AT509336B1 - CHIP CARD WITH AUTORUN FUNCTION - Google Patents

Abstract

Chip card consisting of a data processing unit, a data storage unit and a communication unit, wherein a means for performing an auto-run function when commissioning the smart card first performs authentication to a software provider and the software provider based on this authentication an authorization to the user to use a Software on a portal releases.

Description

Austrian Patent Office AT 509 336 B1 2011-08-15

Description: [0001] The invention relates to a chip card with autorun function according to the preamble of patent claim 1.

Chip cards of the general type are used for both the contactless and the contact-based data transmission between the smart card itself and a reading unit (Reader). Contactless readout is described in standard ISO 14443-2 to IS014443-4: 2001 (E), while contact reading is described in ISO standard 7816-3: 2006 (E).

Detailed map services are described in the continuing standard 7816-4: 2005 to ISO 7816-9.

Chip cards are basically passive electronic media that can manage data in a highly protected environment on the card and output on demand. It is known to use for the high-security management of the data cryptographic keys that are managed on a arranged in the chip card processor. Important in such a smart card is that an active calculation of key numbers and other applications takes place on the smart card, if the smart card contacts or contacted contactless with a reading unit and receives an execution command from a communicating with the reading unit computing unit.

The advantages of the smart card have proven themselves on a large scale, especially the management of data in a high security environment.

In contrast to a CD-ROM or other mobile data carriers, which are managed on a drive of a computer, high-security operations in said protected environment can be performed on a smart card, without the risk that the smart card is compromised.

In particular, the advantage is that the data on the smart card can not be copied, provided that they are protected accordingly.

The data on a CD-ROM are always readable, while the data is protected on a smart card by hardware measures on the smart card and are not readily readable.

So far, it was not known to use smart cards of the above type in the authentication of software on the part of a user.

So far, it was only known when a user bought a software package, he had the software package in physical form as a package with him and to start the software on the packaging a product key was included. The user then had to type this key into the computer by hand. The computer had now delivered the product key to the software provider over an Internet connection, managing the product key on a database with a variety of other product keys. If a product key matches a product key managed in the database, the software provider sends a license key back to the user. The license key was received from the user's computer and the software was thus unlocked.

Another known use case is: Large software manufacturers such as Microsoft sell so-called media less kits, which contain only a link and usually a plastic card with a printed product key (license). Upon receipt, the software can then be downloaded (or media can be ordered). This makes it easy to buy software products or licenses without actually having to sell the data carrier (CD, DVD). 1/14 Austrian Patent Office AT 509 336 B1 2011-08-15 [0013] The Media Less Kit is equipped with a chip card, which z. B. also includes the software license (product key), if necessary for this product. With the Media Less Kit, the customer acquires the right to download and use certain software (product access) or to obtain a specific paid content (content / media access). There is a one-time fee for a single access or a "rental". as access authorization for a defined period of time possible.

According to the invention, for the user's computing unit (e.g., PC, mobile device, cell phone, cash register, or payment terminal), software, hereinafter referred to as "loading software", is used. which communicates with the card and then automatically starts the corresponding steps.

The customer can obtain this software for free on the Internet and must install it once or this function is already preinstalled on its computing unit (eg in the web browser as a plug-in, as an application or as a firmware). When you insert the card, the " load software " then automatically and executes the next steps automatically. If the arithmetic unit and the card have a contactless interface - e.g. ISO-14443 or NFC - this can also be used to start the application.

Alternatively, the card can generally be used as electronic access via the Internet to various products, e.g.

IP TV

- Audio stream [0019] - Internet pages with payable content - Use of software packages - Secure authentication and launching of applications, e.g. Remote control of the

Household (heating, garage opener, garden irrigation) This application could be termed "Content / Media Access". or, in the case of control of equipment, "Remote Access".

For this purpose, the arithmetic unit must contain appropriate software for reading out and processing the data from the card as well as for controlling the further steps, such as calling the corresponding URL.

The procedure may be approximately as follows: 1) Install Manager is invoked (this step may possibly be omitted when using NFC SmartPosts). 2) Customer brings card into the read area of the reader unit it is inserted into a card reader unit 3) Data for the connection establishment are read out, name of the product and

Link are displayed. 4) Content is called up In the case of SW installation on the own arithmetic unit: 5) Customer confirms installation request. 6) Download of necessary files starts. 7) Product becomes The invention is therefore based on the object of achieving a simplified activation of a software by a user with respect to a software provider.

To solve the problem, the invention is characterized by the technical teaching of claim 1. An essential feature of the present invention is that now for the first time a chip card is used on the part of the user, which initially performs an authentication with respect to the software provider and the software Provider returns an authorization to the user to use its software due to this authentication.

An essential feature of the present invention is that the so-called ATR data block is transmitted as first data block to the arithmetic unit of the user when the power is turned on the smart card when it makes contact with the reader, or after a reset , According to the invention, this ATR (Answer to Reset) data block contains an indication to the read-out arithmetic unit, where the program executable on the chip card can be found on the chip card.

This is a significant advantage over the prior art, because now for the first time a smart card is described, which contains in the first data block transferable to the user's arithmetic unit a note that on the smart card itself an executable program is included, which the Activation of the software (authentication and subsequent authorization of the user).

According to the invention, it has now been found that the free memory area arranged as ATR in the data block is defined in the ISO standard as "historical bytes". referred to as. This is used as a link for the reference to the executable program.

According to the invention it is now provided that this sub-block is used as a data block of the ATR data block for the note to the arithmetic unit, where the executable program is present on the smart card.

A further preferred embodiment is that now an executable program contained on the card is not even executed on the card, but is loaded as a program module via the data connection to the arithmetic unit and executed there. This method may be used, for example, to provide certain functionality on the user's computing unit (such as the function of a payment terminal). It is further provided that the program module has an electronic signature, so that the user's computing unit can check the integrity and authenticity of the program module.

Both options are claimed as essential to the invention in the context of the present invention.

The program module can be implemented in different ways: 1. The program module is designed so that it can be executed as a binary code directly on the computing unit of the user (platform-dependent binary code).

[0044] 2. the program module is in a platform-independent intermediate language (e.g.

Code as known from JAVA) and is executed in a virtual machine (part of the loading software).

3. The program module contains data which are used to configure the loading software. DETAILS USING THE PRODUCT OR CONTENT ACCESS: It is important that with the executable program, which now runs either on the smart card or the arithmetic unit, now an authentication of the user to the software provider takes place and then thereafter Authorization of the user towards the software provider.

The advantage of using a smart card over the manual entry of a product key or the use of an executable CD-ROM is now that with the inventive use of a smart card and arranged on the smart card data block that provides an indication of an executable program Now, in a highly protected environment, authentication and subsequent authorization of the user takes place.

This could with conventional media, such. B. a product key on a software package can not be made. Thus, the software manufacturer is given a security that its software sold to the user is used only once or according to the rights management, which is managed on the smart card is used multiple times, this rights management on the smart card from the software provider is predetermined.

Thus, an absolutely secure storage location of the DRM (digital rights management) is given on the smart card, which was not yet known.

The fact that the DRM is managed on the smart card itself in a protected environment has not been known so far.

This has the advantage that such a DRM, which is stored and managed on the smart card, for the user is much easier, because an authentication and authorization of the user can now run automatically without the user in the flow of Authentication and authorization must intervene.

In addition, the anonymity of the user is guaranteed - if desired - because the user does not have to log in with his own name and identify himself to the software provider, because the possession of the smart card - which is highly secured by key pairs - alone sufficient to identify the user.

A particular advantage of the present invention is that a particularly simple software handling is given, because it is now possible for a user to buy only a smart card itself, without the software that belongs to it and stored on a disk itself to buy.

The smart card authenticates and authorizes the user to the software provider, and the software provider could therefore because of the high-security smart card transfer the purchased software via an Internet data line to the user.

Another advantage is that the smart card is also used for authentication and authorization against several software providers not connected to each other, d. H. it is a universal card that is personally assigned to the user and that authenticates and authorizes him / her to several independent software providers.

Depending on the DRM which is stored on the chip card, z. B. only the software, for example, ten times on one or more computers are installed, after which the permission to use this software expires and then the software can not be used.

Another advantage is the possibility of so-called roaming with the smart card according to the invention, because it is now possible for the authorized user and owner of the smart card, for example, to install the same program on a computer in Europe and on another computer in the United States when he is in the US. DETAILS OF USING THE CONTROL OF A CHIP CARD TERMINAL: In this embodiment, the user's arithmetic unit is a smart card terminal compatible with the "loading software" described above. Is provided. After contacting the card reading unit and chip card, the program module already described above is transmitted to the chip card terminal. The chip card terminal can now optionally check the integrity and authenticity of the transmitted program module based on the electronic signature of the program module and execute the program module in the chip card terminal. If the program module represents, for example, the software of a payment terminal, then the chip card terminal can behave like a payment terminal in the sequence and, for example, payment transactions with the chip card carry out or carry out executed payment transactions via a data connection for billing. The program module may now store connection parameters such as the server's connection address for submitting transaction data (telephone number and / or internet address), submission times and / or intervals, description of the transaction submission data formats, and certificates for authenticating the transaction submission server.

The subject of the present invention results not only from the subject matter of the individual claims, but also from the combination of the individual claims with each other.

All in the documents, including the summary disclosed disclosures and features, in particular the spatial design shown in the drawings, are claimed as essential to the invention, as far as they are new individually or in combination over the prior art.

In the following the invention will be explained in more detail with reference to drawings showing only one embodiment. Here are from the drawings and their description further features essential to the invention and advantages of the invention.

1 shows schematically a block diagram of the arrangement according to the invention; FIG. 2 schematically shows the instruction flow and the flow diagram between the computing unit and the chip card according to the invention; FIG [0066] FIG. 1 generally shows a computing unit of the user 1 on which new software is to be installed, which is to run in a processor 3, wherein the user's computing unit contains a chip card reading unit 14 and any number of drives 2 may have. The user's arithmetic unit may alternatively be mobile devices or act as chip card terminals.

In this way, a software can be installed on mobile devices with Internet connection.

Alternatively, a program contained on the chip card can also be installed and / or subsequently executed on chip card terminals (for example payment terminal) in this way. Alternatively, a program may be installed and / or executed on the smart card terminal which is loaded from a location specified within the smart card (e.g., URL 17).

The computing unit of the user can verify the authenticity and integrity of the application 27 before or during their installation and / or execution by means of an electronic signature 27. In particular, the authenticity and integrity of the programs stored on the chip card and to be installed or executed on the arithmetic unit (for example, contained in FIG.

To install a new software, a chip card 10 is now provided according to the invention, which communicates via a contact-type or contactless data connection with a card reading unit 14 with the arithmetic unit of the user 1.

In a manner known per se, the chip card 10 has an interface 11 for the conversion of the data, and the interface 11 communicates with a plurality of memory areas of a memory 12. For example, this memory 12 consists of 3 memory areas, namely an EEPROM, a ROM and a RAM.

The memory areas are controlled by a processor 13.

It is now important that in one of the read-only memory (either the E2PROM or the 5/14 Austrian Patent Office AT 509 336 B1 2011-08-15 ROM) an ATR data block 26 is present, which comprises about 32 bytes.

In the case of using contactless data, this data block is called ATS and then comprises about 32 bytes.

According to the invention it is now provided that in this ATR data block or ATS data block 26, a data field is included, which is described in the ISO standard as Historical Bytes.

According to the invention, these historical bytes now contain an indication that an autorun functionality is contained on the chip card and points to this file, where the application with the autorun functionality is stored on the chip card.

What is important is the realization that this data block is stored within the memory area "Historical Bytes". with the Autorun function in the ATR or ATS data block 26 because this data block is read out first when the chip card is contacted with the reading unit. This ensures that the ATR or ATS data block is always read out as the first data block, and now according to the invention the autorun function or the reference to the autorun function is implemented in this data block. This ensures that when inserting or contacting a chip card in the reading unit always the first autorun function is triggered, without the need exists that more data will be read or other data will be treated. This is a particularly fast data transfer, because in the first transferable data block at all this functionality (automatic flow function) is pointed out. The later Autorun application itself can take place in a highly protected environment, but it is important in the present invention that the reference to this Autorun application is transmitted first and particularly quickly to the user's computing unit.

According to the invention, the following data in the read-only memory can now preferably be stored in the data blocks 17-25 on the chip card: In the data block 17, one or more URL addresses are stored, which are stored on the databases of different software providers 7, 8 point out.

As a data block 18 at least two asymmetric keys are stored in order to achieve a highly secure mutual authentication of smart card and provider.

In the data block 19, any data is stored, the z. B. are the data of the executable program, which z. B. in the E2-PROM or in the ROM of the data memory 12.

In the data block 20, an account information for the chip card is stored. This is a block of data known in prepaid cards and used e.g. includes a credit of the user or the like.

In the data block 21, a permission counter is arranged, which includes the use of multiple licenses.

In the data block 22, a product identification is included, while in the data block 23 may be stored personal data, which is only optional.

In the data block 24 certain PC allocations are stored, for. For example, the so-called hash value is stored there, which summarizes a hardware configuration of a computing unit in a key value and ensures that the software can be executed, for example, only on a single computer unit.

In the data block 25, the so-called DRM is stored, d. H. The so-called rights management, in which all rights are stored, which gets transmitted to the user with the software.

It is important that the data block DRM 25 can also be changed by a dealer database 15 and modified. Thus, for example, it is seen as a particular advantage of the present invention that the chip card can be used alone to a dealer and by adding a certain fee or by other measures, the content of certain data blocks can be changed, especially the content of the DRM 16, the The dealer will then write on the chip card, so as to adapt the chip card special requirements.

The merchant can, for example, act on the chip card 10 via a contact-type or contactless data connection 14a.

The authentication of the user with respect to a software provider 7, 8 now takes place as follows: When the data connection 14a (contact or contactless) is established with the card reading unit 14, according to the invention, the chip card 10 is inserted during the first insertion or the first contact via the card reading unit 14 with the processor 13, the transmission of the ATR / ATS data block 26 to the arithmetic unit 1, which in turn activates a stored in the arithmetic unit load software, which in turn now reads out via the card reading unit 14 from the smart card 10, the executable program and executes in its own processor 3.

Thus, an automatic readout of the chip card in the direction of the processor 3 of the arithmetic unit of the user 1 is given. As soon as this executable program expires, the data blocks 17-26 can be read from the chip card 10 and loaded into the processor memory.

In the case of use for product or content access, the user's arithmetic unit now automatically takes over the registration in the Internet via the Internet connection 4 and established a data connection via the Internet 5 and the further Internet connection 6 with the software provider 7. Optionally, a data connection with the other software provider 8 and a variety of other software providers can be made.

Via the said data connection 4, 5, 6, the software provider 7 will now carry out the authentication of the user in the database 9 held by him and return him an authorization key via the data connection 4, 5, 6, which is based on the arithmetic unit of the User 1 is stored. Thus, the software to be authenticated on the computing unit of the user 1 is unlocked.

It is important in the invention, therefore, that takes place with an automatic procedure, an authentication and activation of the software via a high-security chip card.

The invention leaves open several possibilities when using the chip card 10 according to the invention.

In a first embodiment it is provided that the authentication and authorization and the associated activation of the software takes place only once, but must authenticate each time the software, the smart card to the computing unit of the user.

In a second embodiment of the invention it is provided that the authentication and authorization procedure described above takes place each time the software is put into operation.

In a third embodiment of the present invention, it is provided that the authentication and authorization procedure (activation of the software) takes place only once and the user can then only use the software with the chip card held in the reading unit of the arithmetic unit, so that then only the DRM on the chip card in the data block 19 is monitored and possibly modified.

In the fourth embodiment, it is provided that the authentication and authorization procedure takes place only once to release the software, the chip card for the further use of the Software is not required.

In the fifth embodiment it is provided that only one stored on the smart card program module is transmitted to the arithmetic unit and executed there by the loading software. The arithmetic unit can first check the authenticity and integrity of the program module.

In the sixth embodiment, it is provided that the loading software is configured by data contained in the program module so that another program module is loaded and executed from a location indicated in the data.

FIG. 2 generally shows the flowchart for the data exchange between a card, a reading unit and the user's arithmetic unit.

In this case, it does not matter whether the reading unit communicates contact-based or contactlessly with the card.

It is important that the first functional sequence, a current of the reading unit is coupled to the card to provide the processor with appropriate energy to put this into operation.

It is now important that, according to the invention, an ATR data block is now immediately transferred from the card to the user's arithmetic unit via the reading unit as the next command behind the power-on-error. The transmission of an ATR or ATS data block as the first data block is prescribed in the ISO standards mentioned above. According to the invention, it is now provided that the reference to an autorun function of the chip card is contained in this data block, namely in so-called historical bytes, which are contained in the ATR or ATS data block.

This makes it possible for the first time that immediately with the commissioning of the card an indication is transmitted to the Recheneineinheit where an executable program is included on the smart card and thus the authentication and authorization process is performed automatically, as shown by the next commands becomes.

The next command is a read command from the arithmetic unit such that a file identifier is to be read, which identifies the storage location of the Autorun application (which is self-executable).

Next, the processor of the card will then transfer the content of the executable program via the content (FID) data block to the processor of the user's computation unit, and next the processor of the computation unit will execute that executable program.

Thus, the procedure in the execution of an autorun program is terminated in the data traffic between a computing unit and a highly secure chip card.

All further procedures then relate to an optional previously mentioned automatically expiring authentication and the then automatically expiring authorization of the user, which is essential in the case of product or content access.

This is shown in the following flowcharts of Figure 2, where only is shown globally that now takes place the mutual authentication between the user (the smart card) and the software provider and the software provider then sends back authentication data, which then finally unlock the software.

FIG. 3 describes the Answer To Reset (ATR) method.

After a smart card has been inserted into a terminal, the contacts of the card are first connected to those of the terminal. Thereafter, the five occupied contacts are electrically activated in the correct order. The smart card then automatically performs a power-on reset and sends an Answer to Reset (ATR) to the terminal. This evaluates 8/14

Claims (21)

Austrian Patent Office AT 509 336 B1 2011-08-15 the ATR, which displays various map and transmission parameters, and then sends a first command. The chip card processes the command and generates a response, which sends it back to the terminal. Between ATR and the first command to the smart card can be sent from the terminal nor a Protocol Parameter Select (PPS) command. With this command, which, like the ATR, is independent of the transmission protocol, the terminal can set various transmission parameters of the protocol of the card. DRAWING 1 user's arithmetic unit 17 directory of internet addresses 2 drives sen URL1, URL2 ... URLx 3 processor 18 asymmetric keys or 4 internet connection key pairs 5 internet 19 application data 6 internet connection 20 account information 7 software provider Ex .: Prepaid 8 Additional software provider 21 Authorization counter 9 Database 22 Product identification 10 Chip card 23 Personal data; if 11 Interface desired 12 Memory 24 Device assignment, typically 13 Processor se PC allocation 14 Card reading unit 25 DRM 14a Data connection 26 ATR data block 15 Merchant database 27 Application on chip card 16 DRM 28 Electronic signature over 27 claims 1. Chip card (10) consisting of a data processing unit, a data storage unit and a communication unit with a contact interface, characterized by a means for performing an auto-run function, which after commissioning the smart card automatically via the smart card reader unit, the user's arithmetic unit on the presence of the auto-run function informed. 2. Chip card (10) according to claim 1, characterized in that the means for performing the auto-run function consists of a card and transmission parameters from an answer-to-reset data block (26) of the memory of the chip card. 3. Chip card (10) according to claims 1 or 2, characterized in that the chip card (10) can additionally or alternatively communicate via contactless interfaces. 4. Chip card (10) according to claims 1 to 3, characterized in that the chip card (10) is equipped with the near-field communication technology (NFC). 5. Chip card according to claims 1 to 4, characterized in that the chip card itself contains an executable program module which is provided for execution in the computing unit of the user. 6. Chip card according to claims 1 to 5, characterized in that an executable program module contained on the chip card via the data connection (4,5,6) to the computing unit of the user (1) is transmitted and executed there. 9/14 Austrian Patent Office AT 509 336 B1 2011-08-15 7. Chip card according to claims 1 to 6, characterized in that the executable program module is designed as a binary code, which is directly executable on the processor of the user's arithmetic unit. 8. Chip card according to claims 1 to 7, characterized in that the executable program module is designed as a platform-independent intermediate code, which is executable in a virtual machine on the computing unit of the user. 9. Chip card according to claims 1 to 8, characterized in that the chip card has a storage location for the digital rights management (16). 10. Chip card according to claims 1 to 9, characterized in that it is alternatively in the computing unit of the user (1) is a mobile phone, which can be used to make the connection (4). 11. A method for operating a chip card, characterized by the steps: - Chip card (10) is brought into the functional area of the reading unit (14) of the computing unit of the user (1) - Transmission of the answer-to-reset data block (26) of the chip card (10) with indication of where the executable program is located on the smart card (10) - program on the smart card (10) is executed and releases an authentication and subsequent authorization of the user for a software - connection via the user computer (1 ) and the Internet (5) with a software provider (7) - Authorized access to an Internet portal - Access to the content of the portal, for example: Download, update, upgrade software 12. The method according to claim 11, characterized in that in the data block as Answer-To-Reset data block (26) arranged free memory area is used as a link for pointing to the executable program. 13. The method according to claims 11 or 12, characterized in that in the case of using non-contact interfaces alternatively in the answer-to-reset data block (26) arranged free memory area is used as a link for pointing to the executable program. 14. The method according to any one of claims 11 to 13, characterized in that a chip card according to one or more of claims 1 to 13 is used. 15. The method according to claim 14, characterized in that it is the arithmetic unit itself is a smart card terminal. 16. The method according to claim 14, characterized in that it is the computing unit to a mobile device (for example, mobile phone, PDA). 17. The method according to claim 14, characterized in that the program module or parts thereof is recharged by a specified within the smart card or the program module body via a data connection. 18. The method according to any one of claims 14 to 17, characterized in that the program module contains one or more of the following types of data: • connection address of the server for submitting the transaction data (phone number and / or Internet address) • times and / or time intervals for transaction data submission • description the data formats for the submission of transactions • Certificates that can be used to determine the authenticity of the server for the submission of transaction data 10/14 Austrian Patent Office AT 509 336 B1 2011-08-15 19. The method according to claim 11, characterized in that the chip card during commissioning initially performs an authentication to a software provider (7) and the software provider (7) on the basis of this authentication an authorization to the user to use a software a portal releases. 20. The method according to claim 11 or 12, characterized in that it is the Internet portal to a user interface for the remote control of equipment, machines or devices. 21. The method according to claims 11 to 20, characterized in that a mutual authentication is performed with a software provider, and that subsequently a download of the released software at the software provider (7) is automatically executed. 3 sheets of drawings 11/14