Registers – Systems controlled by data bearing records
Reexamination Certificate
2002-02-25
2003-09-02
Lee, Diane I. (Department: 2876)
Registers
Systems controlled by data bearing records
C235S380000, C235S379000, C235S382000, C235S492000, C380S255000, C705S041000
Reexamination Certificate
active
06612486
ABSTRACT:
BACKGROUND OF THE INVENTION
The present invention relates to a smart card managing system. More particularly, the invention relates to a managing method and an issuance processing method of card initializing information to be used in issuing a smart card (hereinafter sometimes referred to as “multi-application smart card”) on which a plurality of application programs can be dynamically loaded or removed and application information to be loaded on the smart card when it is issued, and in particular, to a managing method of application personalizing information based on an applicant (user) for a card.
As has been discussed in Technical Report of IEICE (The Institute of Electronics, Information and Communication Engineers), Vol, 100, No. 541, Knowledge-Based Software, KBSE2000-54 to 65 (Jan. 11, 2001), pages 25 to 32, conventionally, the managing system architecture for issuing and operating a multi-application smart card may be configured so flexibly as to match various business forms if it adopts such a system model as having a card issuer (often abbreviated as CI) and a service provider (often abbreviated as SP) separated from each other.
Concretely, a service provider who provides the service through the use of a card application may be an independent managing entity of a card issuer, based on the characteristic of the multi-application smart card, that is, the characteristic where a plurality of applications may be loaded on a single smart card. Under this managing entity model, the card issuer takes responsibility of an operation and management service on a smart card, owns a smart card issuance managing system of executing the service, and then operates the system. On the other hand, the service provider takes responsibility of an operation and management of the applications, owns an application managing system of executing the service, and operates the system. In executing the actual smart card operating and managing service, both of the systems are cooperated with each other for processing the service.
SUMMARY OF THE INVENTION
The foregoing prior art involves the problem that no sufficient considerations are given to the card issuance service, a typical operating and managing service involved in smart cards, such as the content of a service to be executed by the card issuer and the service provider through the use of their own card issuance managing system and application managing system, the cooperating method of the operating and managing processes to be executed by the two managing systems, the protecting method of the information owned by each managing entity, and so forth. Hereafter, this problem will be discussed in detail.
FIG. 1
illustrates a configuration of a conventional smart card system through the use of several entities such as a smart card issuer, a service provider for a smart card, a smart card issuance bureau (often abbreviated as a bureau), and a smart cart as well as a data flow in a card issuing service.
At first, the summary of a component of the system will be discussed below.
A numeral
101
denotes a smart card issuance managing system. A numeral
104
denotes an application managing system. A numeral
107
denotes a smart card issuance bureau system (often abbreviated as a bureau system). The “smart card issuer” is a managing entity who runs a service of issuing and managing a smart card through the use of the smart card issuance managing system
101
. The “smart card issuer” also takes responsibility of a smart card. The smart card issuance managing system includes a database
103
related to smart card and a smart card issuing unit
102
as minimum components. The smart card issuer holds smart card management information in the database
103
related to smart card, and, based on data in the database, issues a smart card and delivers it to a user
111
. The smart card management information includes application information given from a user and basic information required for issuing a smart card.
The “service provider” is a managing entity who runs a service of issuing and managing an application to be loaded on the smart card through the use of an application managing system
104
. The service provider loads an application on the smart card. The smart card load application may be created by the application managing system or may be obtained or purchased from a third-party system called an application developer
112
. The application managing system includes a database
106
related to application and an application load processing unit
105
as minimum components. The database
106
related to application stores application data.
The “bureau” is a managing entity who runs a deputizing agency business of issuing a smart card through the use of the bureau managing system
107
. The bureau acts for a smart card issuer in response to the request from the smart card issuer when issuing a massive amount of smart cards, for example. The bureau managing system
107
holds a smart card issuance system
108
for issuing a massive amount of smart cards. The smart card issuance system
108
may have a HSM (Hardware Security Module) built therein. The HSM is an information processing apparatus that encrypts or decrypts data to be inputted to the HSM itself through the use of a key held therein. This HSM is characterized by disability to access from the outside of the HSM to the internal information and the internal process of the HSM itself.
The smart card issuance managing system, the application managing system, and the bureau managing system realize transfer of information through a network
113
, delivery of an information recording medium like a floppy disk by mail or by hand delivery or delivery of a form by mail or by hand delivery among those systems.
Further, the above-described smart card issuance managing system
101
of the card issuer and the application managing system
104
of the service provider include an issuing function of a smart card, a smart card issuance deputizing request processing function, and a personalizing function of an application (to be discussed below) in the processing units
102
and
105
, respectively. Each processing function is realized as a computer program and is operated.
In turn, the description will be oriented to the problem of the conventional system by referring to the operating routine of the smart card issuing service in the foregoing system as an example.
In advance of a receipt of an issue application
121
from a user
111
, the smart card issuance managing system
101
and the bureau managing system
107
operate to exchange a bureau key
109
served as a key for the purpose of protecting the card issuance information to be transferred between the card issuer and the card provider. The use of this key makes it possible to guarantee that the card issuance information created by the card issuer is hidden from another managing entity including the bureau and is entered into the smart card issuance system
108
without being interpolated or altered.
At first, the user
111
files an application of issuing a smart card to the smart card issuer (process
121
). The user
111
enters requisite matters in an application form
114
for card issuer and an application form
115
for service provider, the form
115
being for an application to be intended to be loaded initially when the smart card is issued. The former application form is sent to the smart card issuer (process
122
), while the latter is sent to the service provider (process
123
). The matters to be entered on the applications include a user name and a password (PIN) to be set to the card or the application and personal information like an annual income. It is to be noted that the personal information items to be described on the application forms may be different according to each of the application forms. It means that one form for an application needs the name and the birth date of the user, while another form for an application needs the name and the password of the user. Further, it is to be noted that the personal information to be requi
Ashizawa Minoru
Matsui Yutaka
Mishina Yusuke
Sato Akiko
Shindou Yuusuke
Antonelli Terry Stout & Kraus LLP
Lee Diane I.
Sanders Allyson
LandOfFree
Smart card managing system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Smart card managing system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Smart card managing system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3039874