Registers – Systems controlled by data bearing records – Credit or identification card systems
Reexamination Certificate
1998-03-05
2001-01-30
Frech, Karl D. (Department: 2876)
Registers
Systems controlled by data bearing records
Credit or identification card systems
C235S379000, C902S004000
Reexamination Certificate
active
06179205
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates generally to smart card transactions, more particularly, to a system and method for locking and unlocking an application in a smart card.
BACKGROUND OF THE INVENTION
A smart card is typically a credit card-sized plastic card that includes a semiconductor chip capable of holding data supporting multiple applications. One popular such application is the holding of the digital equivalent of cash directly, instead of pointing to an account or providing credits. Accordingly, smart cards with such an application are also sometimes referred to as stored-value cards. When a card of this kind is used to make a purchase, the digital equivalent of cash is transferred to the merchant's “cash register” and then to a financial institution. Stored-value cards are either replenishable (value can be reloaded onto the card using a terminal) or non-replenishable (the card is decremented in value for each transaction and thrown away when all its value is gone).
Physically, a smart card often resembles a traditional “credit” card having one or more semiconductor devices attached to a module embedded in the card, providing contacts to the outside world. The card can interface with a point-of-sale terminal, an ATM, or a card reader integrated into a telephone, a computer, a vending machine, or any other appliance. A micro-controller semiconductor device embedded in a “processor” smart card allows the card to undertake a range of computational operations, protected storage, encryption and decision making. Such a micro-controller typically includes a microprocessor, memory, and other functional hardware elements. Various types of cards are described in “The Advanced Card Report: Smart Card Primer”, Kenneth R. Ayer and Joseph F. Schuler, The Schuler Consultancy, 1993.
One example of a smart card implemented as a processor card is illustrated in FIG.
1
. Of course, a smart card may be implemented in many ways, and need not necessarily include a microprocessor or other features. The smart card may be programmed with various types of functionality, including applications such as stored-value; credit/debit; loyalty programs, etc. For the purpose of this disclosure, card
5
is programmed with at least one application such as stored value application, and may be referred to as “stored-value” card
5
.
Stored-value card
5
has an embedded micro-controller
10
that includes a microprocessor
12
, random access memory (RAM)
14
, read-only memory (ROM)
16
, non-volatile memory
18
, an encryption module
22
, and a card reader interface
24
. Other features of the micro-controller may be present but are not shown, such as a clock, a random number generator, interrupt control, control logic, a charge pump, power connections, and interface contacts that allow the card to communicate with the outside world.
Microprocessor
12
is any suitable central processing unit for executing commands and controlling the device. RAM
14
serves as storage for calculated results and as stack memory. ROM
16
stores the operating system, fixed data, standard routines, and look up tables. Non-volatile memory
18
(such as EPROM or EEPROM) serves to store information that must not be lost when the card is disconnected from a power source but that must also be alterable to accommodate data specific to individual cards or any changes possible over the card lifetime. This information might include a card identification number, a personal identification number, authorization levels, cash balances, credit limits, etc. Encryption module
22
is an optional hardware module used for performing a variety of encryption algorithms. Card reader interface
24
includes the software and hardware necessary for communication with the outside world. A wide variety of interfaces are possible. By way of example, interface
24
may provide a contact interface, a close-coupled interface, a remote-coupled interface, or a variety of other interfaces. With a contact interface, signals from the micro-controller are routed to a number of metal contacts on the outside of the card which come in physical contact with similar contacts of a card reader device.
A smart card can include multiple applications, including, for example, applications such as credit, debit, stored value, telephone, or loyalty. Given such a multi-application smart card, a problem could arise when the smart card is given to a service provider for a single transaction. For example, the owner of the smart card may give the smart card to a waiter in a restaurant for a credit transaction. However, without a means for locking the other applications, such as the stored value or telephone applications, the waiter has access to all of the applications, such that the waiter could possibly make phone calls or conduct stored value transactions with the smart card during the time it is in his possession.
A solution to this problem includes the use of a device, commonly referred to as an “electronic wallet”, into which a smart card can be inserted and a particular application can be locked such that a particular application cannot be used until it is unlocked. Some smart card companies, such as Mondex International, currently utilize a wallet which can lock and unlock a smart card. The locking and unlocking mechanism utilizes a personal identification number (PIN) to ensure authenticity of the lock or unlock request. However, many people prefer not to use PINs. It is a nuisance to have to memorize a PIN, particularly if the person already has several PINs memorized. Additionally, a particular PIN can be forgotten or confused with another PIN. Further, the need for a PIN requires that the “electronic wallet” device has at least a numeric key pad to enter the PIN. This is undesirable for some users who do not want to carry a relatively bulky wallet with them.
What is needed is a system and method for automatically ensuring authenticity for locking and unlocking an application in a smart card which does not require the user to memorize a PIN. Preferably, the system and method may be implemented using a device which does not require the use of a bulky and expensive keypad. The present invention addresses such a need.
SUMMARY OF THE INVENTION
The present invention provides a system and method for locking and unlocking an application in a smart card. The system and method according to the present invention allows for automatic determination of the authenticity of a lock or unlock command without the need for a personal identification number. The smart card can be locked and unlocked by utilizing a smart card device. The smart card can be inserted into the smart card device to lock at least one application of the smart card such that the locked application cannot be utilized until it is unlocked. During the locking process, the smart card sends identifying information, such as a password and card ID, to the smart card device to allow automatic authentication for unlocking of the card at a later time. A password is herein meant to include a combination of characters which can include letters, numbers, and various symbols.
To unlock an application in a smart card, the smart card device identifies the card and looks for the password corresponding to this particular card. If the password is found in the smart card device's cache memory, then the password and an “unlock” command are issued from the smart card device to the smart card. When the smart card device receives the password along with the unlock command, it is determined whether the received password matches the actual password for the smart card. If the passwords match, then the application is unlocked.
A system and method according to the present invention for locking and unlocking an application in a smart card uses a smart card device. The method for unlocking the application comprises the steps of automatically determining a first password; determining whether the first password matches a second password; and unlocking the application if the first password matches the second passw
Beyer Weaver & Thomas LLP
Frech Karl D.
Fureman Jared J.
Visa International Service Association
LandOfFree
System and method for locking and unlocking and application... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for locking and unlocking and application..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for locking and unlocking and application... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2456276