Registers – Records
Reexamination Certificate
2000-12-05
2003-03-25
Le, Thien M. (Department: 2876)
Registers
Records
Reexamination Certificate
active
06536671
ABSTRACT:
CROSS REFERENCE TO RELATED APPLICATIONS
This application is a 371 of PCT/IB99/00653 filed Apr. 14, 1999.
TECHNICAL FIELD
The invention concerns integrated circuit cards, such as smartcards, in general, and an automatic recovery scheme in particular.
BACKGROUND OF THE INVENTION
Integrated circuit cards (ICCs), more widely known as smartcards, are small credit card size carriers containing electronics. The smartcard concept began in Europe prior to 1985, and is today being used in telephone systems, toll roads, game parlors, and personal computers, just to mention some applications.
In the following, the term integrated circuit card will be used, because ISO uses the term to encompass all those devices where an integrated circuit is contained within a card-size piece of plastic, or the like.
So far, ICCs have only been used in one of two ways. Either, the ICCs provide simple, more or less tamper-proof storage for small amounts of data, or they execute simple security-related operations like data signature, or encryption-based authentication, e.g. employing a challenge-response protocol. Some applications like pre-paid telephone or cinema cards, as well as health care cards storing personal data make use of the first property. ICCs in the second domain are used as secure tokens executing authentication procedures for example during computer system logon, or when opening appropriately equipped doors for access to a restricted area.
Typical ICCs supporting the above two modes of operation or use comprise a microprocessor (central processing unit, CPU), a read-only memory (ROM), a random-access memory (RAM), and some type of non-volatile, programmable memory, such as an EEPROM (electrically erasable programmable read only memory). In addition, an ICC usually comprises some kind of a bus (such as a serial bus) and I/O ports for interconnection to a card terminal and for communication with the outside world. Such a card terminal provides the necessary power, electric signaling at the hardware level, as well as the basic communication protocols at the software level to interact with the ICC. Two types of card terminals are available: The more expensive model physically locks the. ICC as a whole. Alternatively, and in order to reduce cost of card terminals, it is also very common to only provide a slot into which the user can insert and from which he can retract the ICC at will.
EP-A-0526 139 describes an integrated circuit card comprising a processor, volatile memory, non-volatile memory, power coupling means allowing external power to be supplied to the card, failure protection means maintaining power for a short period of time in case of a power supply failure, and a power-failure detector sensing a power supply failure. The power-failure detector triggers the transfer of information from the volatile memory to the non-volatile memory if a power supply failure is sensed, and the failure protection means provide power for this transfer.
WO96/36947 describes a technique for transaction recovery in a value transfer system.
Most ICCs comprise components in form of integrated circuits which are molded together on a flexible card (e.g. PVC or ABS). The dimension of these integrated circuits (ICs) is at most 25 mm
2
(silicon die size). A typical ICC has a size of 85.6 mm×53.98 mm×0.76 mm It is to be expected that the ICC's integrated circuits shrink in size and that these ICCs become more and more powerful, taking advantage of advanced semiconductor technology.
The contents of the ROM type of memory is fixed and can not be changed once manufactured by the semiconductor company. This is a low cost memory, in that it occupies minimum space on the substrate. It is a disadvantage of a ROM that it cannot be changed and that it takes several months to be produced As opposed to this, an EEPROM is erasable by the user and can be rewritten many times, ROMs and EEPROMs are non volatile. In other words, when the power is removed they still retain their contents. A RAM is a volatile memory and as soon as the power is removed the data content is lost A RAM, however, has the advantage that it is much faster than ROMs and EEPROMs. On the other hand, a RAM is more expensive in terms of die size.
ICCs come in two forms, contact and contactless. The former is easy to identify because of its gold connector I/O ports. Although the ISO Standard (7816-2) defined eight contacts, only six are actually used to communicate with the outside world The contactless card may contain its own battery, particularly in the case of a “Super Smart Card” which has an integrated keyboard and LCD display. In genera; however, the operating power is supplied to the contactless card electronics by an inductive loop using low frequency electronic magnetic radiation. The communications signals may be transmitted in a similar way or can use capacitive coupling or even an optical connection.
Recent advances in chip design enabled the introduction of FlashRAM for non-volatile memory and 32-bit microprocessors on the same silicon estate. Thus, ICCs are getting powerful enough to host simple, but nonetheless fully functional applications, by far exceeding the simple read/write, respectively encrypt/decrypt routines as outlined above. For example, complex security-related operations like full-blown cryptographic or electronic commerce protocols could be run on the card itself and need no longer reside on a more insecure personal computer.
For most applications in the simple read/write, respectively encrypt/decrypt scenarios outlined above, power-loss by card retraction at any time does not create a serious problem. As an example for the first scenario, a telephone card's credit/debit amount can always be stored into persistent memory on the ICC, before an action (i.e. a call) is taken. For the second usage type, recovery is even more easy. If an authentication cannot be completed, the card simply does not provide its service. In both cases, it is possible to find a way that no harm is done to the card's functionality if the user retracts the ICC prematurely from the card terminal.
However, there are other kinds of nontrivial applications, where premature card extraction, or interruption of the inductive loop providing power to a contactless ICC using electronic magnetic radiation, might create a serious problem since it leads to the immediate loss of supply voltage. Due to this loss of supply voltage, all contents of the ICC's RAM, and with it the whole transient application state is lost immediately and irrevocably. Such a loss of application state can possibly wreak havoc to a system not prepared to handle this type of event.
Currently, two main approaches for dealing with this problem are known, or under development for ICCs. According to the first approach, RAM is not used at all for any type of operation involving data that has to be kept permanent and consistent. Unfortunately, always using non-volatile memory has a couple of serious drawbacks. One is the extreme performance penalty that has to be paid as every memory write access is roughly 500 to thousand limes slower when using EEPROM or FlashRAM instead of RAM. An even more serious problem is the limitation on the amount of guaranteed write cycles (100000 times for EEPROM, 1000000 times for FlashRAM, respectively). In the new setting, where memory-intensive applications like cryptographic protocols may continuously access this memory, these figures can easily be reached within a couple of minutes. After this time, an ICC would simply cease to operate, or its reliability would be drastically reduced.
In order to address this problem, a second approach using the well-known transaction concept from database development has been adopted. This concept permits applications to use the ICC's RAM, but the application developer has to ensure that critical data structures are always guarded by transaction ‘brackets’. A transaction bracket is a code segment marked at the starting with a source code statement ‘transaction begin’ and at the end with either
Caputo Lisa M.
Herzberg Louis P.
International Business Machines - Corporation
Le Thien M.
Scully Scott Murphy & Presser
LandOfFree
Automatic recovery of integrated circuit cards does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Automatic recovery of integrated circuit cards, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Automatic recovery of integrated circuit cards will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3029242