Electrical computers and digital processing systems: multicomput – Computer-to-computer data addressing
Reexamination Certificate
2000-03-17
2004-06-01
Maung, Zarni (Department: 2154)
Electrical computers and digital processing systems: multicomput
Computer-to-computer data addressing
C709S238000, C709S250000
Reexamination Certificate
active
06745247
ABSTRACT:
FIELD OF INVENTION
The present invention relates to a method and system for sending data and other information based on protocol standards developed by the International Standards Organization (ISO), related to smart card applications, and more particularly to a method and system for deployment of smart card applications on data networks, such as IP and broadband in view of ISO-7816.
BACKGROUND OF THE INVENTION
Smart cards have been employed in the field of financial transaction systems to store value, owing to their ability to contain cryptographic engines and store secret keys securely. As such, they have come to be regarded as a cheap tamper-proof repository for secure data, such as loyalty value, personal identification (ID) information, and even cash value.
All smart card applications are built around a standard specified by the International Standards Organization (ISO) as ISO-7816. This standard specifies a framework for storing data within the card and a basic operating Application Programming Interface (API) for commanding the card to perform its functions.
All smart card applications requiring cryptographic authentication usually require two or more smart cards, one card held by an entity desiring authentication and another card held by an authenticating authority that carries out the authenticating protocol defined by the application. This authentication process involves the two smart cards exchanging data in some form of a challenge and response scenario.
The ISO-7816 committee was well aware that many applications would require multiple smart cards, as well as non smart card devices, to support the applications. These devices include user interface displays, data storage, and keyboards. The committee also knew that these smart card devices and non-smart card supporting devices would need to be addressable from within any card or device within the application. As a result, the committee specified that smart card devices and supporting devices could optionally communicate with each other on a simple bus network, for which a protocol for an application component device was described to facilitate interaction between the devices over this bus.
The name given to the protocol was T=1, and it merely required that any data going into or out of any component device within the application be prepended with a header that specified the device address from which the data was sent, called a Source Node Address, and a device address, to which the application desired the data be sent, called the Destination Node Address.
Under the protocol, the T=1 Router within the application would route data to the Destination Node Address specified in the header. Application designers who did not desire to avail themselves of this feature would use the T=0 protocol, in which no header is prepended to data going to or from the smart card.
Typical applications for the T=1 protocol are microprocessor-based purchase terminals for smart card based cash applications, in which the T=1 addressable nodes are always hard-wire connected together and consequently reside on the same circuit board. These terminals typically are used in retail establishments to transfer value from a customer's smart card to the merchant's smart card. However, there is a growing need for these same applications to run in topologies where the T=1 addressable Nodes cannot be wired together as they are in an embedded terminal. One such topology is a network application where one smart card may be on a personal computer (PC) on the Internet and another may be in an Internet Server.
The ISO committee did not address the issue of smart cards and their supporting non-smart card application components communicating over a network. Consequently, no standards currently exist in the ISO-7816 specification for connecting smart card application components over a network.
There is therefore a recognized need in the art for an application that connects and allows for secure and quick data transfer over networks.
SUMMARY OF THE INVENTION
An embodiment of the present invention advantageously permits ISO-7816 smart cards and their non-smart card supporting devices to be connected and interact over IP, broadband and Wide Area Networks (WAN) networks using the T=1 protocol, just as if they were connected locally. The invention takes a node address in a T=1 embedded terminal and maps each address into a network address, such as a Universal Resource Locator (URL), such that different components of the terminal that are T=1 addressable may exist throughout, for example, an IP network. The advantages offered by the invention include security and speed, resulting in increased ease of use. Furthermore, the invention gives the smart card autonomy and independence by enabling it to contain within itself all the network addresses of the components of the application of which it is a part.
Smart card addressable nodes and non-smart card addressable nodes can send and receive data to and from any other Addressable Node with no “knowledge” of where those addressable nodes may be located (e.g., in the microprocessor's memory, on a device connected by serial IO line, or on a computer on a remote network). This provides an improvement over the prior art by allowing embedded smart card applications to be ported to large networks with little modification.
The present invention also allows new applications to be developed that can avail themselves of a network connectivity mechanism that allows programs inside the smart cards themselves to autonomously configure the network topology and then issue commands to send and receive data to the application components of the network.
In one embodiment, the present invention relates to a method for routing data between a microprocessor on a smart card and a component device over at least one network. The method comprises sending data from the microprocessor on the smart card to a router through a smart card address handler. The router is preferably an extended T=1 router and includes a first extended routing table. The data is then routed over the network. In routing the data, the data is sent from the router to a network-coupled address handler to the network. The data from the smart card may be routed to an internet protocol network, to a broadband network, to a wide area network or another network through which data is normally sent. The data is received at a second router that is hard wire connected to the component device. In receiving the data at the second router, the data is received from the network and sent through a second network-coupled address handler to the second router. The second router is preferably an extended T=1 router and comprises a second extended routing table. The data is then sent from the second router to the component device through a node address handler. In one embodiment, the second component is a security access module. The security access module may be a second smart card that authenticates the first smart card. In another embodiment, the component device may be a terminal application responsible for starting and operating a terminal. In a further embodiment, the component device may be a data storage device, responsible for storing data from smart cards in non-volatile memory. In another embodiment, the component device may be a terminal having a display device and an input device, such as a keyboard or a mouse.
In another embodiment, data is routed between a first cluster and a second cluster over at least one network. The data is sent from the first cluster to a network by sending the data from a first component device through a first node address handler to a first router and through a network-coupled address handler to the network. In one embodiment, the first component device is a smart card having a microprocessor. The first router is preferably an extended T=1 router, including a first extended routing table. From the network, the data is received at the second cluster. To receive
Kawan Joseph C.
Taylor Harold
Citicorp Development Center Inc.
Kilpatrick & Stockton LLP
Marcou George T.
Maung Zarni
LandOfFree
Method and system for deploying smart card applications over... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for deploying smart card applications over..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for deploying smart card applications over... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3311344