5 Life Cycle Models
The GlobalPlatform defines Life Cycle models to control the functionality and security of the following GlobalPlatform components:
• Card;
• Executable Load Files;
• Executable Modules;
• Security Domains;
• Applications.
The OPEN owns and maintains the Life Cycle information within the GlobalPlatform Registry and manages the requested state transitions.
The Life Cycle models of each component are presented in this chapter.
5 生命周期模型
GlobalPlatform定义了生命周期模型,以便对以下GlobalPlatform组件的功能和安全进行控制:
卡片;
可执行加载文件;
可执行模块;
安全域;
应用
OPEN在GlobalPlatform注册表中持有和维护生命周期信息,并对状态迁移的请求进行处理。以上每种组件生命周期模型都将在本章中进行描述。
5.1 Card Life Cycle
The OPEN is responsible for maintaining the overall security and administration of the card and its content. As the OPEN plays this supervisory role over the entire card, its life cycle can be thought of as the life cycle of the card and is referred to as the card Life Cycle in the subsequent sections.
如前所述,OPEN负责整个卡片及其内容的安全和管理职能。正由于OPEN相对整个卡片处于这种监管的角色,其自身的生命周期就可以被认为等同于卡片的生命周期,在接下来的部分,当说到卡片生命周期的时候,也就是指OPEN的生命周期。
From a GlobalPlatform perspective, the card Life Cycle begins with the state OP_READY. Although a cards life includes activities prior to the initial card Life Cycle State, these activities are considered card implementation specific and are beyond the scope of this Specification.
The end of the card Life Cycle is the state TERMINATED.
The Issuer Security Domain inherits the card Life Cycle State.
在GlobalPlatform的视角中,卡片生命周期开始于OP_READY状态。尽管卡片实际的生命活动要早于这个初始的生命周期状态,由于这些活动被视为于卡片的具体实现有关,因而超出了本规范论述的范围。卡片生命周期结束于TERMINATED状态。发卡方安全域继承了卡片生命周期。
5.1.1 Card Life Cycle States
The following card Life Cycle States shall apply:
• OP_READY
• INITIALIZED
• SECURED
• CARD_LOCKED
• TERMINATED
The card Life Cycle States OP_READY and INITIALIZED are intended for use during the Pre-Issuance phases of the card’s life.
The states SECURED, CARD_LOCKED and TERMINATED are intended for use during the Post-Issuance phase of the card although it is possible to terminate the card at any point during its life.
5.1.1 卡片生命周期状态
卡片生命周期状态必须包括:
SECURED
CARD_LOCKED
TERMINATED
卡片生命周期状态中的OP_READY和INITIALIZED适用于卡片生命中的发卡前阶段。
SECURED、CARD_LOCKED和TERMINATED适用于发卡后的阶段。当然,可以在卡片生命周期的任何时刻使卡片进入终结状态。
5.1.1.1 Card Life Cycle State OP_READY
The state OP_READY indicates that the runtime environment shall be available and the Issuer Security Domain, acting as the selected Application, shall be ready to receive, execute and respond to APDU commands.
卡片处于OP_READY状态时,运行时环境必须就位,发卡方安全域作为已经被选择的应用,必须做好接收、处理、响应APDU命令的准备。
The following functionality shall be present when the card is in the state OP_READY:
• The runtime environment shall be ready for execution;
运行时环境必须完成执行的准备;
• The OPEN shall be ready for execution;
OPEN必须完成执行的准备;
• The Issuer Security Domain shall be the implicitly selected Application for all card interfaces;
发卡方安全域必须是卡片所有接口的隐含的已选择应用;
• Executable Load Files that were included in Immutable Persistent Memory shall be registered in the GlobalPlatform Registry;
驻留在只读内存中的可执行加载文件必须注册到了GlobalPlatform注册表之中;
• An initial key shall be available within the Issuer Security Domain.
发卡方安全域必须有一个可用的初始密钥
The card shall be capable of Card Content changes, the loading of the Load Files containing applications not already present in the card may occur. The installation, from Executable Load Files, of any Application may occur. Additionally, if any personalization information is available at this stage, Applications may be personalized.
卡片必须能够允许其内容被修改;卡上没有的应用可以通过包含它的加载文件上载到卡片中;任何应用都有可能从可执行加载文件中安装到卡片上;此外,如果任何个人化信息在这种状态下可以得到的话,应用的个人化处理也可以在此时进行。
The OP_READY state may be used by an off-card entity to perform the following actions:
• Supplementary Security Domains may be loaded and/or installed;
• The Security Domain keys may be inserted in order to maintain a cryptographic key separation from the Issuer Security Domain keys.
卡外实体可以在卡片处于OP_READY状态时执行以下操作:
辅助安全域可以在此时加载或安装;
辅助安全域可以在此时进行安装,以便与发卡方安全域的密钥实现有效的区隔
5.1.1.2 Card Life Cycle State INITIALIZED
The state INITIALIZED is an administrative card production state. The state transition from OP_READY to INITIALIZED is irreversible. Its functionality is beyond the scope of this Specification. This state may be used to indicate that some initial data has been populated (e.g. Issuer Security Domain keys and/or data) but that the card is not yet ready to be issued to the Cardholder.
5.1.1.2 卡片生命周期状态 INITIALIZED
INITIALIZED是卡片生产阶段的一个管理性质的状态,从OP_READY状态到INITIALIZED状态的迁移是不可逆的。INITIALIZED状态的具体功能已经超出了本规范论述的范围,该状态可用来表明某些初始化信息(如发卡方安全域的密钥及数据)已经驻留到了卡片上,但该卡片仍然没有做好发行到持卡方的准备。
5.1.1.3 Card Life Cycle State SECURED
The state SECURED is the intended operating card Life Cycle State in Post-Issuance. This state may be used by Security Domains and Applications to enforce their respective security policies. The state transition from INITIALIZED to SECURED is irreversible.
The SECURED state should be used to indicate to off-card entities that the Issuer Security Domain contains all necessary keys and security elements for full functionality.
5.1.1.3 卡片生命周期状态 SECURED
SECURED是在卡片生命周期中是发卡后阶段的一个状态。安全域和应用可以利用此状态来贯彻各自的安全策略。从INITIALIZED状态到SECURED状态的迁移是不可逆的。
SECURED状态应该用来向卡外实体表明,发卡方安全域已经保有所有必须的密钥和满足完备功能的安全因素。
5.1.1.4 Card Life Cycle State CARD_LOCKED
The card Life Cycle state CARD_LOCKED is present to provide the capability to disable the selection of Security Domain and Applications. The card Life Cycle state transition from SECURED to CARD_LOCKED is reversible.
卡片生命周期状态CARD_LOCKED的引入是为了提供禁止对卡片上的安全域和应用进行选择的能力。从SECURED状态到CARD_LOCKED状态的迁移是不可逆的。
Setting the card to this state means that the card shall only allow selection of the application with the Final Application privilege. Card Content changes including any type of data management (specifically Security Domain keys and data) are not allowed in this state.
将卡片设置为此状态意味着只有具备“最后应用权限”的应用才能在这种状态下被选中。对卡片内容的任何改变,包括任何类型的数据管理 (特别是安全域的密钥和数据) 操作,都是禁止的。
Either the OPEN, or a Security Domain with Card Lock privilege, or an Application with Card Lock privilege (see section 6.6 - Privileges), may initiate the transition from the state SECURED to the state CARD_LOCKED.
OPEN本身,以及具备“卡片锁定权限”的安全域或应用(参见6.6 权限)可以启动从SECURED状态到CARD_LOCKED状态的迁移。
5.1.1.5 Card Life Cycle State TERMINATED
The state TERMINATED signals the end of the card Life Cycle and the card. The state transition from any other state to TERMINATED is irreversible.
TERMINATED状态标志着卡片生命周期和卡片本身的终结。从任何其他状态到TERMINATED状态的迁移都是不可逆的。
The state TERMINATED shall be used to permanently disable all card functionality with respect to any card content management and any life cycle changes. This card state is intended as a mechanism for an Application to logically 'destroy' the card for such reasons as the detection of a severe security threat or expiration of the card. If a Security Domain has the Final Application privilege only the GET DATA command shall be processed, all other commands defined in this specification shall be disabled and shall return an error. If an application has the Final Application privilege its command processing is subject to issuer policy.
TERMINATED状态意味着必须永久性地禁止卡片的任何功能以及任何卡片内容管理和卡片生命周期的改变。这个状态的引入是为了提供一种机制,使得当发现卡片遭受严重威胁或者已经过期时,某个应用可以在逻辑意义上“销毁”卡片。如果此时某个安全域具备“最终应用权限”,则只有GET DATA命令必须被处理,任何本规范中定义的其他命令都必须被禁止,且返回为一个错误。如果此时某个应用具备“最终应用权限”,则其对命令的处理策略由发卡方定义。
The OPEN itself, or a Security Domain with Card Terminate privilege, or an Application with Card Terminate privilege (see section 6.6 - Privileges), may initiate the transition from any of the previous states to the state TERMINATED.
OPEN本身,以及具备“卡片终结权限”的安全域或应用(参见6.6 权限)可以启动从任何其他状态到TERMINATED状态的迁移。
5.1.2 Card Life Cycle State Transitions
5.1.2 卡片生命周期状态的迁移
Figure 5-1 illustrates the state transition diagram for the card Life Cycle. This can typically be viewed as a sequential process with certain possibilities for reversing a state transition or skipping states.
5.2 Executable Load File/ Executable Module Life Cycle
An Executable Load File is the actual on-card container of one or more application's executable code (Executable Modules). It may reside in Immutable Persistent Memory or may be created in Mutable Persistent Memory as the resulting image of a Load File Data Block. The format in which the Executable Load File is stored on the card is beyond the scope of this Specification.
The OPEN owns and maintains the Executable Load File Life Cycle information within the GlobalPlatform Registry.
可执行加载文件实际上是卡片内包含一个或多个应用的可执行代码(即可执行模块)的容器。它可以驻留在只读内存,或者在可变内存中作为加载文件数据块的映像而创建。可执行加载文件在卡片中的存储格式超出了本规范论述的范围。
OPEN在GlobalPlatform注册表中持有和维护可执行加载文件的生命周期信息。
5.2.1 Executable Load File Life Cycle
The Executable Load File Life Cycle can only have one state.
5.2.1 可执行加载文件生命周期
可执行加载文件的生命周期只有一个状态。
5.2.1.1 Executable Load Life Cycle LOADED
The OPEN shall consider all Executable Load Files present in the card in Immutable Persistent Memory or Mutable Persistent Memory to be in the state LOADED. An Executable Load File transferred to the card through a Load File shall become an entry in the GlobalPlatform Registry following the successful completion of the load process. Executable Load Files present in Immutable Persistent Memory shall automatically have entries within the GlobalPlatform Registry and initially be associated with the Issuer's Security Domain.
OPEN必须认定卡上只读内存或可变内存的所有可执行加载文件都处在LOADED状态。加载文件通过加载过程成功载入卡片后生成的可执行加载文件,必须注册为GlobalPlatform注册表中的一个条目。只读内存中的可执行加载文件必须自动注册为GlobalPlatform的条目,且一开始就关联到发卡方安全域。
5.2.1.2 Executable Load File Deletion
The OPEN may receive a request to delete an Executable Load File. If the Executable Load File cannot be physically deleted (e.g., because it is stored in Immutable Persistent Memory), the following behavior shall apply except that the actual space cannot be reclaimed.
OPEN可能收到删除可执行加载文件的请求。如果可执行加载文件不能从物理上删除(比如因为驻留在只读内存中)的话,则除了其占有的内存空间不能回收外,必须尊循下面的行为。
The space previously used to store a physically deleted Executable Load File is reclaimed and may be reused. The entries within the GlobalPlatform Registry of the Executable Load File and each Executable Module within the Executable Load File shall no longer be available, and the OPEN is not required to maintain a record of the deleted Executable Load File's or Executable Module's previous existence.
删除以前可执行加载文件驻留的内存空间被回收并可供重新利用,GlobalPlatform注册表中该可执行加载文件及其包含的每个可执行模块所对应的条目必须设为不可访问,OPEN也无须对已删除的可执行加载文件或可执行模块保留其曾经存在过记录。
If the received request is also intended to delete each of the Applications instantiated from the Executable Modules within this Executable Load File, then for each of these Applications the behavior described in section 5.3.1.4 - Application Deletion or section 5.3.2.5 - Security Domain Deletion shall occur.
如果收到的删除请求同时要求对可执行加载文件中的可执行模块实例化而来的应用也进行删除的话,每个被删除的应用的行为必须遵照本规范“5.3.1.4-应用的删除”或者“5.3.2.5-安全域的删除”等部分的论述进行。
5.2.2 Executable Module Life Cycle
The Executable Module Life Cycle is linked to the Executable Load File Life Cycle.
5.2.2 可执行模块的生命周期
可执行模块的生命周期与可执行加载文件的生命周期相关联。
5.3 Application and Security Domain Life Cycle
The Life Cycle of the Application or Security Domain begins when the application is instantiated from an Executable Module. The Life Cycle reflects states that are controlled by the OPEN and states that are controlled directly by the Application.
应用或安全域的生命周期开始于从可执行模块实例化成功的那一刻,其生命周期则反映了由OPEN管理的状态和由自身管理的状态
The Application becomes an entry in the GlobalPlatform Registry and the OPEN sets the Application Life Cycle State to the initial state of INSTALLED during the Application installation process. The OPEN is also responsible for making the Application available for selection by setting its Life Cycle State to SELECTABLE upon request during the Application installation process.
在其安装过程中,应用注册为GlobalPlatform注册表的条目,其生命周期状态也被OPEN设置成INSTALLED。如果安装过程中,收到了选择该应用的请求且该应用是可选择的,则OPEN会将这个应用的生命周期状态设为SELECTABLE。
Once an Application or Security Domain is available for selection, it takes control of managing its own Life Cycle. The definition of these state transitions is Application or Security Domain dependent and not controlled by the OPEN.
一旦应用或安全域是可选择的,则它自身开始管理自己的生命周期,而生命周期状态的迁移就依赖于应用或安全域而非OPEN来定义了。
At any point in the Application or Security Domain Life Cycle, the OPEN may take control for security protection by setting the Life Cycle State to LOCKED. The OPEN also controls the deletion of an Application from the card.
在应用或安全域生命周期的任何时刻,OPEN都可将应用或安全域的生命周期状态设置为LOCKED,以便对安全保护进行控制。OPEN还控制着从卡片上删除应用的操作。
5.3.1 Application Life Cycle States
5.3.1 应用生命周期状态
This Specification defines the following Application Life Cycle States:
INSTALLED
SELECTABLE
LOCKED
本规范定义的应用生命周期状态如下:
INSTALLED
SELECTABLE
LOCKED
In addition to these Application Life Cycle States, the Application may define its own Application dependent states.
Once the Application reaches the SELECTABLE state, it is responsible for managing the next steps of its own Life Cycle. It may use any Application specific states as long as these do not conflict with the states already defined by GlobalPlatform. The OPEN may not perform these transitions without instruction from the Application and the Application is responsible for defining state transitions and ensuring that these transitioning rules are respected.
除了以上的应用生命周期状态,应用还可定义自己的与应用相关的状态。 一旦应用处于SELECTABLE状态,就由其自己来维护自定义的生命周期状态。应用可以使用任何自定义的状态,只要与GlobalPlatform定义的状态不冲突即可。OPEN可以在没有得到应用发来的明确指令时,不执行这些自定义的状态间的迁移。应用负责自定义状态间的迁移的定义,并确保迁移规则得到贯彻。
5.3.1.1 Application Life Cycle State INSTALLED
The state INSTALLED means that the Application executable code has been properly linked and that any necessary memory allocation has taken place. The Application becomes an entry in the GlobalPlatform Registry and this entry is accessible to off-card entities authenticated by the associated Security Domain. The Application is not yet selectable. The installation process is not intended to incorporate personalization of the Application, which may occur as a separate step.
5.3.1.1 应用生命周期状态INSTALLED
INSTALLED状态意味着应用的可执行代码的链接和任何必要的内存分配已经完成,应用已经在GlobalPlatform注册表中注册为一个条目,经过与该应用关联的安全域认证后的卡外实体可以对该条目进行访问,该应用还不是可选的。安装过程与应用的个人化不能混为一谈,两者很可能在不同的步骤里进行。
5.3.1.2 Application Life Cycle State SELECTABLE
The state SELECTABLE means that the Application is able to receive commands from off-card entities. The state transition from INSTALLED to SELECTABLE is irreversible. The Application shall be properly installed and functional before it may be set to the state SELECTABLE. The transition to SELECTABLE may be combined with the Application installation process.
The behavior of the Application in the state SELECTABLE is beyond the scope of this Specification.
5.3.1.2 应用生命周期状态SELECTABLE
SELECTABLE状态意味着应用能够从卡外实体接收命令。从INSTALLED状态到SELECTABLE状态的迁移是不可逆的。在设置成SELECTABLE状态前,应用必须已经正确安装且功能正常。迁移到SELECTABLE状态可以同应用的安装一起进行。处于SELECTABLE状态的应用所具有的行为,已经超出了本规范论述的范围。
5.3.1.3 Application Life Cycle State LOCKED
5.3.1.3 应用生命周期状态LOCKED
The OPEN, the Application itself, the Application's associated Security Domain, an Application with the Global Lock privilege or a Security Domain with the Global Lock privilege uses the state LOCKED as a security management control to prevent the selection, and therefore the execution, of the Application.
OPEN、应用自身、应用关联的安全域、具备“全局锁定权限”的应用以及具备“全局锁定权限”的安全域,都可以利用LOCKED状态作为安全管控的手段,以阻止该应用的选定与执行。
If the OPEN detects a threat from within the card and determines that the threat is associated with a particular Application, that Application may be prevented from further selection by the OPEN setting the state to LOCKED.
如果OPEN发现出自卡片的威胁存在且此威胁与特定的应用有关,就会将该应用的状态设置成LOCKED以避免其被选定。
Alternatively, the off-card entity may determine that a particular Application on the card needs to be locked for a business or security reason and may initiate the Application Life Cycle transition via the OPEN.
换句话说,如果卡外实体因为商业或安全的原因,决定将卡上的某个特定应用进行锁定,可以借助OPEN来启动应用生命周期状态的迁移。
Once the state is LOCKED, only the Application's associated Security Domain, an Application with Global Lock privilege or a Security Domain with Global Lock privilege is allowed to unlock the Application. The OPEN shall ensure that the Application Life Cycle returns to its previous state.
一旦处于LOCKED状态,只有应用关联的安全域、具备“全局锁定权限”的应用以及具备“全局锁定权限”的安全域,才能够对应用进行解锁。OPEN必须确保应用生命周期能够恢复到锁定前的状态。
5.3.1.4 Application Deletion
5.3.1.4 应用的删除
At any point in the Application Life Cycle, the OPEN may receive a request to delete an Application.
OPEN可能在应用生命周期的任何时刻,收到删除某个应用的请求。
5.3.1.5 Application Specific Life Cycle States
5.3.1.5 应用自定义的生命周期状态
These states are Application specific. The behavior of the Application, while in these states, is determined by the Application itself and is beyond the scope of this Specification. The OPEN does not enforce any control on Application specific Life Cycle State transitions.
这样的状态是应用自定义的,应用处在这些状态的行为,取决于应用本身,超出了本规范论述的范围。OPEN不会对应用自定义的生命周期状态之间的迁移进行任何控制。
5.3.1.6 Application Life Cycle State Transitions
5.3.1.6 应用生命周期状态的迁移
Figure 5-2 illustrates the state transition diagram for the Application Life Cycle. This can typically be viewed as a sequential process with certain possibilities for reversing a state transition or skipping states.
图片5-2举例说明了应用生命周期的状态迁移图。该状态迁移图反映了反转状态或跳过某些状态的典型情况。
5.3.2 Security Domain Life Cycle States
This Specification defines the following states applicable to a Security Domain:
1. INSTALLED
2. SELECTABLE
3. PERSONALIZED
4. LOCKED
There are no proprietary Security Domain Life Cycle States.
5.3.2 安全域生命周期状态
本规范定义的安全域生命周期状态如下:
INSTALLED
SELECTABLE
PERSONALIZED
LOCKED
安全域不存在私有的生命周期状态。
5.3.2.1 Security Domain Life Cycle State INSTALLED
The state INSTALLED means that the Security Domain becomes an entry in the GlobalPlatform Registry and this entry is accessible to off-card entities authenticated by the associated Security Domain. The Security Domain is not yet available for selection. It cannot be associated with Executable Load Files or Applications yet and therefore its Security Domain services are not available to Applications.
5.3.2.1 安全域生命周期状态INSTALLED
INSTALLED状态意味着安全域已经在GlobalPlatform注册表中注册为一个条目,经过关联的安全域认证后的卡外实体可以对该条目进行访问。该安全域还不是可选择的,且还不能与可执行加载文件或应用相关联,因此其安全域服务对应用而言,还是不可用的。
5.3.2.2 Security Domain Life Cycle State SELECTABLE
The state SELECTABLE means that the Security Domain is able to receive commands (specifically personalization commands) from off-card entities. As they still do not have keys, the Security Domains cannot be associated with Executable Load Files or Applications and therefore their services are not available to Applications when they are in this state. The state transition from INSTALLED to SELECTABLE is irreversible. The transition to SELECTABLE may be combined with the Security Domain installation process.
5.3.2.2 安全域生命周期状态SELECTABLE
SELECTABLE状态意味着安全域可以从卡外实体接收命令(特别是个人化命令)。此时的安全域并不拥有密钥,因此不能与可执行加载文件或应用相关联,也就不能向应用提供安全域服务。从INSTALLED状态到SELECTABLE状态的迁移是不可逆的,迁移到SELECTABLE状态可以同安全域的安装一起进行。
5.3.2.3 Security Domain Life Cycle State PERSONALIZED
The definition of what is required for a Security Domain to transition to the state PERSONALIZED is Security Domain dependent but is intended to indicate that the Security Domain has all the necessary personalization data and keys for full runtime functionality (i.e. usable in its intended environment). The transition from SELECTABLE to PERSONALIZED (initiated by the Security Domain itself) is irreversible.
In the state PERSONALIZED, the Security Domain may be associated with Applications and its services become available to these associated Applications.
5.3.2.3 安全域生命周期状态PERSONALIZED
迁移到PERSONALIZED时需要完成什么操作取决于安全域。该状态表明了安全域已经拥有了所有必须的个人化数据和密钥,以便(在其服务的环境中)执行完整的运行时功能。从SELECTABLE状态到PERSONALIZED状态的迁移是不可逆的。处于PERSONALIZED状态的安全域可以同应用相关联,使得其能够向关联的应用提供服务。
5.3.2.4 Security Domain Life Cycle State LOCKED
The OPEN, the Security Domain itself, the Security Domain's associated Security Domain (if any), an Application with the Global Lock privilege or a Security Domain with the Global Lock privilege uses the state LOCKED as a security management control to prevent the selection of the Security Domain.
5.3.2.4 安全域生命周期状态LOCKED
OPEN、安全域自身、与该安全域关联的其他安全域(如果有的话)、具备“全局锁定权限”的应用以及具备“全局锁定权限”的安全域,都可以利用LOCKED状态作为安全管控的手段,以阻止该安全域的选定。
If the OPEN detects a threat from within the card and determines that the threat is associated with a particular Security Domain, that Security Domain may be prevented from further selection by the OPEN setting the Security Domain's Life Cycle State to LOCKED.
如果OPEN发现出自卡片的威胁存在且此威胁与特定的安全域有关,就会将该安全域的状态设置成LOCKED以避免其被选定。
Alternatively, the off-card entity may determine that a particular Security Domain on the card needs to be locked for a business or security reason and may initiate the state transition via the OPEN.
换句话说,如果卡外实体因为商业或安全的原因,决定将卡上的某个特定安全域应用进行锁定,可以借助OPEN来启动安全域生命周期状态的迁移。
In this state, the Security Domain is prevented from being used for Delegated Management if applicable. Locking a Security Domain prevents this Security Domain from being associated with new Executable Load Files or Applications. In this state DAP verification, extradition and access to that Security Domain’s services shall fail. In summary, if a Security Domain is in the lifecycle state LOCKED, it shall reject all received commands.
处于锁定状态的安全域被禁止用于委托管理操作,也被禁止与新的可执行加载文件或应用相关联,而且DAP验证、让渡操作以及该安全域提供服务都必须失效。
Once the Life Cycle State is LOCKED, only the Security Domain's associated Security Domain (if any), an Application with Global Lock privilege or a Security Domain with Global Lock privilege is allowed to unlock the Security Domain. The OPEN shall ensure that the Security Domain's Life Cycle returns to its previous state.
一旦处于LOCKED状态,只有与该安全域关联的其他安全域(如果有的话)、具备“全局锁定权限”的应用以及具备“全局锁定权限”的安全域,才能够对安全域进行解锁。OPEN必须确保安全域生命周期能够恢复到锁定前的状态。
5.3.2.5 Security Domain Deletion
At any point in the Security Domain Life Cycle, the OPEN may receive a request to delete a Security Domain.
The space previously used to store a physically deleted Security Domain is reclaimed and may be reused. The entry within the GlobalPlatform Registry shall no longer be available, and the OPEN is not required to maintain a record of the deleted Security Domain's previous existence.
5.3.2.5 安全域的删除
OPEN可能在安全域生命周期的任何时刻,收到删除某个安全域的请求。删除以前安全域驻留的内存空间被回收并可供重新利用,GlobalPlatform注册表中该安全域对应的条目必须设为不可访问,OPEN也无须对已删除的安全域保留其曾经存在过记录。