Electrical computers and digital processing systems: support – System access control based on user identification by... – Pin/password generator device
Reexamination Certificate
1998-12-15
2004-05-25
Barrón, Gilberto (Department: 2132)
Electrical computers and digital processing systems: support
System access control based on user identification by...
Pin/password generator device
C713S152000, C380S201000
Reexamination Certificate
active
06742120
ABSTRACT:
BACKGROUND OF INVENTION
Integrated circuit cards are becoming increasingly used for many different purposes in the world today. An IC card typically is the size of a conventional credit card on which a computer chip is embedded. It comprises a microprocessor, read-only-memory (ROM), electrically erasable programmable read-only-memory (EEPROM), an Input/Output (I/O) mechanism and other circuitry to support the microprocessor in its operations. An IC card may contain one or more applications in memory. An application loader is the entity which loads the application on the card. The application loader may be the actual developer of the application or may be a third party.
MULTOS™ is a multiple application operating system which runs on IC cards, among other platforms, and allows multiple applications to be executed on the card itself. This allows a card user to run many programs stored in the card (for example, credit/debit, electronic money/purse and/or loyalty applications) irrespective of the type of terminal (i.e., ATM, telephone and/or POS) in which the card is inserted for use. Of utmost importance in using such a card is security, and the operator of a card system enables cards to securely communicate with terminals or other cards. The operator also manages application loading and deleting from cards and the cryptographic keys which make the system secure.
IC cards typically have limited storage capacity due to the size and cost restraints of locating memory on the card. Applications for multi-application smart cards are written in a programming language and are typically stored in the EEPROM whose contents can be changed during the lifetime of the card. One example of a programming language used in IC cards is Multos Executable Language (MEL™). The MEL program instructions are read from EEPROM when they are executed and are interpreted by the operating system stored in ROM.
The ROM on the IC card includes the operating system written in assembler language code for the particular integrated circuit configuration (native language type code). The operating code stored in ROM is fixed when the ROM is initially written and the information stored in ROM will not change for the life of the card.
Also present in ROM can be subroutines called primitives written in a native language code for the microprocessor which can be called by either the operating system itself or by applications when they are executed. Primitives are written in the native language (i.e. assembler language) so that they can be executed very quicky and minimal interpretation of the instructions is necessary for execution. These primitives are collections of instructions which typically perform a desired function, such as a mathematical or cryptographic function. The instructions are never changed during the lifetime of the card. Any data used or accessed by the primitives are stored in EEPROM so that the contents of the data elements can change as necessary.
In the MULTOS™ system, applications can call primitives stored on the card which then are executed by the operating system. For example, if an application needs to divide two numbers, the application can call the “divide” primitive and provide the operands for the function and the primitive will execute the calculation. Every application on the card has the ability to call the divide primitive by executing an “access divide primitive” instruction. While some primitives are necessary to almost all applications, such as basic mathematical formulas or basic data retrievals, some primitives are optional and are intended to be used by only some applications. For example, security related primitives which encrypt/decrypt data may be used by some applications (e.g., a bank application) but not others (e.g., an air miles or entertainment application) due to the needs of the individual application.
Additionally, external considerations may impact the permitted use of some primitives by an application. These considerations would require the operator of the card system to have control over (i.e., prevent) access to certain primitives by individual applications. One such consideration is an individual country's concerns about strong encryption algorithms for certain types of applications being used in the country and being exported from the country. For example, the United Kingdom may allow an encryption algorithm which is part of a primitive to be exported out of the country if the algorithm is used for a banking function. However, if the encryption algorithm is used on general data such as health information, the United Kingdom's public policy may dictate that the encryption algorithm cannot be used outside its borders. Thus, it would be advantageous to disable the encryption primitive for that application if a country's laws prohibit that type of data being encrypted and exported. This selective enabling of primitives for individual applications would be a powerful mechanism to control the card system.
There are other reasons to provide selective access to different primitives. Specifically, it would be desirable to have an access check for different primitives to selectively enable primitives depending upon the needs of the card system operation and/or of the providers of the applications which run on the system. For example, an I/O port “access flag” could be checked when a selected primitive is called. Most IC cards currently can exchange information with a terminal by physically connecting an I/O port on the card with the terminal. The contacts located on the card are physically pressed against the terminal contacts so that an electrical signal can pass between the card and terminal. Recent developments allow an IC card to communicate with a terminal without establishing a physical contact between the card and the terminal. The exchange of information is established by radio frequency (RF) waves, cellular signals or other transmitted signal. For contactless cards an antenna is present on the card to transmit and receive the transmission signals. IC cards can contain both the physical contacts and the antennas for wireless communication. Although transferring information in a contactless or wireless manner is advantageous to the card holder by expediting the overall transaction time, the transmission signals are more susceptible to interception by a third party than if a physical connection were made. As a result, the operator of the card system may want to limit particular application programs such as financial transactions to physical connections.
Therefore, it is an object of the invention to provide a multi-application card with the ability to control access to the primitives and to allow the card system operator to enable or disable or prevent access to a primitive for a particular application.
SUMMARY OF THE INVENTION
The applicants have thus invented a system and method for controlling access to computer code and specifically to primitives embedded on a multi-application IC card. The applicants have determined that one way to achieve this objective is by use of “access flags,” which, as explained in more detail below, are set in bits for indicating either that a primitive (e.g., an encryption primitive) is accessible to a particular application (if, for example, the bit is set at 1) or it is not (if the bit=0). In the case of an encryption-related primitive, the “access flag” may be referred to as a “crypto flag.”
Access flags related to I/O could also be used to prevent access to the contactless primitives for financial applications. The I/O access flags would be controlled and set by the card system operator and loaded onto the card by the application loader at the time the application is loaded onto the card. This access flag would allow the operator of the card system to prevent a financial or other selected application from using the contactless primitive and thus a physical connection would be required for terminal communication.
Access flags which are stored on the card and checked by the operating system allow the operator o
Beric John
Hochfield Barry
Markakis Dimitrios
Roberts David Anthony
Baker & Botts L.L.P.
Barrón Gilberto
Mondex International Limited
Zand Kambiz
LandOfFree
System and method for controlling access to computer code in... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for controlling access to computer code in..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for controlling access to computer code in... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3195440