SK3012003A3 - Multiport card - Google Patents

Abstract

The card has an interface of eight contacts according to ISO 7816 and at least one standard bidirectional channel through which it is possible data exchange at around 500 kbit / s. Make it it is possible to use such a card in the applications they require processing information at several Mbps, a high speed serial channel is added to the card connects to unused standard two-way connections channel. The high-speed serial channel follows to a second bus (HSB) that interconnects several coding / decoding modules and multiplexing module (MUX). All these modules are also standard card bus.

Description

Multi-port card

Technical field

The invention relates to smart cards, the invention relates in particular to smart cards according to the ISO 7816 standard.

BACKGROUND OF THE INVENTION

Smart cards usually take the form of a compact module that consists of many electronic elements, such as memory, microprocessors, or a modem. The rapid development of electronics means that functions and activities previously reserved only for large systems can now be realized on smart cards.

ISO 7816 defines the smart card interface. The card has 8 contacts whose functions are described in the standard.

The emergence and development of smart cards has been triggered by the need to have portable data devices that are characterized by a high level of security of stored data. The cards are mainly used for data storage and processing applications that do not require many I / O operations. Indeed, according to ISO 7816, only a single connection is used for communication that operates in bidirectional half duplex mode.

The use of such prior art cards is therefore limited to control applications when fast data processing is performed in other modules.

In pay-TV systems, the signals are encoded with a key that changes from time to time. The audio and video data stream that comes to the pay-TV receiver decoder includes control messages (EMMs) that contain keys in encrypted form. Upon detection, the EMM message is redirected to a smart card that serves as a security module.

In this embodiment, different keys are stored in the smart card that allow the EMM messages to be decrypted and thus determine whether the subscriber has rights to the audio and video data. If so, the card will send information that will enable the decoder to display the encoded data correctly.

The method described has several disadvantages. The first disadvantage is that the keys are handed over to the decoder, which cannot be considered a safe element, in an open form. Usually this is solved by periodically changing the key, typically once per second. Although this is a tried and tested method in many respects, it appears problematic in other applications, such as data retention. The idea of periodic key change does not apply because data can only be encoded once, using a key that only a smart card can use to decode the data.

It will be appreciated by those skilled in the art that sending a decoder key, such as a computer, in the open form poses a certain risk that the key will be caught and misused by an unauthorized person.

A possible solution to this problem is to perform data decoding directly in the smart card. In this case, the key will not leave the card. The key is used to process the encoded data directly in the smart card.

However, the proposed solution quickly encounters physical limitations of ISO 7816 cards whose I / O circuits operate at 10 to 100 kbit / s transfer rates.

Similar restrictions apply to ISO 14443 proximity cards with transfer rates of 106 to 425 kbit / s.

Structural changes to the card can only be made to the extent of compatibility with ISO 7816 and ISO 14443 readers, i. the new card structure should be readable to readers according to existing standards.

It is an object of the present invention to provide a smart card that maintains compatibility with current readers while providing the capability to provide additional functions, in particular the ability to decode the encoded data within the card at a rate corresponding to the data rate.

SUMMARY OF THE INVENTION

Said object of the invention is achieved by a smart card comprising 8 interface contacts according to ISO 7816 and at least one standard bidirectional channel, characterized in that it further comprises a high-speed channel connected to unused connections.

Disused connections are those connections that the standard does not assign to specific functions, or connections that are no longer used in current card generations.

This category includes the well-known two Reserved for Future Use (RFU) connections and the Vpp connection, which allows the card's permanent memories to be powered by more than 5 V (typically 12 to 21 V). New types of non-volatile memories, such as NVRAM, EEPROM or FLASH, are powered directly from the card, leaving the Vpp connection unused.

The existence of these additional, unused routes today makes it possible to define a protocol that differs from the ISO 7816 standard and opens up new possibilities for smart card deployment.

Three free connections make it possible to establish a high-speed link with a timing path (CLK), an input path (IN) and an output path (OUT). It is possible to use different card access channels at the same time, for example, a standard channel can run bidirectionally over an I / O path. Such a high speed channel extends the capabilities of the card, which can be used, for example, as a high speed coding-decoding module.

Using a high-speed channel will force changes to the card's architecture. According to the invention, it is possible to design and manufacture a decoding (or coding) module that will be placed completely on the card. The data coming through the fast channels is routed directly to the specialized decoding module. The data does not necessarily have to pass through the microprocessor, and the specialized decoding module can arrive on the internal fast bus.

For this purpose, the smart card according to the invention may comprise a multiplexing means which provides a direct connection between the fast channel and one or more specialized modules. This means also allows flow of the high-speed channels to the microprocessor, if necessary. Although at present certain processors are unable to process data at several Mbit / s, it is reasonable to expect that future versions will allow such processing to replace certain specialized modules. Thus, programmable microprocessors will replace specialized modules that perform mathematical operations in non-programmable electronic circuits.

According to the invention, the multiplexing means makes it possible to group several specialized circuits in series. For example, a card according to the invention may comprise a first compression module, the output of which is applied to the input of the coding module.

During the processing of data transmitted over the fast channel, other means of communication remain free, especially the I / O path described in ISO 7816 or the contactless path according to ISO 14443. These free means can thus be used to transmit control information, which may include, for example, card management information. , such as the parameters of the decoder modules or the rights assigned to them.

According to the invention, the multiplexing means comprises a selector and an interleaving means that allow the separation of certain types of data from the data stream.

The pay-TV digital data stream includes useful data such as audio or video data and control data. Before this stream is directed to the fast channel, it is necessary to exclude from it control data that contains information about the decoding keys and other organizational information. The pick-up and insertion means is controlled by a microprocessor; when the message meets the recognition criteria, it is redirected to the microprocessor.

The data processed by the card is usually arranged in blocks. Each block begins with a block identifier that describes the type of information contained in that block.

In reverse operation, i. When encoding data, the module can insert control data into the stream coming from the fast bus. The control data is generated in the central unit and serves, for example, to qualify a data stream, transmit control words in coded form, or transmit routing information. The module comprises a buffer in which data blocks arriving on the fast bus and data blocks from the central unit are stored. If the buffer contains a control data block, the control data is inserted at the end of the data blocks arriving on the fast bus. The flow then leads to the shaping module, from where it is directed to the fast output port.

Thanks to the described arrangement it is possible to process the data flow inside the smart card and thus significantly increase the level of data security. The smart card according to the invention makes it possible to create a complete stream of encoded or decoded data, including organizational information, such as control words, within the card.

In one embodiment of the invention, the fast channel is controlled by the USB (Universal Serial Bus) standard. A peculiarity of this interface is that the signals use two routes, one for incoming data (IN) and the other for outgoing data (OUT).

The smart card according to the invention comprises a protocol detection module which is able to adapt to the USB protocol and which translates it into the internal protocol of the smart card, for example by means of timing regeneration.

Image overview

The invention will become more apparent from the following detailed description of an exemplary embodiment with reference to the accompanying drawing.

DETAILED DESCRIPTION OF THE INVENTION

In FIG. 1 shows two possible prior art connections - a galvanic connection (A) and a non-contact connection (B). Although known cards normally only use one type of joint, for compatibility reasons it is possible to produce a card that will include both types.

The galvanic I / O link leads to a UART (Universal Asynchronous Receiver Transmitter) that is coupled to a buffer (BUF). Signals coming to UART are formatted and filtered to remove noise and other interference. The buffer is used to store incoming data before it is processed by the microprocessor.

A similar processing takes place also in the contactless channel (B). The signals sent by the reader are also used to power the card. Thus, the card antenna 20 has four functions: it transmits and receives data exchanged between the card and the reader, provides the microprocessor timing, and powers the card. The power module (SPL) transforms the high-frequency carrier into a voltage that can power the card. Behind the power module is a modulating signal shaping module, such as a modem.

The voltage obtained leads to a PWRM power management module that selects the power supply, especially when more power is available. In embodiments where the card is powered by a galvanic reader, the PWRM power management module extracts the galvanic current from the reader. The regulated voltage VP is then distributed to the card elements.

The decoded UART information is located on the standard bus (STB) shown in FIG. 1 is indicated by a thick line. The bus connects all modules to each other and in addition to the central unit (CPU), which is the card's control center. The memory requirements of the card are covered by a memory assembly (MEM), which consists of program memory (ROM or NVRAM), operating memory (RAM), and data memory (NVRAM). All memories can be managed by a memory manager (MM). The memory manager also includes managing access rights to individual memories.

The card according to the invention comprises a second fast bus (HSB), which is shown in FIG. 1 marked by dashed line. The HSB bus can be parallel or serial and allows the transmission of multiple Mbit / s. Modules connected to this bus are also connected to a standard bus, after which initialization, keys and other operating information are transmitted. Special coding-decoding modules are connected to the fast HSB bus according to card-supported protocols such as IDEA, DES, triple-DES, Hash or AES standards. Other modules that can be connected to the fast bus as needed may be other specialized modules, such as compression and decompression modules.

A module using FPLA technology (Field Programmable Logic Array) allows you to program the activities of future coding algorithms. The CPU can program this module to perform the activities required to encode information or any other function. This type of module usually includes simple blocks (for example, register shift, XOR function) that engage a more complex function of choice.

An important feature of the invention is the elements that make up the fast channel. The first protocol detection module DP performs signal formatting and protocol recognition. The signals are translated into an internal protocol, for example, to a serial three-wire synchronized bus flow. The module is responsible for adapting the signal to the standard according to which the internal interface is designed. Protocol detection is performed automatically, for example according to the presence or absence of the timing signal or the frequency of the transmission used.

Once the signal is formatted according to the known protocol, it is directed to the MUX multiplexer. From this module, the signal can continue as needed to any other module. For example, the central processing unit (CPU) may configure the multiplexer to send a signal from the fast channel to the IDEA coding module, the data stream passes through the FF pick and insert module, which analyzes the data and selects those that match the programmed criterion. If the recognition criterion is met, the FF module generates an interrupt that informs the CPU that the requested data is available.

The MUX multiplexer can send data to the central processing unit as well if the processing capacity is sufficient. It is also possible to include a buffer in the MUX module to temporarily store data if the target module cannot receive it at a given moment.

As noted above, the pick-and-paste module FF can operate in both directions and allows insertion of control blocks into the data stream in the fast channel.

It is known to those skilled in the art that these types of cards do not have an internal clock and therefore depend on the timing coming from the reader. In our case, three timing signals are available: classical CLK input according to ISO 7816, Cl timing derived from contactless transmission and C2 timing, which is used by fast bus. The CLKM timing module monitors all sources to ensure that the card receives the correct timing pulses. The CLKM timing module also includes means for multiplying or dividing the frequency as desired. The module can generate several timing signals according to the needs of the individual modules, for example the first frequency for the central CPU and the second frequency for the fast modules (DVD, PKC, IDEA, etc.).

The management of the different timing sources is governed by established criteria, which are mostly derived from the hierarchy. Normally, the ISO 7816 (CLK) source has the highest priority, then the ISO 14463 (Cl) non-contact source, and finally the Fast Channel (C2) source.

The invention also relates to a card reader comprising means for communicating with a smart card via a fast channel.

in

The reader must be able to communicate with a wide variety of card types of different generations. The interface of the reader to the computer is preferably a USB port which enables high-speed data transfer. However, the smart card may not support this protocol and may require a three-wire connection (IN, OUT, CLOCK). In this case, the reader includes an interface that allows the conversion of USB signals into the card protocol. The identification of the card and its communication capabilities takes place over traditional, standard-defined channels. The channel is either ISO 7816 (galvanic) or ISO 14443 (electromagnetic).

In one embodiment of the reader, the pick and insert module FF is part of the reader. In this case, all data is only sent to the card via a fast channel, for example via the USB interface. Control message recognition is performed directly in the reader, which then sells them to the smart card over a traditional channel.

Claims (6)

PATENT CLAIMS 1. A smart card comprising an eight-contact interface according to ISO 7816, a decoding module, a central unit (CPU) coupled to a first bus (STB), at least one standard bidirectional channel and a high-speed serial channel coupled to connections not used by a standard bidirectional channel. characterized in that the high-speed serial channel is connected to a second bus (HSB), the card further comprising a multiplexing module (MUX) and a plurality of encoding-decoding means interconnected by the second bus (HSB), the coding-decoding and multiplexing modules (MUX) ) are also connected to the first bus (STB). Smartcard according to claim 1, characterized in that the encoding and decoding modules are of the types IDEA, AES, Hash, DES or tripleDES. The smart card according to claim 1, characterized in that the multiplexing module (MUX) is connected in a star configuration and allows serial sequencing of several coding-decoding modules. The smart card according to one of claims 1 to 3, characterized in that it comprises a pick-up and insert module (FF) that receives and compares data from the high-speed channel with predefined values and sends the recognized data to the central unit (CPU). The smart card of claim 4, wherein the pick and insert module (FF) includes control data input and a buffer that allows it to insert data into a data stream that comes from a high speed bus (HSB). Smartcard according to one of claims 1 to 5, characterized in that the standard bidirectional channel is a contactless type according to ISO 14443.