Registers – Records – Conductive
Reexamination Certificate
2001-12-12
2004-05-04
Frech, Karl D. (Department: 2876)
Registers
Records
Conductive
C235S380000, C235S379000, C235S449000
Reexamination Certificate
active
06729549
ABSTRACT:
The present invention is related to a method and system for personalization of smart cards, especially when the collection and creation of the personalization data objects and the personalization of smart cards take place at different locations.
BACKGROUND OF THE INVENTION
Increasing numbers of organizations which issue transaction cards to their users, customers, or employees require cards tailored to meet the requirements of their particular service or application. These organizations also want the cards to contain data about the cardholder. Existing transaction cards encode such data in a magnetic stripe on the back of the card but the amount of data that can be held by a magnetic stripe is limited. A new type of transaction card (so called smart cards) embeds a microprocessor computer chip in the plastic of the card to greatly increase the card's data storage capacity. Additionally, sophisticated card applications specific to the card issuer can execute in certain varieties of the chips, and the chip may also contain a type of operating system.
Transaction cards with embedded chips are referred to in the industry as portable programmed data carriers, more commonly called “smart cards” (the term, smart card” used in the present invention also covers any programmed data carrier used in any portable device, like handy, digital personal assistant etc., to securely hold subscriber specific information). The chip in a smart card is programmed with initialization and/or personalization data.
The initialization data comprises three major types of information: application data, security data, and printed data. The application data is common to all cards for a given card application and includes application program code and variables. The security data prevents fraudulent use of the card and is usually provided in the form of “secure keys”.
Smart cards are also programmed with information specific to an individual cardholder through a process called “personalization”. The personalization information for a smart card is similar to the personalization information currently contained on non-smart cards, such as the cardholder's name, account number, card expiration date, and so on. Because of its increased storage capacity, the chip in a smart card can contain additional data beyond the basic information on the standard transaction card including a graphical representation of the individual's signature, data defining the types of service the cardholder is entitled to, and account limits for those services.
Personalization of a smart card normally requires that the card issuer collects the personalization data and prepares the personalization records in specific data files. The personalization records are in a format, that depends on the card personalization program, preferably used at the personalization side, e.g. by the card manufacturer.
Each personalization record for a smart card contains at least data objects concerning the smart card holder and additionally a smart card identifier (ID).
An example for a typical structure of a personalization record is as follows:
Smart card ID, surname, name, street, zip, city
Another part of the personalization data is the description on which address the data objects of each personalization record is written into the EEPROM of the smart card. This description is called personalization table.
An example of the personalization table is as follows:
69 13
/* Record type
*/
6A OD
/* Record length
*/
6B A608
/* Personalize EEPROM
*/
6D 00
/* Protection: None
*/
6E 00
/* P2
*/
6F 06
/* Data length in command
*/
70 027A
/* Data address
*/
72 0004
/* Data length in personalization data set
*/
74 0000
/* Index in personalization data set
*/
76 9000
/* Good return code
*/
The personalization table contains the smart card commands to personalize data objects on a specific address and additionally an index pointing to a column within the personalization record.
The personalization record and personalization table are sent to the personalization side on a tape, floppy disk or via network.
The personalization side transfers the personalization records using personalization table with the personalization program to the smart card. This is done by generating smart card type specific APDUs (Application Protocol Data Units) using personalization table and merging the respective data object. The APDUs are sent to the operating system of the smart card.
The personalization program must be configured for different card operating systems to communicate to different smart card types.
Thus for each set of card in mass production, a static file layout for the data objects to be personalized is given. Inside the static file, there are dedicated addresses where data objects are to placed.
To personalize data objects on a smart card, a static file layout for these data objects is given.
Changing objects, e.g. changing size of a data object to be personalized, require a change of the static file layout of the personalization program. This will generate effort by the smart card issuer because the personalization tables and personalization records must be changed, too.
Personalization of different data objects is difficult. Each set of cards have the same static file structure and requires the same file structure layout of the personalization program. No decentralized personalization is possible without the personalization program.
Personalization data cannot be tested in a real application environment.
In summary, a smart card issuing system must be tailored to meet the requirements of a specific card application that will be programmed on a specific type of smart card under the control of a specific card operating system and to format the data for the card to be compatible with a specific type of personalization
equipment chosen to issue the card. The entire issuing system must be re-configured whenever any one of these variables (issuer application, smart card/card operating system, and/or personalization equipment) is changed, increasing the time and cost incurred by the issuer of the card in delivering personalized smart cards to its customers.
Furthermore, the smart card issuing systems in use today utilize a proprietary approach developed by either the card manufacturer or the personalization equipment manufacturer. To encourage sales of their respective cards or equipment, each manufacturer develops a unique personalization solution for a particular card application, and each solution is specific to a particular card issuer.
These unique solutions are intended to optimize performance of the cards or equipment and thus do not permit a more inclusive, generalized personalization process that accepts any card operating system and/or work with any personalization equipment.
U.S. Pat. No. 6,014,748 discloses a smart card personalization system which contains a database containing card issuer data format templates, card applications, card operating systems commands, and personalization equipment specification and provides a centralized interface of inputs and outputs to a card issuing process which dynamically adjusts to changes in the issuing process to easily permit a card issuer to change data formats, card applications, card operating systems and/or personalization equipment in the card issuing process. The system interfaces to any card issuer management system, manages transfer of cardholder data and card applications to the particular personalization equipment used, maintains statistics for real-time and off-line inquiries to support critical management and reporting functions. A disadvantage of such system is that personalized smart cards may only be tested in their application environment when the personalization of the smart card is already finished. Errors in the personalization process may require several insertions of the respective smart card into the reader and repeating the personalization process again. This may be very time consuming and expensive.
Furthermore data objects used within the personalization process are not concurrently provide
Hamann Ernst-Michael
Klaffke Klemens
Sulzmann Robert
Clay A. Bruce
Frech Karl D.
International Business Machines - Corporation
Tkacs Stephen R.
Walsh Daniel
LandOfFree
System and method for personalization of smart cards does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for personalization of smart cards, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for personalization of smart cards will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3252802