Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1998-05-12
2001-11-13
Swann, Tod (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
Reexamination Certificate
active
06317832
ABSTRACT:
BACKGROUND OF INVENTION
Integrated circuit (“IC”) cards are becoming increasingly used for many different purposes in the world today. An IC card (also called a smart card) typically is the size of a conventional credit card which contains a computer chip including a microprocessor, read-only-memory (ROM), electrically erasable programmable read-only-memory (EEPROM), an Input/Output (I/O) mechanism and other circuitry to support the microprocessor in its operations. An IC card may contain a single application or may contain multiple independent applications in its memory. MULTOS™ is a multiple application operating system which runs on IC cards, among other platforms, and allows multiple applications to be executed on the card itself. This allows a card user to run many programs stored in the card (for example, credit/debit, electronic money/purse and/or loyalty applications) irrespective of the type of terminal (i.e., ATM, telephone and/or POS) in which the card is inserted for use.
A conventional single application IC card, such as a telephone card or an electronic cash card, is loaded with a single application at its personalization stage. That application, however, cannot be modified or changed after the card is issued even if the modification is desired by the card user or card issuer. Moreover, if a card user wanted a variety of application functions to be performed by IC cards issued to him or her, such as both an electronic purse and a credit/debit function, the card user would be required to carry multiple physical cards on his or her person, which would be quite cumbersome and inconvenient. If an application developer or card user desired two different applications to interact or exchange data with each other, such as a purse application interacting with a frequent flyer loyalty application, the card user would be forced to swap multiple cards in and out of the card-receiving terminal, making the transaction difficult, lengthy and inconvenient.
Therefore, it is beneficial to store multiple applications on the same IC card. For example, a card user may have both a purse application and a credit/debit application on the same card so that the user could select which type of payment (by electronic cash or credit card) to use to make a purchase. Multiple applications could be provided to an IC card if sufficient memory exists and an operating system capable of supporting multiple applications is present on the card. Although multiple applications could be pre-selected and placed in the memory of the card during its production stage, it would also be beneficial to have the ability to load and delete applications for the card post-production as needed.
The increased flexibility and power of storing multiple applications on a single card create new challenges to be overcome concerning the integrity and security of the information (including application code and associated data) exchanged between the individual card and the application provider as well as within the entire system when loading and deleting applications. It would be beneficial to have the capability in the IC card system to exchange data among cards, card issuers, system operators and application providers securely and to load and delete applications securely at any time from either a terminal or remotely over a telephone line, internet or intranet connection or other data conduit. Because these data transmission lines are not typically secure lines, a number of security and entity-authentication techniques must be implemented to make sure that applications being sent over the transmission lines are only loaded on the intended cards.
As mentioned, it is important—particularly where there is a continuing wide availability of new applications to the cardholder—that the system has the capability of adding applications onto the IC card subsequent to issuance. This is necessary to protect the longevity of the IC cards; otherwise, once an application becomes outdated, the card would be useless. In this regard, to protect against the improper or undesired loading of applications onto IC cards, it would be beneficial for the IC card system to have the capability of controlling the loading process and restricting, when necessary or desirable, the use of certain applications to a limited group or number of cards such that the applications are “selectively available” to the IC-cards in the system. This “selective capability” would allow the loading and deleting of applications at, for example, a desired point in time in the card's life cycle. It would also allow the loading of an application only to those cards chosen to receive the selected application.
Accordingly, it is an object of this invention to provide these important features and specifically a secure IC-card system that allows for selective availability of smart card applications which may be loaded onto IC cards.
SUMMARY OF THE INVENTION
These and other objectives are achieved by the present invention which provides an IC card system comprising at least one integrated circuit card and having a certification authority and a personalization bureau. The certification authority (“CA”) maintains encryption and decryption keys for the entire system and provides the card manufacturer with security data to be placed on the card at manufacture.
Specifically, in a preferred embodiment, an IC card is injected at manufacture with the public key of the CA and a card identifier for uniquely identifying each of the cards. Subsequent to manufacturer, the cards are preferably provided to a personalization bureau (“PB”) which could be a card issuer, for enabling the cards. The PB obtains from the cards the identifiers and forwards a list of card identifiers to the CA.
The CA in turn creates a personalization data block for each card identifier, and each data block preferably includes card personalization data and an individual key set. The data block is encrypted and forwarded back to the PB. By using the card identifier, the PB then matches the cards wilt the encrypted data blocks and separately loads each data block onto the matched card, and preferably sets an enablement bit indicating that the card has been enabled and is ready for application loading.
The application loading process is preferably performed at the PB. At first, the system checks to see whether the card to be loaded is qualified (as defined below) to accept the loading of a specific application. The application loader via a terminal will be advised if the card is qualified and, if so, a check will be done using the CA's public key to determine whether the application to be loaded has been signed by the CA's secret key indicating that the application to be loaded has been allowed by the CA.
REFERENCES:
patent: 4882474 (1989-11-01), Anderl et al.
patent: 4901276 (1990-02-01), Iijima
patent: 4949257 (1990-08-01), Orbach
patent: 5014312 (1991-05-01), Lisimaque et al.
patent: 5162989 (1992-11-01), Matsuda
patent: 5293577 (1994-03-01), Hueske et al.
patent: 5378884 (1995-01-01), Lundstrom et al.
patent: 5452431 (1995-09-01), Bournas
patent: 5581708 (1996-12-01), Iijima
patent: 5588146 (1996-12-01), Leroux
patent: 5682027 (1997-10-01), Bertina et al.
patent: 5796831 (1998-08-01), Paradinas et al.
patent: 5825875 (1998-10-01), Ugon
patent: 5841870 (1998-11-01), Fieres et al.
patent: 5889941 (1999-03-01), Tushie et al.
patent: 6005942 (1999-12-01), Chan et al.
patent: 6038551 (2000-03-01), Barlow et al.
patent: 0152024 (1985-08-01), None
patent: 0157303 (1985-10-01), None
patent: 0190733 (1986-08-01), None
patent: 0218176 (1987-04-01), None
patent: 0261030 (1988-03-01), None
patent: 0275510 (1988-07-01), None
patent: 0292248 (1988-11-01), None
patent: 0325506 (1989-01-01), None
patent: 0328289 (1989-08-01), None
patent: 0354793 (1990-02-01), None
patent: 0451936 (1991-10-01), None
patent: 0466969 (1992-01-01), None
patent: 0475837 (1992-03-01), None
patent: 0547741 (1992-09-01), None
patent: 0537756 (1993-04-01), None
patent: 0540095 (1993-05-01), None
patent: 0559205 (1993-08-01), None
patent: 0588
Everett David Barrington
Miller Stuart James
Peacham Anthony David
Richards Timothy Philip
Simmons Ian Stephen
Baker & Botts L.L.P.
Mondex International Limited
Smithers Matthew
Swann Tod
LandOfFree
Secure multiple application card system and process does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Secure multiple application card system and process, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Secure multiple application card system and process will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2606509