摘要 |
<p>The invention concerns an application programmer no longer responsible for managing access rights, the application code being independent of the protection in the chip card. The capability-based access control consists, when an application (Aa), for example in a docking station, is given access to an object (Ob1) pertaining to the other application (Ab) in a chip card (CP), in creating two capabilities (Fa(Ob1), Fb(Ob1)) respectively in the applications, as objects, to protect all subsequent accesses to the object by filtering them through the two capabilities. On accessing (E1) an object (Ob1) pertaining to an application (Ab), if a second object (Ob2) pertaining to the other application (Ab) is passed on to the latter, two other capabilities (Fa(Ob2, Fb(Ob2)) are added (E2) in the applications to protect access to the second object.</p> |