Registers – Systems controlled by data bearing records – Credit or identification card systems
Reexamination Certificate
1999-11-15
2003-06-10
Frech, Karl D. (Department: 2876)
Registers
Systems controlled by data bearing records
Credit or identification card systems
C235S382000, C235S487000, C235S492000
Reexamination Certificate
active
06575360
ABSTRACT:
The present invention concerns a device and a procedure for the personalization of chip cards.
Chip cards are used in many systems with high security requirements in order to provide internal keys to system clients locally without these keys being accessible when the system is circumvented. Chip cards are used as security or authorization ID and provide the means for secure authentication and encoding of data streams via the keys and algorithms stored on them. Data stored in chip cards during initialization and personalization may be accessed only by authorized systems following proper authentication, a procedure checking authorization.
Examples of areas of application for systems featuring chip cards include mobile communication systems, bank systems using bankcards and pay-per-view TV systems.
During the initialization and personalization of chip cards, the data required for subsequent use are programmed into the chip of the chip card. These chip-card life-cycle processing steps, which in a way are still part of the production stage, in this context represent processes subject to the highest security requirements. For instance, during initialization and personalization, keys are included in the card that are required for subsequent card use but may also, if reconnoitered, jeopardize the security of the entire application system of the chip cards.
During initialization, for example, a chip card is “programmed.” This means that data are introduced to the chip card, enabling the latter to perform the function assigned to it. In the case of personalization, at least a part of the data put on the chip card is unique, meaning it is different for each individual chip card, thereby individualizing and “personalizing” the chip card. The data transferred as part of such processes commonly also include data relevant to security, such as keys; however, the sequence of commands, too, as well as their structure and contents as regards the execution of personalization or initialization already represent information critical to security, which should be accessible to as few people as possible.
In conventional systems in the area of chip-card personalization, the component in control of process logic—i.e., of the command sequence of chip-card personalization—is an integral part of the system, which also executes card handling and card contacting. Card handling in this context means making the chip card accessible for commands and exterior data or, in other words, the execution of basic requirements in terms of elementary physical hardware and software functions, such as contacting the card and supplying the card with the necessary operating voltage, but also causing the card to be reset in order to enable it to communicate with the outside world.
This means that the logic, on which chip-card personalization is based, as well as the appertaining algorithms and keys are anchored in this system and thus must be disclosed to the system supplier and stored in the system. As a result, the manufacturers of personalization systems must be given security-related information about the logic of chip-card personalization, about parts of the chip-card command interface as well as about algorithms and keys. The distribution of information with such a high degree of security represents an increased security risk. Knowledge of the chip cards' logic facilitates trespasses into the chip's security mechanisms on the card. Security lapses that were introduced to the systems by the manufacturer intentionally or unintentionally might result in chip cards being compromised and keys being reconnoitered and thus jeopardize the chip card's application system.
Therefore, it is the purpose of the present invention to create a device and a procedure for the personalization of chip cards that feature increased security.
Another purpose of the present invention is to separate security logic (e.g., command sequence of personalization, authentication, etc.) and card handling. However, the communication path and the application's requirement should be predetermined by the system contacting the chip cards.
A significant aspect of the present invention is that personalization, initialization or critical chip-card applications are to be performed by a separate security system, in which electronic administrative processing steps (personalization, initialization) and critical applications of chip cards (authentication) are separated within the chip-card life span between the system and card handling or chip contacting.
The process logic of electronic chip-card personalization and initialization, the chip-card command interface, which is the software interface representing the command set available to the chip card, as well as algorithms and the keys needed for personalization are implemented in a central security system that can execute these tasks when prompted by a so-called chip-card control system in charge of card handling and contacting.
The system for card handling and contacting sees to it that a so-called logical communication link is set up between the card's chip and the security system for electronic personalization and initialization.
In this context, a communication link is a connection between two partners engaging in communication. This connection may be used to exchange data and does not necessarily provide a direct link between the two partners but can be routed via one or several intermediate stops, to the effect that, in the place of an actual direct link, an indirect or “logical connection” exists between the partners. In such a case, the communication points are not connected to one another directly but along a data path setting up a link or connection between the two communication end points and providing a data path or “logical communication link,” which is used to provide the means for a proper exchange of data between the communication end points—regardless of the actual hardware connection path between the two communication end points, be it directly or indirectly. The logical communication link to be used is communicated to the central security system as part of a request for the performance of chip-card personalization or another chip-card application.
The central system for the performance of chip-card personalization, initialization, configuration or the execution of a chip-card application in a favorable embodiment example provides the means for contacting various card-handling systems or so-called chip-card control systems. The system contains a request of a chip-card control system for the performance of chip-card personalization, initialization or an application and, subsequently, performs the requested process logic (e.g., personalizing a chip card)—i.e., the corresponding sequence of commands and data—via a logical communication link, which represents a data path between the central system and the chip card.
The request directed to the central system for chip-card personalization, initialization, configuration or for the execution of a chip-card application carries the information required for the execution of the requested application or the process logic corresponding to it—i.e., the corresponding command sequence. Such information could pertain to the communication protocol to be applied. If, for the sake of clarity, mention is made below of only one requested application, it should be assumed that the requested application, in addition to other chip-card applications, may well be chip-card personalization or initialization.
The communication of the commands and messages to and from the chip card occurs in a transparent fashion—i.e., the relayed data is transferred unchanged between the communication partners involved or, in other words, the data dispatched from one end point of communication (chip card or central system) to another (central system or chip card) reach their destination having undergone no change of any kind. Such transparent communication links are provided or set up by the system and enable the control system to proceed with card handling and card
BetaResearch
Frech Karl D.
Gray Cary Ware & Freidenrich
Nowlin April
LandOfFree
Device and method for personalizing chip cards does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Device and method for personalizing chip cards, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Device and method for personalizing chip cards will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3162108