Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1998-10-13
2002-04-02
Pesso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C712S029000, C712S029000, C380S255000
Reexamination Certificate
active
06367011
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates generally to smart cards. More specifically, the present invention relates to a system and method for personalization of smart cards having multiple applications.
BACKGROUND OF THE INVENTION
Before a smart card is issued to a cardholder, the card goes through an initialization and a personalization process. During the initialization process, a manufacturer or other card supplier embeds an integrated circuit chip into the plastic card body. The chip is loaded with at least one application program, such as a credit or a stored value application. In addition, a file structure may be initialized with default values, and initial cryptographic keys may be stored for transport security. After a card is initialized, it is then typically personalized. During personalization, the smart card is generally loaded with data that uniquely identifies the card, and with data that allows the card to be used in a payment system, for example. Personalization data may include file information, application information, a maximum value for an application or of the card and a personal identification number (PIN) or other cardholder information. Also included may be the currency in which the card or application is valid, the expiration date of the card or application, and a variety of cryptographic keys and algorithm information for the card or applications on the card. For certain applications, cryptographic information to be loaded during personalization can include not only a secret card key and derived keys, but also public key certificates. Card life cycle is described in
Financial transaction cards—Security architecture of financial transaction systems using integrated circuit cards, Part
1
: Card life cycle
, International Organization for Standardization, ISO 10202-1, 1991, which is incorporated by reference.
Conventionally, the smart card is personalized at a personalization bureau, often a third party contracted by a smart card issuer to personalize their smart cards. The personalization bureau may be in a separate physical location from the location of the smart card issuer or from the location of the entity that performs smart card initialization. During personalization, a personalization device located at the personalization bureau is coupled to a security module. The personalization device generally provides data which, when installed on a card, gives the card the ability to run application programs.
During personalization, cryptographic keys (such as derived card keys) are stored in a memory of the initialized card. These keys are used for a variety of cryptographic purposes. Derived card keys are derived from master keys stored in the security module (of the personalization bureau) using derivation data unique to each card. The derivation data is encrypted with a suitable algorithm using a master key to produce a derived card key for a particular card. The use of the master key to produce derived card keys obviates the need to have a unique key for every card in the system stored in terminals where applications are used. Instead, the master key can be used with derivation data from the card to independently regenerate the derived card key. This allows a terminal and a card to securely communicate with each other while the terminal only needs to hold a small number of master keys to communicate with a large number of cards in a system.
There can be a potential problem with security when using this conventional method of personalization and derived keys. Since all card keys are typically derived at the time of personalization, all of the master keys are required at the personalization device within the personalization bureau. A security issue can arise when the master keys are placed within a third party's control, such as at the personalization bureau. Every additional party who has access to the master keys is a potential breach of security.
Another common problem with conventional personalization is that the personalization process can take a substantial amount of time. In addition to the cost of contracting with third parties to perform the personalization process, the time needed to perform the personalization process adds an additional amount to the total cost of personalization. This results in higher priced cards and systems.
In fact, a major challenge in the implementation of encryption technology (and especially public key technology) in chip cards is in how to achieve significant throughput in the personalization process. It is interesting to note that because personalization is seen as a bottleneck in the overall process, special and costly personalization machines are used that are able to personalize multiple cards at once. With banks having a requirement to issue millions of cards per year, it is imperative that the process be fully optimized. For example, as mentioned briefly above, certain chip card applications require not only a card secret key (for example, the secret key of a card public key pair), but also public key certificates and derived keys that are placed onto the card. Creating such card keys and public key certificates at the point of personalization could severely degrade throughput. For example, a stored value application may require that a smart card be loaded with a card secret key, a card certificate, an issuer certificate, at least three DES keys and other card data. Creating card key pairs at the point of personalization would inhibit throughput.
Furthermore, it is conceivable that one smart card may contain multiple applications. Each application is likely to require its own set of keys, data and algorithms. Personalization throughput would be dramatically affected should each smart card have to be run through a separate personalization process for each application that it contains. Requiring each card to be personalized multiple times is not cost effective.
It would therefore be desirable to provide a system and method for personalizing a smart card such that the issuer's master keys and other secret information can remain secure. It would also be desirable to provide a system and method for personalizing a card such that the time required for the personalization process at the personalization bureau is decreased. It would be further desirable to efficiently personalize smart cards that may have multiple applications stored thereon. The present invention addresses such needs.
SUMMARY OF THE INVENTION
To achieve the foregoing, and in accordance with the purpose of the present invention, a preparation process is disclosed that speeds up the personalization process for smart cards. The process may be used to personalize single or multiple application smart cards. Derived card keys, public key pairs (if any) and public key certificates (if any) are generated in advance. The preparation process creates an output file by merging the generated secret data with card data from other issuer cardholder systems. Advantageously, chip card data is interspersed with other personalization data in a flexible format in the output file. The file is input to the personalization process. Advantageously, the entity performing personalization may then use the output file to personalize all applications on a smart card in one process.
An embodiment of the present invention speeds up the personalization process performed at the personalization bureau by deriving any needed derived card keys prior to the time of personalization at the bureau. Additionally, the present invention provides greater overall security by allowing the issuer to maintain the master keys (or other secret information) at the issuer's location without the need to give the master keys to a personalization bureau or other third party. The present invention is applicable to a wide variety of secret information that an issuer may not wish to divulge to outside parties. By using the secret information at the issuer location to help produce the output file, the secret information need not be divulged to a third party such as a personalize
Gorden Mary L.
Lee Alson
Beyer Weaver & Thomas LLP
Pesso Thomas R.
Visa International Service Association
LandOfFree
Personalization of smart cards does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Personalization of smart cards, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Personalization of smart cards will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2924529