DE10328238A1 - Chip card initialization and personalization method in which chip card data is loaded using a common PC and read-write units that contain stored data blocks in which a part of the data to be loaded is stored - Google Patents

Abstract

Method for loading chip cards with initialization and personalization data, whereby the data is loaded using a number of individual card read-write units that are connected to a common personal computer. The read-write units contain stored data blocks that hold at least a part of the data that is to be written to the chip cards. An independent claim is made for an arrangement for loading chip cards with initializing and personalization data.

Description

The The invention relates to a method for loading chip cards with initialization and / or personalization data. Furthermore, the invention relates to a Arrangement for loading smart cards with initialization and / or Personalization data.

smart cards can very diverse used, for example, to process transactions payment transactions, as identity documents for access control, as a credential for using a mobile phone system, etc. Before a chip card can be used in an application, It is usually required as part of an initialization process and a subsequent personalization data into a non-volatile Memory of the chip card to load. At initialization will be for example supplements an operating system of the smart card, which is in a non-volatile memory the chip card is stored in the nonvolatile memory and file structures. Furthermore, the subsequent personalization prepared. When personalization will be in non-volatile Memory for example, applications installed and personal Data inscribed. The initialization or personalization data be parallelized by a personalization calculator with the help of several switched read / write devices inscribed in the smart cards. The reading / writing devices behave with respect to the streams from personalization computer to smart cards transparent and take only adjustments to a standard transmission protocol for the smart cards in front. In this way is the writing of the data in the smart cards Although possible without problems. However, with big ones Data required a lot of time, so the registered of the data in the smart cards in view of the operating costs of the personalization system correspondingly high costs.

Of the Invention is the object of the time and thus also the Cost for the loading of smart cards with initialization and / or personalization data reduce.

These Task is by a method with the feature combination of Claim 1 solved.

At the inventive method for loading smart cards with initialization and / or personalization data the data is read by means of several read / write devices, the on the one hand with a common personalization calculator and on the other with one chip card in data connection, transferred to the chip cards. The peculiarity of the method according to the invention is that in the read / write devices data blocks are stored, which include at least a portion of the data for the smart cards are provided.

The inventive method has the advantage that the personalization calculator to the read / write devices to be transferred Data volume is reduced to a relatively low value and thereby the for the loading of the chip cards each time required is reduced.

in the Framework of the method according to the invention a dialogue can be carried out between the personalization computer and the readers / writers, around the for the data transmission required Make adjustments to the read / write devices. Thereby are a universal applicability of the method according to the invention and ensures smooth operation.

The for the Storage in the read / write devices provided data blocks can from Personalisierungsrechner transmitted to the read / write facilities become. This has the advantage that the read / write devices as required without big ones Effort with each needed data blocks can be supplied.

The in the stored data blocks contained data transferred from the read / write devices to the smart cards become. In this case, the data transmission from the read / write devices to the smart cards from the personalization computer to be controlled. This has the advantage that the personalization calculator the control over the data transmission exercise to the chip cards can, without the data connection between the personalization calculator and to significantly burden the readers / writers. The in the stored data blocks contained data from the reading / writing devices successively to a plurality Transfer smart cards so that the data transfer between the personalization calculator and the readers / writers reduced to a minimum can be.

To the transmission the data of each data block from the smart card return codes to the reader / writer be issued. The readers / writers can use the Compare received return codes with specified reference codes and in the case of an incorrect return code, an error message submit the personalization calculator. This can be guaranteed be that the personalization computer the process of data transfer can control.

In a preferred embodiment the data blocks represent tables containing executable commands from the smart cards. In the context of the method according to the invention, further data which are not contained in the data blocks can be transmitted from the personalization computer via the read / write devices to the chip cards.

This allows a very universal applicability of the method according to the invention.

In an advantageous embodiment of the method according to the invention a program routine becomes temporary stored in the chip cards with which a transmission protocol can be carried out, this is an accelerated data transfer compared to standard protocols between the read / write devices and the smart cards. It is also possible a program routine for decompressing data that is compressed Transfer form were, temporarily in to store the chip cards. Finally, it is another measure for shortening the for the data transmission needed to the smart cards Time possible, before the transfer the memory areas into which the transmitted data is written should set to a predetermined value and only such data transferred to, which deviate from the specified value.

The inventive arrangement for loading smart cards with inihalization and / or personalization data has a personalization calculator and several with the personalization calculator connected reading / writing devices for establishing a data connection to the smart cards. The Particularity of the arrangement according to the invention is that the read / write devices each have a Have function for storing blocks of data transmitted by the personalization computer be, and to transfer the data blocks or the data contained therein to the smart cards.

The Invention will be described below with reference to the drawing Embodiment explained.

It demonstrate:

1 a block diagram of an arrangement for loading smart cards with initialization and / or personalization data and

2 a flow chart for the procedure according to the invention when loading the smart card with the initialization and / or personalization data.

1 shows a block diagram of an arrangement for loading smart cards 1 with initialization and / or personalization data. The arrangement has a personalization computer 2 on, with several parallel chip card readers 3 is connected, each in data connection with one chip card 1 stand. The smart card reader 3 are characterized by a functionality that involves establishing a data connection to the smart cards 1 and the integration of the data into a standard protocol for data transmission. This functionality is carried by in the smart card readers 3 installed applications based on the existing firmware of the smart card reader 3 and enables the storage and further processing of data blocks belonging to the smart card readers 3 from the personalization calculator 2 be transmitted. By buffering the data blocks in the chip card readers 3 can rely on the time-consuming single transfer of data from the personalization calculator 2 to the smart card readers 3 are largely dispensed with and the once the chip card reader 3 Transferred data can be from any smart card reader 3 successively in several smart cards 1 be enrolled. The personalization calculator 2 can transfer data from the smart card readers 3 to the chip cards 1 control using simple commands that do this with little time from the personalization calculator 2 to the chip card reader 3 be transmitted and evaluated by the applications installed there. Details of how the in 1 arrangement shown below with reference to 2 described.

2 shows a flow chart for the procedure according to the invention when loading the smart cards 1 with the initialization and / or personalization data. This procedure is exemplary for one of the smart cards 1 describe in one of the smart card readers 3 is introduced. For the other chip cards 1 in the other chip card readers 3 the corresponding applies.

The flow of the flowchart begins with a step S1, in which a dialogue between the smart card reader 3 and the personalization calculator 2 is performed to determine which of the smart card reader 3 existing applications should be used. This selection is necessary because in the chip card reader 3 As a rule, several applications or application versions are available in order to ensure as universal applicability as possible. It is also possible in principle, a desired, but not existing application or application version in the smart card reader 3 to load. Furthermore, there is the possibility of the status of the application by a display device of the smart card reader 3 To make visible to the outside, for example by light emitting diodes. The status information can be at For example, specify whether the application is active, whether an error has occurred, and so on.

Step S1 is followed by a step S2 in which one of several tables from the personalization computer 2 to the chip card reader 3 is transmitted and in the chip card reader 3 is stored. The tables can be used equally for all smart cards 1 a batch, with the help of the chip card reader 3 to be loaded with data. This makes it possible to view the tables only once from the personalization calculator 2 to the chip card reader 3 to transfer and then use multiple times. Is already a table in the chip card reader 3 If a part of the content matches a table to be retransmitted, it is possible to dispense with a complete transmission of the new table and instead to update the already existing table. In a complete transfer of the tables, the transfer preferably takes place in the form of one data block for each table. Depending on their content. the tables are divided into a first and a second category. For the first category, usually only a single table is provided. The table of the first category contains commands for generating initialization files in the chip card 1 , A processing of these commands leads to all smart cards 1 to identical initialization files. For the second category, several tables are usually provided, each containing commands for generating card-related generic personalization data. The while processing these commands in the smart cards 1 Data generated usually differ from chip card to chip card. As will be explained in more detail below, the use of several tables of the second category makes it possible to carry out a separate authentication for each table or a secure data transmission channel to the chip card 1 build. This is necessary, for example, with JAVA cards in which, for example, a separate table can be provided for each application to be installed. Instead of the command tables described above or in addition to these command tables, other data from the personalization computer 2 to the chip card reader 3 such as hex files or binary files, etc.

Next are those in the chip card reader 3 stored tables each according to the following scheme to the smart card 1 transfer:
In a step S3, which follows step S2, one of the smart card reader 3 stored tables to the smart card 1 The commands contained in the table are transferred from the chip card 1 processed. As mentioned earlier, may be related to the transfer of the table to the smart card 1 an authentication be performed and a secure transmission channel are established. The transfer of the individual tables to the chip card 1 is performed according to a predetermined order, starting with the table of the first category and then proceeding with the tables of the second category, ie at the first execution of step S3, the table of the first category to the smart card 1 transfer. Step S3 is followed by step S4 in which the smart card 1 a return code to the chip card reader 3 transmitted. The return code depends on whether the table is correctly attached to the smart card 1 was transmitted and the commands were processed correctly. At step S4, a step S5 follows, in which it is queried whether the chip card reader 3 received return code matches a specified for the transmitted table target code. The target code can be from the chip card reader 3 be read out of the transferred table. If there is no match, it is assumed that an error has occurred and a step S6 is executed in which the chip card reader 3 a message about the error occurred to the personalization calculator 2 is transmitted. In a variant of the inventive method contains the message to the personalization computer 2 In addition, the number of the line in which the erroneously executed command is stored in the table. Furthermore, the inventive method can be modified so that after each to the smart card 1 transmitted command from the chip card 1 a return code is sent to the smart card reader. The flow of the flowchart is ended with step S6, although no properly loaded chip card 1 was generated, but a faulty chip card 1 that needs to be sorted out. Alternatively to the completion of the flowchart, an in 2 not shown second transmission attempt to be performed with the same table.

If the query of step S5 is fulfilled, ie if the return code matches the predetermined target code, a step S7 follows at step S5. In step S7, it is checked whether all are already in the chip card reader 3 stored tables to the chip card 1 were transferred. If this is not the case, proceeds to step S3 and the next scheduled for the transmission table to the smart card 1 transfer. The steps S3 to S7 are repeated until the last table provided for the transmission into the smart card 1 is transferred and thus the query of step S7 is met.

In this case, ie if all designated tables to the smart card 1 at step S7, a step S8 follows in which one through the chip card reader 3 mediated communication between the personalization computer 2 and the chip card 1 takes place. In doing so, the personalization calculator 2 personal data to the chip card 1 Posted. The chip card reader 3 does not store this data for other smart cards 1 before, but puts them only in one for the smart card 1 suitable transmission protocol and forwards it to the chip card 1 further. Because the data is only for a single chip card 1 are provided is a storage in the smart card reader 3 for further chip cards 1 not useful. It comes at most a temporary storage for each with the smart card reader 3 connected smart card 1 into consideration. With the execution of step S8, the flow of the flowchart is finished.

Steps S1 and S2 are for a batch of smart cards 1 , for each of which the same tables are provided, performed only once. From the second run the then processed flowchart differs from the representation of the 2 insofar as steps S1 and S2 are no longer present. As the chip card reader 3 already prepared accordingly and the tables already in the chip card reader 3 are present, an execution of steps S1 and S2 is no longer required.

The procedure described above leads to a reduction of the time required for the data transfer between the personalization computer 2 and the smart card readers 3 is needed. For this time gain to be fully effective, it makes sense to also transfer data between the smart card readers 3 and the smart cards 1 to accelerate. For this purpose, it is provided in the context of the method according to the invention, the usual standardized protocols for data transmission between the smart card readers 3 and the smart cards 1 , in particular the ISO protocols T = 0 and T = 1, to be replaced by a special transmission protocol. This special transmission protocol is characterized by the fact that the overhead is greatly reduced and an optimization with regard to the transmission speed has been made. For example, the special transmission protocol can be designed so that in each case large data blocks including the associated absolute start addresses are transmitted and a simple checksum for checking the correct transmission is formed. The block size can be adapted in particular to the physical memory structure. When using the special transmission protocol, however, there is initially the problem that a conventional chip card 1 is unable to communicate according to this particular transmission protocol, but can only perform data transmission according to a standard protocol. For this reason, in the method according to the invention, first of all a boot loader is applied to the chip card in accordance with a standard protocol 1 transferred and in the non-volatile memory of the smart card 1 saved. The boot loader is a program routine that is capable of executing the special transmission protocol. After completion of the data transfer between the smart card reader 3 and the chip card 1 the boot loader is deleted again.

Another acceleration measure, both in the data transfer between the personalization computer 2 and the smart card readers 3 as well as in the data transfer between the smart card readers 3 and the smart cards 1 engages, is to perform a data compression. The data compression results in a significant reduction of the data to be transmitted, especially for large blocks of data with the same data content. Thus, for example, in the case of a multiple occurring data value instead of a multiple transmission of the data value, a one-time transmission of the data value and the associated number of occurrences can be carried out. In order to be able to use data compression, the smart cards must 1 however, be able to perform a decompression so that the output data can be recovered. To conventional smart cards 1 equipped with this function, in the context of the method according to the invention in each case a boot loader on the smart cards 1 capable of performing the required decompression. Similar to the bootloader for the special transmission protocol, the bootloader for decompression is also deleted after completion of the data transmission.

Finally, there is still the possibility to achieve an acceleration of the data transmission in that only those data are transmitted to those who deviate from a predetermined value to which the memory cells of the smart cards 1 were initialized. However, for this it is necessary that the data to be transmitted be previously analyzed accordingly. The predetermined value is preferably selected to correspond to the erased state of the memory cells. This means that the memory area provided for the data entry must be deleted before the data transfer. In addition, the data to be transmitted must each be checked to see if they match the given value.

Claims (14)

Method for loading smart cards ( 1 ) with initialization and / or personalization data, the data being stored by means of several read / write devices ( 3 ), on the one hand with a common Personalisierungsrechner ( 2 ) and on the other hand each with a chip card ( 1 ) are in data connection, to the chip cards ( 1 ), characterized in that in the read / write devices ( 3 ) Data blocks are stored, which contain at least part of the data which is used for the smart cards ( 1 ) are provided. Method according to claim 1, characterized in that a dialogue between the personalization computer ( 2 ) and the reading / writing devices ( 3 ) is performed to adjust the settings required for the data transfer at the read / write devices ( 3 ). Method according to one of the preceding claims, characterized in that that for storage in the read / write devices ( 3 ) provided by the personalization computer ( 2 ) to the readers / writers ( 3 ). Method according to one of the preceding claims, characterized in that the data contained in the stored data blocks are read by the read / write devices ( 3 ) to the chip cards ( 1 ) be transmitted. Method according to claim 4, characterized in that the data transmission from the read / write devices ( 3 ) to the chip cards ( 1 ) from personalization computer ( 2 ) is controlled. Method according to one of Claims 4 or 5, characterized in that the data contained in the stored data blocks is read by the read / write devices ( 3 ) in succession to several smart cards ( 1 ) be transmitted. Method according to one of Claims 4 to 6, characterized in that after the transmission of the data of one respective data block from the chip cards ( 1 ) Return codes to the read / write devices ( 3 ). Method according to claim 7, characterized in that the reading / writing devices ( 3 ) compare the received return codes with predetermined target codes and, in the case of an erroneous return code, an error message to the personalization computer ( 2 ) to transfer. Method according to one of the preceding claims, characterized in that the data blocks represent tables which are stored by the smart cards ( 1 ) include executable commands. Method according to one of the preceding claims, characterized in that further data, which are not contained in the data blocks, from the personalization computer ( 2 ) via the read / write devices ( 3 ) to the chip cards ( 1 ) be transmitted. Method according to one of the preceding claims, characterized in that a program routine for carrying out a transmission protocol which has a data transmission between the read / write devices which is accelerated in comparison to standard protocols ( 3 ) and the chip cards ( 1 ), temporarily in the smart cards ( 1 ) is stored. Method according to one of the preceding claims, characterized in that a program routine for decompressing data which has been transmitted in compressed form is temporarily stored in the chip cards ( 1 ) is stored. Method according to one of the preceding claims, characterized in that prior to the transmission of the data to the chip cards ( 1 ) the memory areas into which the transmitted data is to be written are set to a predetermined value and only data which deviates from the predetermined value is transmitted. Arrangement for loading smart cards ( 1 ) with initialization and / or personalization data, with a personalization computer ( 2 ) and several with the Personalisierungsrechner ( 2 ) connected to read / write devices (3) for establishing a data connection to the smart cards ( 1 ), characterized in that the read / write devices ( 3 ) each have a function for storing blocks of data which are stored by the personalization computer ( 2 ) and to transfer the data blocks or the data contained therein to the smart cards ( 1 ) exhibit.