a predetermined state has been reached.
2. The method of patching as claimed in any of claims 1, wherein the modifying code is executed if it is determined that the program contained in the non-erasable memory needs an error correction and/or functional extension, the method further comprises obtaining an address of the corresponding patch thus contained on the non-volatile rewriteable memory.
3. The method of patching as claimed in claim 2, wherein the step of obtaining the address of the corresponding patch comprises:
a. obtaining an address of a first storage location from an address storage area contained on the non-erasable memory, the first storage location being contained on the non-volatile rewriteable memory; and
b. obtaining an address of a second storage location from the first storage location, the second storage location storing thereupon the corresponding patch and being contained on the non-volatile rewriteable memory.
4. The method of patching as claimed in claim 1, further comprising adjusting the non-volatile re-writable memory if the erase function is being executed.
5. The method of patching as claimed in claim 1, further comprising calculating and updating a return address if the modifying code is executed and the erase function is not executed.
6. The method of patching as claimed in claim 4, wherein the step of adjusting makes the code and data organisation of the non-volatile rewritable memory exactly identical to the one which would have been in absence of the self-deleting patch currently under consideration.
7. The method of patching as claimed in claim 4, wherein the return address is an address to which operation of the microprocessor is transferred after execution of the modifying code.
8. The method of patching as claimed in claim 1, wherein the step of executing an erase function comprises erasing the memory occupied by the entire patch under consideration if the predetermined condition is satisfied or the predetermined state has been attained.
9. The method of patching as claimed in claim 1, wherein the step of executing the erase function leaves no residual data or code bytes of the patch under consideration in the non-volatile rewritable memory.
10. The method of patching as claimed in claim 1, wherein the step of executing the erase function includes releasing the space thus occupied by the patch under consideration on the non-volatile rewritable memory for re-utilization.
11. The method of patching as claimed in claim 1, wherein the step of executing the erase function includes invoking an erase function as provided by an operating system stored on the non-erasable memory.
12. The method as claimed in claim 1, wherein the predetermined state is one of the life cycle states of the portable data carrier which it undergoes after the successful loading/installation of the self-deleting patch code.
13. The method as claimed in claim 1, wherein the predetermined condition is a logical condition being fulfilled during or after execution of a particular command within a course of a life cycle state of the portable data carrier
14. A method for storing a self deleting patch on a portable data carrier, said method comprising:
storing one or more self deleting patch(es) in a non-volatile rewriteable memory at a location outside of an existing program;
wherein the said one or more self deleting patch(es) serves the purpose of modifying existing program contained in the non-erasable memory and gets deleted prior to a predetermined state or upon satisfying of a predetermined condition, the said modification including error correction or functional extension.
15. A portable data carrier comprising:
a microprocessor; and
memory comprising non-erasable memory supporting read-only operation (ROM), non-volatile rewriteable memory supporting reading and writing operations (EEPROM) and volatile rewriteable working memory (RAM),
wherein the said non-volatile rewriteable memory comprises at least one self deleting patch which serves the purpose of modifying an existing program contained in the non-erasable memory and gets deleted prior to a predetermined state or upon satisfying of a predetermined condition, the said modifying including error correction and functional extension.
16. The portable data carrier as claimed in claim 13, wherein the said non-volatile rewriteable memory comprises a first storage location and a second storage location, the said first storage location comprising an address of said second storage location and the said second storage location comprising the said at least one self deleting patch.
17. The portable data carrier as claimed in claim 13, wherein the self deleting patch comprises:
a. a first functional block containing modifying code executable whenever modification is intended;
b. a second functional block for calculating and updating a return address where execution control must be transferred after executing the modifying code; and
c. a third functional block for adjusting the non-volatile rewritable memory and erasing the memory occupied by the self deleting patch.
Documents
Orders
| Section | Controller | Decision Date |
|---|---|---|
Application Documents
| # | Name | Date |
|---|---|---|
| 1 | 2465-MUM-2011-FORM 26(24-11-2011).pdf | 2011-11-24 |
| 1 | 2465-MUM-2011-US(14)-HearingNotice-(HearingDate-19-10-2020).pdf | 2021-10-03 |
| 2 | 2465-MUM-2011-Correspondence to notify the Controller [18-10-2020(online)].pdf | 2020-10-18 |
| 2 | 2465-MUM-2011-FORM 1(24-11-2011).pdf | 2011-11-24 |
| 3 | 2465-MUM-2011-FORM-26 [18-10-2020(online)].pdf | 2020-10-18 |
| 3 | 2465-MUM-2011-CORRESPONDENCE(24-11-2011).pdf | 2011-11-24 |
| 4 | 2465-MUM-2011-RELEVANT DOCUMENTS [08-06-2018(online)].pdf | 2018-06-08 |
| 4 | 2465-MUM-2011-ORIGINAL UR 6(1A) FORM 26-150119.pdf | 2019-05-10 |
| 5 | 2465-MUM-2011-PA [08-06-2018(online)].pdf | 2018-06-08 |
| 5 | 2465-MUM-2011-ORIGINAL UR 6(1A) FORM 26 & NOTARIAL CERTIFICATE-311018.pdf | 2019-03-19 |
| 6 | 2465-MUM-2011-FORM-26 [27-12-2018(online)].pdf | 2018-12-27 |
| 6 | 2465-MUM-2011-Changing Name-Nationality-Address For Service [08-06-2018(online)].pdf | 2018-06-08 |
| 7 | 2465-MUM-2011-OTHERS(ORIGINAL UR 6( 1A) FORM 26)-180618.pdf | 2018-11-28 |
| 7 | 2465-MUM-2011-ASSIGNMENT DOCUMENTS [08-06-2018(online)].pdf | 2018-06-08 |
| 8 | 2465-MUM-2011-ABSTRACT [26-10-2018(online)].pdf | 2018-10-26 |
| 8 | 2465-MUM-2011-8(i)-Substitution-Change Of Applicant - Form 6 [08-06-2018(online)].pdf | 2018-06-08 |
| 9 | 2465-MUM-2011-COMPLETE SPECIFICATION [26-10-2018(online)].pdf | 2018-10-26 |
| 9 | Relevant Documents & Assignment.pdf | 2018-08-10 |
| 10 | 2465-MUM-2011-FER_SER_REPLY [26-10-2018(online)].pdf | 2018-10-26 |
| 10 | IP17457 Power of Attorney (Form 26).pdf | 2018-08-10 |
| 11 | 2465-MUM-2011-OTHERS [26-10-2018(online)].pdf | 2018-10-26 |
| 11 | IP17457 Form 6.pdf | 2018-08-10 |
| 12 | 2465-MUM-2011-ASSIGNMENT(13-4-2015).pdf | 2018-08-10 |
| 12 | IP17457 Form 13.pdf | 2018-08-10 |
| 13 | 2465-MUM-2011-CORRESPONDENCE(13-4-2015).pdf | 2018-08-10 |
| 13 | IP17457 Coveringl letter & Form 1.pdf | 2018-08-10 |
| 14 | 2465-MUM-2011-CORRESPONDENCE(27-7-2012).pdf | 2018-08-10 |
| 14 | Form-5.pdf | 2018-08-10 |
| 15 | 2465-MUM-2011-CORRESPONDENCE(4-11-2011).pdf | 2018-08-10 |
| 15 | Form-3.pdf | 2018-08-10 |
| 16 | 2465-MUM-2011-FER.pdf | 2018-08-10 |
| 16 | Form-1.pdf | 2018-08-10 |
| 17 | Drawings.pdf | 2018-08-10 |
| 17 | 2465-MUM-2011-FORM 1(13-4-2015).pdf | 2018-08-10 |
| 18 | 2465-MUM-2011-FORM 1(27-7-2012).pdf | 2018-08-10 |
| 18 | ABSTRACT1.jpg | 2018-08-10 |
| 19 | 2465-MUM-2011-FORM 13(27-7-2012).pdf | 2018-08-10 |
| 19 | 2465-MUM-2011-FORM 5(13-4-2015).pdf | 2018-08-10 |
| 20 | 2465-MUM-2011-FORM 18(4-11-2011).pdf | 2018-08-10 |
| 20 | 2465-MUM-2011-FORM 3(13-4-2015).pdf | 2018-08-10 |
| 21 | 2465-MUM-2011-FORM 2(TITLE PAGE)-(13-4-2015).pdf | 2018-08-10 |
| 21 | 2465-MUM-2011-FORM 26(13-4-2015).pdf | 2018-08-10 |
| 22 | 2465-MUM-2011-FORM 2(TITLE PAGE)-(13-4-2015).pdf | 2018-08-10 |
| 22 | 2465-MUM-2011-FORM 26(13-4-2015).pdf | 2018-08-10 |
| 23 | 2465-MUM-2011-FORM 18(4-11-2011).pdf | 2018-08-10 |
| 23 | 2465-MUM-2011-FORM 3(13-4-2015).pdf | 2018-08-10 |
| 24 | 2465-MUM-2011-FORM 5(13-4-2015).pdf | 2018-08-10 |
| 24 | 2465-MUM-2011-FORM 13(27-7-2012).pdf | 2018-08-10 |
| 25 | 2465-MUM-2011-FORM 1(27-7-2012).pdf | 2018-08-10 |
| 25 | ABSTRACT1.jpg | 2018-08-10 |
| 26 | 2465-MUM-2011-FORM 1(13-4-2015).pdf | 2018-08-10 |
| 26 | Drawings.pdf | 2018-08-10 |
| 27 | 2465-MUM-2011-FER.pdf | 2018-08-10 |
| 27 | Form-1.pdf | 2018-08-10 |
| 28 | 2465-MUM-2011-CORRESPONDENCE(4-11-2011).pdf | 2018-08-10 |
| 28 | Form-3.pdf | 2018-08-10 |
| 29 | 2465-MUM-2011-CORRESPONDENCE(27-7-2012).pdf | 2018-08-10 |
| 29 | Form-5.pdf | 2018-08-10 |
| 30 | 2465-MUM-2011-CORRESPONDENCE(13-4-2015).pdf | 2018-08-10 |
| 30 | IP17457 Coveringl letter & Form 1.pdf | 2018-08-10 |
| 31 | 2465-MUM-2011-ASSIGNMENT(13-4-2015).pdf | 2018-08-10 |
| 31 | IP17457 Form 13.pdf | 2018-08-10 |
| 32 | 2465-MUM-2011-OTHERS [26-10-2018(online)].pdf | 2018-10-26 |
| 32 | IP17457 Form 6.pdf | 2018-08-10 |
| 33 | 2465-MUM-2011-FER_SER_REPLY [26-10-2018(online)].pdf | 2018-10-26 |
| 33 | IP17457 Power of Attorney (Form 26).pdf | 2018-08-10 |
| 34 | 2465-MUM-2011-COMPLETE SPECIFICATION [26-10-2018(online)].pdf | 2018-10-26 |
| 34 | Relevant Documents & Assignment.pdf | 2018-08-10 |
| 35 | 2465-MUM-2011-8(i)-Substitution-Change Of Applicant - Form 6 [08-06-2018(online)].pdf | 2018-06-08 |
| 35 | 2465-MUM-2011-ABSTRACT [26-10-2018(online)].pdf | 2018-10-26 |
| 36 | 2465-MUM-2011-OTHERS(ORIGINAL UR 6( 1A) FORM 26)-180618.pdf | 2018-11-28 |
| 36 | 2465-MUM-2011-ASSIGNMENT DOCUMENTS [08-06-2018(online)].pdf | 2018-06-08 |
| 37 | 2465-MUM-2011-FORM-26 [27-12-2018(online)].pdf | 2018-12-27 |
| 37 | 2465-MUM-2011-Changing Name-Nationality-Address For Service [08-06-2018(online)].pdf | 2018-06-08 |
| 38 | 2465-MUM-2011-PA [08-06-2018(online)].pdf | 2018-06-08 |
| 38 | 2465-MUM-2011-ORIGINAL UR 6(1A) FORM 26 & NOTARIAL CERTIFICATE-311018.pdf | 2019-03-19 |
| 39 | 2465-MUM-2011-RELEVANT DOCUMENTS [08-06-2018(online)].pdf | 2018-06-08 |
| 39 | 2465-MUM-2011-ORIGINAL UR 6(1A) FORM 26-150119.pdf | 2019-05-10 |
| 40 | 2465-MUM-2011-FORM-26 [18-10-2020(online)].pdf | 2020-10-18 |
| 40 | 2465-MUM-2011-CORRESPONDENCE(24-11-2011).pdf | 2011-11-24 |
| 41 | 2465-MUM-2011-FORM 1(24-11-2011).pdf | 2011-11-24 |
| 41 | 2465-MUM-2011-Correspondence to notify the Controller [18-10-2020(online)].pdf | 2020-10-18 |
| 42 | 2465-MUM-2011-FORM 26(24-11-2011).pdf | 2011-11-24 |
| 42 | 2465-MUM-2011-US(14)-HearingNotice-(HearingDate-19-10-2020).pdf | 2021-10-03 |
Search Strategy
| 1 | 2465mum2011_22-12-2017.pdf |