EP1048003A1 - System zur gesicherten kontaktlosen kommunikation zwischen einem endgerat und einem tragbaren gegenstand wie eine chipkarte - Google Patents
System zur gesicherten kontaktlosen kommunikation zwischen einem endgerat und einem tragbaren gegenstand wie eine chipkarteInfo
- Publication number
- EP1048003A1 EP1048003A1 EP98949065A EP98949065A EP1048003A1 EP 1048003 A1 EP1048003 A1 EP 1048003A1 EP 98949065 A EP98949065 A EP 98949065A EP 98949065 A EP98949065 A EP 98949065A EP 1048003 A1 EP1048003 A1 EP 1048003A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- card
- terminal
- memory
- light
- chip
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
- 238000004891 communication Methods 0.000 title claims description 17
- 230000005672 electromagnetic field Effects 0.000 claims abstract description 20
- 230000009471 action Effects 0.000 claims abstract description 16
- 238000012545 processing Methods 0.000 claims abstract description 9
- 230000003750 conditioning effect Effects 0.000 claims abstract description 4
- 230000015654 memory Effects 0.000 claims description 53
- 230000004913 activation Effects 0.000 claims description 16
- 238000012790 confirmation Methods 0.000 claims description 16
- 230000005764 inhibitory process Effects 0.000 claims description 10
- 238000010200 validation analysis Methods 0.000 claims description 6
- 230000001143 conditioned effect Effects 0.000 claims description 5
- 230000008878 coupling Effects 0.000 claims description 5
- 238000010168 coupling process Methods 0.000 claims description 5
- 238000005859 coupling reaction Methods 0.000 claims description 5
- 239000000463 material Substances 0.000 claims description 5
- 239000011248 coating agent Substances 0.000 claims description 4
- 238000000576 coating method Methods 0.000 claims description 4
- 230000003068 static effect Effects 0.000 claims description 4
- 238000001465 metallisation Methods 0.000 claims description 3
- 208000019901 Anxiety disease Diseases 0.000 claims 1
- 230000036506 anxiety Effects 0.000 claims 1
- 238000001514 detection method Methods 0.000 description 20
- 238000000034 method Methods 0.000 description 13
- 230000006870 function Effects 0.000 description 9
- 230000002747 voluntary effect Effects 0.000 description 8
- 230000005291 magnetic effect Effects 0.000 description 7
- 238000013459 approach Methods 0.000 description 6
- 230000003287 optical effect Effects 0.000 description 6
- 238000005286 illumination Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 239000000758 substrate Substances 0.000 description 4
- 238000013475 authorization Methods 0.000 description 3
- 239000000284 extract Substances 0.000 description 3
- 230000006698 induction Effects 0.000 description 3
- 230000000670 limiting effect Effects 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 3
- 210000000056 organ Anatomy 0.000 description 3
- 230000001960 triggered effect Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 239000003302 ferromagnetic material Substances 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 239000003112 inhibitor Substances 0.000 description 2
- 238000003754 machining Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 229910052751 metal Inorganic materials 0.000 description 2
- 239000002184 metal Substances 0.000 description 2
- 230000003071 parasitic effect Effects 0.000 description 2
- 108091008695 photoreceptors Proteins 0.000 description 2
- 230000005855 radiation Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 238000003466 welding Methods 0.000 description 2
- 238000004804 winding Methods 0.000 description 2
- SEQDDYPDSLOBDC-UHFFFAOYSA-N Temazepam Chemical compound N=1C(O)C(=O)N(C)C2=CC=C(Cl)C=C2C=1C1=CC=CC=C1 SEQDDYPDSLOBDC-UHFFFAOYSA-N 0.000 description 1
- 230000003213 activating effect Effects 0.000 description 1
- 239000000853 adhesive Substances 0.000 description 1
- 230000001070 adhesive effect Effects 0.000 description 1
- 239000002390 adhesive tape Substances 0.000 description 1
- 229910052782 aluminium Inorganic materials 0.000 description 1
- XAGFODPZIPBFFR-UHFFFAOYSA-N aluminium Chemical compound [Al] XAGFODPZIPBFFR-UHFFFAOYSA-N 0.000 description 1
- 230000003321 amplification Effects 0.000 description 1
- 230000033228 biological regulation Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000003197 catalytic effect Effects 0.000 description 1
- 239000004020 conductor Substances 0.000 description 1
- 230000000994 depressogenic effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005265 energy consumption Methods 0.000 description 1
- 238000005530 etching Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000005294 ferromagnetic effect Effects 0.000 description 1
- 238000002513 implantation Methods 0.000 description 1
- 230000002401 inhibitory effect Effects 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000007257 malfunction Effects 0.000 description 1
- 229910001092 metal group alloy Inorganic materials 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000003199 nucleic acid amplification method Methods 0.000 description 1
- 230000005693 optoelectronics Effects 0.000 description 1
- 239000002245 particle Substances 0.000 description 1
- 230000000149 penetrating effect Effects 0.000 description 1
- 230000000505 pernicious effect Effects 0.000 description 1
- 230000010287 polarization Effects 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
- 230000035484 reaction time Effects 0.000 description 1
- 230000002829 reductive effect Effects 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000005303 weighing Methods 0.000 description 1
- 210000000707 wrist Anatomy 0.000 description 1
- 229910000859 α-Fe Inorganic materials 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/067—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
- G06K19/07—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
- G06K19/073—Special arrangements for circuits, e.g. for protecting identification code in memory
- G06K19/07309—Means for preventing undesired reading or writing from or onto record carriers
- G06K19/07318—Means for preventing undesired reading or writing from or onto record carriers by hindering electromagnetic reading or writing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/067—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
- G06K19/07—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
- G06K19/0723—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips the record carrier comprising an arrangement for non-contact communication, e.g. wireless communication circuits on transponder cards, non-contact smart cards or RFIDs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/08—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code using markings of different kinds or more than one marking of the same kind in the same record carrier, e.g. one marking being sensed by optical and the other by magnetic means
- G06K19/10—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code using markings of different kinds or more than one marking of the same kind in the same record carrier, e.g. one marking being sensed by optical and the other by magnetic means at least one kind of marking being used for authentication, e.g. of credit or identity cards
- G06K19/14—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code using markings of different kinds or more than one marking of the same kind in the same record carrier, e.g. one marking being sensed by optical and the other by magnetic means at least one kind of marking being used for authentication, e.g. of credit or identity cards the marking being sensed by radiation
- G06K19/145—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code using markings of different kinds or more than one marking of the same kind in the same record carrier, e.g. one marking being sensed by optical and the other by magnetic means at least one kind of marking being used for authentication, e.g. of credit or identity cards the marking being sensed by radiation at least one of the further markings being adapted for galvanic or wireless sensing, e.g. an RFID tag with both a wireless and an optical interface or memory, or a contact type smart card with ISO 7816 contacts and an optical interface or memory
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K7/00—Methods or arrangements for sensing record carriers, e.g. for reading patterns
- G06K7/10—Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
- G06K7/10544—Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation by scanning of the records by radiation in the optical part of the electromagnetic spectrum
- G06K7/10821—Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation by scanning of the records by radiation in the optical part of the electromagnetic spectrum further details of bar or optical code scanning devices
- G06K7/1097—Optical sensing of electronic memory record carriers, such as interrogation of RFIDs with an additional optical interface
Definitions
- the invention relates to contactless communication between two remote organs such as a fixed terminal and an independent portable electronic object held by a user.
- Such contactless data exchange systems (that is to say without galvanic contact) are well known and, among the applications of this technique, we find - without limitation: physical access control, by example for access to a protected room or to which access is restricted to certain persons who must first identify themselves; logical access control, for example to an IT function; data decryption, etc. ; as well as monetary transactions such as "electronic wallet” type applications, toll or payment applications, etc.
- a portable object for example of the "contactless card” or “contactless badge” type, which will hereinafter simply be called “card” - the term “card” being however chosen that for convenience and without any limiting character, the invention applies to any type of electronic portable object such as badge, ring, bracelet, key, pendant, etc. likely to exchange information with a contactless terminal (hereinafter “terminal”) by bringing the card closer to the latter so as to allow non-galvanic coupling between these two members.
- terminal contactless terminal
- the exchange of information following this coupling is operated by modulating an electromagnetic field which can either be a field where the electrical component is dominant (in the field of radio frequencies, microwaves or even light frequencies) or else in which the component magnetic is preponderant, the coupling then being operated by varying a magnetic field produced by 10th induction coil, technique known as the "induction process".
- the card used in the latter technique can be of the "active” type, that is to say comprising an incorporated power supply battery, or else "passive 1 , c is to say remote powered by energy emitted by the terminal, in particular magnetic energy, which often makes the induction method prefer.
- the invention aims to protect against a certain risk of fraud and malicious acts to which the type of contactless communication system by electromagnetic field could be exposed.
- this type of system is vulnerable to "electronic pickpocketing", where an “electronic pickpocket” fraudster approaches the card, without the knowledge of its holder, a counterfeit portable terminal to fraudulently establish a communication link with the card and, for example in the case of an electronic purse, improperly withdraw monetary units from the memory of the card.
- the object of the invention is a contactless communication system between a card and a terminal which makes it possible to ensure excellent protection against the risks of "electronic pickpocketing".
- the invention provides a system for contactless communication between a terminal and a portable object such as a card, the terminal and the card each comprising electromagnetic field transceiver means and the card comprising a chip with processing circuits and a memory writable on command from the terminal, characterized in that the card comprises validation means, conditioning at least one step of the exchange of data between terminal and card to a predetermined external action of confirmation exercised with this card by the holder of the card, these validation means comprising, in the card, light receiving means cooperating with the electronic digital processing circuits and with the memory.
- the predetermined confirmation action may in particular be the exposure of the card to ambient lighting.
- the memory contains a data forming an indicator of activation or inhibition of the validation means indicating whether, respectively, said step of the data exchange must or not be conditioned to said predetermined external action of confirmation .
- This activation or inhibition indicator can be a predetermined static datum, possibly an irreversibly predetermined static datum, or else a datum which can be dynamically modified by a terminal during said data exchange.
- the conditional step of the data exchange can be the activation of the writing of the memory of the card, and / or the activation of the reading of this memory.
- the exchange of data is conditioned upon the reception by the card of a light emitted by the terminal.
- the terminal preferably emits light with its own characteristic modulation, and the memory of the card contains modulation setpoint parameters, compared by the card to the actual parameters of modulation of the light received by the light receiving means. from the menu.
- the terminal can also emit light with characteristic information modulation, the card memory containing setpoint information compared by the card to the actual information conveyed by the modulated light received by the light receiving means of the card, this information deposit is preferably transmitted in encrypted form, the card then containing corresponding encryption / decryption means.
- the light emitting and receiving means of the terminal can be located in the vicinity of each other, or else be located at a distance from each other, semi-reflecting means then being provided for make the directions of propagation of the emitted and received rays substantially confused, respectively, or else be located in the vicinity of each other in the radial direction relative to the directions of propagation of the rays emitted and received, and offset between them in the axial direction.
- the card comprises a monolithic chip integrating the light receiving means and the electronic circuits for digital processing and for the memory.
- This chip can in particular carry an integrated mask obscuring at least the circuits of the card memory, or the coating material of the card can have an orifice leaving visible the light receiving means and obscuring at least the memory circuits of the map.
- the card chip includes an electrically accessible input terminal for the conditional activation of memory writing and / or an electrically accessible output terminal delivering a signal following the predetermined external confirmation action exercised by the card holder and / or an electrically accessible input terminal receiving a signal representative of the predetermined external confirmation action exercised by the card holder. It is even possible to provide a coupling between the input terminal for the conditional activation of the writing of the memory and the output terminal delivering a signal following the predetermined external confirmation action, with interposition of encryption means / decryption, and or provide a specific metallization of the card chip connecting the input terminal for the conditional activation of the writing of the memory and the output terminal delivering a signal following the predetermined external confirmation action .
- FIG. 1 is a general schematic view of the system of the invention.
- Figure 2 illustrates more precisely the exchange of signals between card and terminal.
- FIG. 3 is a flowchart explaining the course of the various steps of communication between card and terminal.
- FIG. 4 illustrates an embodiment of the card chip.
- FIG. 5 is a first improvement of the embodiment of FIG. 4.
- FIG. 6 is a second refinement of the embodiment of FIG. 4.
- FIG. 7 shows the card provided with detection means of the magnetic anti-theft target type.
- FIG. 8 shows the card provided with detection means of the coded magnetic target type.
- Figure 9 illustrates how the targets in Figure 8 are coded.
- FIG. 10 shows the system with the terminal provided with detection means for detecting the card by occultation.
- FIG. 11 shows the system with the terminal provided with telemetric means for detecting the card.
- FIG. 12 is a timing diagram of various signals noted on the assembly of FIG. 11.
- FIG. 13 shows a first configuration of the light transmitter-receiver means of the terminal.
- FIG. 14 shows a second configuration of the light transmitter-receiver means of the terminal.
- FIG. 15 shows a third configuration of the light transmitter-receiver means of the terminal.
- FIG. 16 is a view of a monolithic chip integrating the light receiving means.
- FIG. 17 shows a possible implantation of the chip of FIG. 18 in the system card.
- FIG. 18 shows a card provided with light reflecting means.
- Figure 19 illustrates the mutual recognition implementation of the system of the invention.
- FIG. 20 illustrates a control logic for a card with inhibition of reading and / or writing as a function of the presence of an external light.
- FIG. 21 is a variant of FIG. 20, allowing a conditional invalidation of the inhibitor circuit.
- FIG. 22 is a variant of FIG. 20, allowing conditional acquisition of the instructions.
- FIG. 23 schematically illustrates a means of automatic compensation for the operation of the circuit of the card according to the level of the external illumination.
- FIG. 24 illustrates a particular configuration of embodiment of the photoelectric member of the card, seen from above.
- FIG. 25 is a section along A-A in FIG. 24.
- FIG. 26 is a section along B-B in FIG. 24.
- FIG. 27 illustrates another particular configuration of embodiment of the photoelectric member of the card, seen from above.
- At least a critical part of the communication between the card and the terminal is made conditional on a voluntary action on the part of the user, more precisely a voluntary action captured by the detection of a light, the communication function being made conditional on the presence (or absence) of this detection of the light.
- the voluntary action consists in taking out the card to present it to the terminal; in this case, the card may include a light detector ambient, a photosensitive element such as a photodiode, a phototransistor or a photovoltaic element, for example.
- the card may include a light detector ambient, a photosensitive element such as a photodiode, a phototransistor or a photovoltaic element, for example.
- the card combines a reflecting surface and a detector of a beam emitted by the terminal, the latter comprising a detector of the beam reflected by the card.
- the card detector can then be used to revive the card (in standby mode with low consumption in the absence of the beam), while the encoding of the beam can incorporate informational content (a specific authorization code for example) to which the card is sensitive.
- the detection at the terminal of the reflected beam can also serve, as will be explained below, to increase the power of the electromagnetic field produced by the latter (or to trigger its emission), as will be described below.
- Another aspect of the invention which can be combined with the previous one, aims to reduce or interrupt the electromagnetic field emissions in periods when full power is not required continuously, the emission of the electromagnetic field can be reactivated when a card is present or likely to appear. Not only do we reduce the risks inherent in electromagnetic field emissions, but we can also obtain energy consumption savings in field generation.
- the terminal may include means for detecting the approach or the presence of a user in order to reactivate the emission of the field, with a different communication channel for initialization, on the one hand, and for remote control and / or data transmission, on the other hand.
- the detection means comprise an ambient light detector (a photoelectric cell for example) which is obscured by the 'ap- close to the card or the user's hand or wrist holding the card.
- the detection means can include a light beam which crosses the access passage to a facing photocell, and which is interrupted by user approach.
- the approach of the user can be detected by a weight detector (for example more than 20 kg) located under the access passage, for example.
- the terminal can be reactivated when passage control means are released, when the door of a bus is opened, for example.
- the terminal can operate in a reduced field during the quiescent period, then reactivate at higher power for the exchange of data with the card.
- a reflective surface is provided on the card and the emission by the terminal of a light beam (not necessarily in the wavelengths of visible light) whose reflection by the card is detected at terminal by a cell.
- a light beam not necessarily in the wavelengths of visible light
- the reflecting surface is preferably catalytic, that is to say at both reflective and refractive, for example in the form of a network of transparent or translucent prisms, or with retroreflective balls, reflecting the incident beam on a solid angle much wider than the angle of the beam itself.
- the reference 100 generally designates the contactless terminal or TSC, and the reference 200 the contactless card or CSC, the term "card” used being, as stated above, of course in no way limiting.
- the terminal 100 is designed to emit a field electromagnetic 102, for example at 13.57 MHz, which allows the activation of a card 200, as well as a light beam 104 in the direction of the card.
- the card 200 captures the electromagnetic energy by means of a winding 202 of a circuit tuned to the frequency of the field 102, the energy necessary for its operation is extracted from this field for:
- the contactless transaction begins: for example, for a contactless payment transaction, exchange of characters and orders preliminary to the transaction itself such as: date, serial and batch number, banking information, validated , etc.
- a photodetector element 204 Prior to payment, a photodetector element 204 is interrogated to detect the possible presence of the light beam 104 expected from the terminal; on the presence at its terminals of a predetermined electrical signal, the transaction is authorized to execute. If the signal is not observed under the conditions provided (for example, after m milliseconds or else iterations of a software loop) writing into memory is refused, possibly until the chip is switched off, that is to say until leaving the field. As the terminal does not receive confirmation of the expected entry from the card, it therefore refuses the transaction.
- an "electronic pickpocket" provided with an antenna for example a coil concealed in a glove and connected to a terminal simulator box carried in a pocket or in a bag, cannot effectively activate the card without the knowledge of the user: even if the electromagnetic field 102 is correctly emitted by the antenna of the pickpocket, and the card is consequently correctly supplied and initialized, the latter cannot, except the will of its holder, receive the necessary light beam to the completion of the transaction, and therefore of the writing and then the report which must be made at the terminal. - More precisely, as illustrated in FIG.
- the photodetector element 204 is connected, via an amplifier and demodulator circuit 206, to an input 208 of the chip 210 itself connected, via the pads 212, to the antenna (winding) 202 , the whole being mounted on a card 200 carrying a photoreflective element 214 such as a retro-reflector, a cataphot, a strip of retroreflective adhesive, etc. It is thanks to this photoreflective means provided on the card that the ray 104 emitted by the terminal returns to the photodiode 106 of this same terminal, which causes the triggering, diagrammatically by the switch 108, of the emission of the electro field. - magnetic 102 necessary for the contactless transaction operation, this via circuits 110 of the terminal.
- the flow diagram of FIG. 3 explains the operating sequence of the terminal-card system.
- the card On reception of the electromagnetic field emitted by the terminal (step 300), the card extracts the energy necessary for its operation (establishment of the internal supply V_ c , step 302), then to its initialization:
- step 306 starting the microprocessor or electronic circuits in the case of a wired logic type chip.
- step 308 exchange of characters and preliminary commands to the transaction itself (date, batch number, validity, etc.).
- the card can be debited by simply activating a write-in memory signal allowing the amount of the debit to be entered.
- a condition is imposed for the writing to take place in the card, namely the establishment of a "transaction authorized" bit (step 310), by means which will be explained below. with reference to FIG. 5.
- the waiting loop 312 allows that, in the movement of presenting the card to the terminal which lasts only a few fractions of a second, a position occurs. correct operation of the photodetector element 204 vis-à-vis the light ray 104 for a few milliseconds.
- the actual debit can then be written, of the amount x provided, for example 25 francs.
- the continuation and the end of the payment process can be er (step 312) the card can in particular report to the terminal by a last message of the completion of a complete transaction.
- the card in the event that the card moves away from the terminal to the point of no longer being able to continue properly exchanging signals with the terminal, it immediately returns to its inert state prior to entry into communication and the progress of the 'flowchart of the figure is interrupted thereby, allowing the return to the initial state also on the terminal side.
- FIG. 4 schematically illustrates an embodiment of the invention which does not require modification of the software for controlling the chip (in the case of a microprocessor card), nor of any pre-existing logical arrangement d '' a wired logic card. This is of great interest, in particular in the case of chips, the design of which is already fixed, in particular to meet international standards or other constraints weighing on the specific definition of a rapid payment system for example.
- the chip 210 can be organized so that it has:
- the other components shown are: - the coil 202, connected to the input I ⁇ and the output O j ⁇ of the chip,
- a RAMWE * entry for writing to RAM which, in the present case, is connected by connection 222 to the ground potential so as to make it possible at any time to write counters to RAM, scales, registers, batteries, etc.
- the writing in EEPROM which, alone, allows a useful transaction, depends materially - and only materially - on the truth of the signal VRV * in 220, without it being necessary to modify in any way the arrangement internal, logical or software, of chip 210.
- FIGS. 5 and 6 illustrate improvements of the mode of implementation which we have just described, by providing for additional discrimination operated by the card on the physical characteristics of the light ray emitted by the terminal (FIG. 5) and or informational content. conveyed by this same light ray ( Figure 6).
- the light ray 104 received by the photodetector 204 and amplified at 206, is applied to a demodulation and decoding circuit 226 capable of extracting information representative of the frequency F, of phase 0 and of the pattern or "pattern" P specific to the light emission 104.
- These parameters are compared with expected values stored in the memory 228 of the chip and applied to a reference input 230 of the circuit 226.
- the conformity of all these parameters is detected by gate 230 and transmitted via a flip-flop 232 to gate 234 which, by controlling the WRITE write input of memory 228, authorizes the recording therein of the amount x of the transaction.
- a comparator 236 determines the conformity of the information received via the light beam (and therefore passed on by the terminal, the latter having itself received it from the memory of the card) with the number directly extracted from the memory 228, if necessary after decryption by circuit 238.
- the card 200 includes a strip 248 made of ferromagnetic material, of the type used in stores as an anti-theft device for discs or books.
- This strip comprises a combination of metal alloys arranged so as to enter into resonance by detection of hysteresis with a field 118 emitted by the terminal 100, itself comprising electronic circuits oscillators and amplifiers 120 for the production of this field and detection circuits 122 of the same type as those used in the systems my locks.
- the main transmitter of the terminal is activated.
- the electronic control circuits inhibit the main transmitter of the terminal.
- thin rings of ferromagnetic material with a thickness of approximately 0.1 mm are incorporated into the thickness of the card 200.
- this number is not limiting, and one can for example provide a number of the order of two to twenty.
- some of these rings (262 in Figure 9) are partially sectioned, others (264 in Figure 9) being left intact.
- the main transmitter of the terminal On positive detection (presence of the correct code formed by the five rings) the main transmitter of the terminal is then activated. On the contrary, in the absence of the correct code (therefore in the absence of a card), the electronic control circuits inhibit the main transmitter of the terminal.
- the terminal and the entire system are arranged to take account of the losses caused in the form of eddy current in the metal rings 260.
- the terminal 100 includes an orifice at the rear of which is mounted a photodetector 128, which allows the emission of the field 102 to be triggered via an electronic circuit 130 and a switch means 132.
- a monostable scale 134 the darkness detected by the shutter of the photodetector by applying the card 200 to it triggers the main transmitter for the shortest possible duration, for example 200 ms.
- FIGS. 11 and 12 illustrate a variant operating by telemetry, where a certain distance between the card and the terminal is required for the entry into operation of the main transmitter, so that the latter is not inadvertently triggered by cards which, for example more than 50 cm away, would not be able to communicate with the terminal anyway. It is possible to use a phototelemetry method in order to exploit only the maps that are as precisely as possible under the useful conditions, for example about twenty centimeters.
- the propagation time of the light ray between its starting point (light-emitting diode 136 of the terminal) and its end point (photodiode 138 of the terminal) is measured: - operation of a fast clock (for example 100 MHz ) 140 on the inputs 142 and 144 (corresponding respectively to the signals illustrated in FIG. 12) of an EXCLUSIVE OR gate 146, whose output signal 148 is also illustrated in FIG. 12;
- a fast clock for example 100 MHz
- a pulse duration (signal 148) of the order of 0.6 ns (for a total cycle of 10 ns) constitutes a measurable quantity with components of appropriate characteristics, in particular by integration: RC 150 circuit , 152 delivering a voltage V 154 inversely proportional to the distance between the card and the terminal (we must of course take into account the time constants of the circuit and of the components which influence the rise and fall times on the signals) ;
- a monostable flip-flop 156 can be triggered by a 0.6 ns pulse creating itself on the Q output (in the case where the distance between card and terminal is greater than 20 cm) x pulse of duration, for example equal to 150 ms, is necessary for the automatic progress of the complete transaction.
- an assembly is provided on the terminal comprising one or more light emitters 158 cooperating with a plurality of photoreceptors 160 such as photodiodes or the like, assembled for example on a 1 cm module.
- the photodiodes are equipped with an optical system such as a lens making it possible to pick up from several angles the ray reflected by the card, so as not to require a presentation of the card in a positio which is too predetermined, which would be restrictive for the user.
- a particular optical system could comprise, as illustrated in FIG. 14, a plurality of semi-reflecting mirrors 162 inclined at 45 ° in the axis of the light-emitting diodes 164, the photoreceptors 166 being arranged perpendicular to the axis of the light emitters.
- FIG. 14 can, as a variant, be replaced by that of FIG. 15, the transceiver comprising a plurality of emitting diodes 168 and a photodiode 170 slightly depressed relative to the plane of the emitting diodes 168 (or the reverse) so as not to be dazzled by the light 172 produced by the latter, but receiving only the light energy 174 returned by the reflective material 266 of the card 200.
- the transceiver comprising a plurality of emitting diodes 168 and a photodiode 170 slightly depressed relative to the plane of the emitting diodes 168 (or the reverse) so as not to be dazzled by the light 172 produced by the latter, but receiving only the light energy 174 returned by the reflective material 266 of the card 200.
- a chip 268 is provided in the card comprising: - pads 270 intended for connection of the coil 202, as well as possibly pads 272 intended for connection to the various contacts (in the case a contactless contactless card), - one or more photodetector elements 274 such as photodiode or phototransistor, photovoltaic structure, etc., - a layer of opaque material 276, where an orifice 278 (FIG. 17) allows the passage of light towards the photodetector 274, while the other organs of the chip, and in particular the programmable, erasable or rewritable memories such as EPROMs or EEPROMs which can be sensitive to light radiation, are protected from light.
- a protective window can be arranged outside the semiconductor, so for example not to be hit.
- the coating 280 of the chip in PVC, ABS, etc.
- the coating 280 of the chip may include such an orifice 278, provided that the latter is machined and positioned with precision; the dimensions of the orifice are of the order of 0.1 or 0.01 mm depending on the fineness of etching of the assembly and the optical characteristics of the material and its machining.
- a photoreflective surface 214 such as cataphot, reflector or retroreflective adhesive tape.
- the light reflection function can also be obtained by special machining or treatment of the coating, including for example aluminum particles.
- a terminal 100 recognizes a card 200 by emission of a light ray 176, reflection at 282 by the photoreflector
- the card and the terminal enter into dialogue, on the initiative of the terminal (transceivers on both sides), - optically, the card expects from the terminal an authorization signal 178, used by the semiconductor 210, which validates the dialogue and allows writing to memory.
- the terminal permanently emits a light beam (therefore without biological risk), possibly modulated
- the terminal picks up the reflected ray, processes and decodes the recovered signal in order to eliminate the effects of ambient light, and the resulting signal gives an indication of the approach or presence of a user
- the terminal leaves its quiescent state and emits the main electromagnetic field
- the card receives the electromagnetic field, extracts the energy necessary for its internal power supply, demodulates the signal and activates the microprocessor as well as the integrated detection photodiode
- the microprocessor of the contactless dialogue card with the terminal then, before debiting the amount provided, interrogates the photodiode integrated in the card, which generates a logic signal after processing and decoding the current generated by the beam; on positive detection, the microprocessor of the card validates the payment authorization, proceeds to the recording in the memory of the card and continues or completes the transaction.
- a card has also been described comprising for this purpose an ambient light detector with a photosensitive element (referenced 274 in the figures) such as a photodiode, a phototransistor or a photovoltaic element for example, the voluntary action consisting in removing the card to activate this ambient light detector.
- a photosensitive element referenced 274 in the figures
- the voluntary action consisting in removing the card to activate this ambient light detector.
- the photosensitive member 274 produces, after amplification and thresholding logic signal LUX which will allow (or not) the operation of the card due to the illumination of celle- c above, illuminance, as indicated above, may be the result of only ambient light.
- a bistable 300 controls a specific WRITE_INHIBIT input of the microcircuit 268 (cf. FIG. 16), which will prohibit writing into memory.
- the state of the bistable 300 is controlled, on the one hand, by the LUX signal and, on the other hand, by various signals applied by a control logic 302, which is in fact a subset of the microcircuit 268) .
- the flip-flop 300 is reset to zero by the initial positive pulse of general reset of the chip, shortly after the power up of
- the photodetector 274 In the dark, the photodetector 274 generates on the input 304 of the door 306 a LUX signal in the low state. As soon as the initial reset pulse has fallen, the flip-flop 300 is thus positioned at T
- the WRTTE_INHIB ⁇ command becomes inactive, thus authorizing writing, at least for the duration of the transaction.
- the "electronic pickpocketing" operation consisting in approaching the target card a false portable terminal provided with an antenna adequate to start up unduly map in order to record a debit transaction is impossible as long as the card resi ⁇ in the darkness of a bag, a wallet, a purse, etc. The user is therefore guaranteed against this particularly pernicious risk of fraud.
- this security is made optional, at the option of the manufacturer manufacturing the protected card. Indeed, for the needs of this or that customer, it may be desirable that this security can be systematically activated or deactivated at will at the stage of card manufacturing / personalization.
- a particular location of the memory is assigned to an indicator determining this setpoint.
- This indicator located at an address ADDRESS_PROTECT_WRITE (AD_PROT_W), is read on the DATA data output . OUT of memory.
- ADDRESS_PROTECT_WRITE AD_PROT_W
- AD_PROTECT_READ AD_PROT_R
- the card is then provided with a bistable 310, similar to the bistable 300 and capable of producing on its output 312 a READJNHIBIT signal conditioning the reading operation of the memory of the card microcircuit, in the same way as the WRITE signal. .INHIBIT conditioned the writing. It is also possible to provide an OR gate (not shown) activated by the two signals READJNHIBIT and WRITE_INHIBIT to generate a general inhibition signal, in read and write.
- the manufacturer can indifferently offer either a traditional contactless smart card, or the same card which is also secured against "night access", that is to say against reading attempts and / or writing in the dark. This, for the low cost of a few components (less than ten doors), as well as a specific treatment of the surface of the plastic and / or the integrated circuit (as described above with reference to FIGS. 16 and 17, and below in reference to Figures 24 to 27).
- IGNORE.WRITE DATA_OUT (AD)
- IGNORE_READ DATA_OUT (AD +1)
- the reading of the two initial positions of the memory provides by execution of a NOR function with the LUX state of the photodetector the status of the two inhibition commands WRITE JNHIBIT and READJNHIBIT.
- FIG. 21 illustrates an alternative embodiment allowing a conditional invalidation of the inhibitor circuit, that is to say allowing in certain specific cases determined a "night operation" of the integrated circuit, that is to say allowing operation despite the no ambient light.
- a specific address AD _INV_NOC contains a specific indicator assigned to this function which, in combination with a predetermined content of the memory, for example '1', will position a flip-flop 314 via a gate 316.
- the signal INV_NOC Protection invalidation Nocturne
- the signal WRITE JNHIBIT at '0', and this independently of the state of the LUX signal representative of the absence or the presence of light on the photosensitive element 274.
- the operating mode will be as follows: when entering the site, the holder extracts the card from his wallet, from his pocket, from his handbag, ... so as to expose it to ambient light.
- the terminal com- mence by performing on the memory of the card the operations of reading, and possibly of writing, necessary to control access to the site. After which, the terminal writes to the address AD JNV4N0C the agreed value, so as to predetermine at 'TRUE', later, the parameter INV_NOC.
- FIG. 22 illustrates a particular embodiment allowing a conditional acquisition of the instructions.
- the state of three variables is positioned as soon as the microcircuit is switched on (RESET): presence of light (LUX), IGNO-RE_WRITE setpoint and IGNORE_READ setpoint.
- FIGS. 23 to 27 illustrate particular technological aspects which are advantageous for producing a card incorporating photodetector means of the type illustrated in FIGS. 16 and 17.
- FIG. 23 thus illustrates an automatic compensation circuit for the supply of the microcircuit 268 as a function of the possible level of illumination, in order to avoid risks of mid-malfunctions.
- crocircuit by parasitic illumination of the components. This parasitic phenomenon could moreover be exploited maliciously by a fraudster who wishes to override the security incorporated in the card by deliberately creating malfunctions so as to cause 5 untimely opening of doors, positioning of flip-flops in a state different from that predicted by logic equations, etc., all phenomena likely to occur when the card is caused to operate outside the nominal conditions provided.
- the signal coming from the photodetector 274, suitably processed by the specific amplifier 334, ensures the control of the general supply of the microcircuit 268 (or, at least, of the most vulnerable to its organs) via a programmable regulation circuit 336 placed on the DC supply line.
- a corrective action can be exerted on a specific polarization input 338 of the microcircuit, capable of intervening on the gain or the threshold of the sensitive stages.
- Another protection which it is important to implement consists in guiding the incoming light towards the target point (sensitive photodetector zone of the microcircuit) by avoiding the illumination of the other components.
- the photosensitive zone 340 extends along one of the sides of the chip 268, and the light arrives via an orifice 342 formed through the substrate 344, the light therefore penetrating, 5 as illustrated at 346 in FIG. 25, on the side of the substrate 344 opposite to that where the chip of the microcircuit 268 is located.
- one of the wires 348 is formed before welding with a section U (see in particular Figure 26) giving it an inverted gutter shape, the hollow part 350 being turned towards the photosensitive surface 340 of the microcircuit chip 268.
- FIG. 27 In another alternative embodiment, illustrated in FIG. 27, with the aim of preventing any light ray from reaching the surface of the microcircuit carrying the various logic components (components located on the side referenced 352 in FIG. 27) , there is the photodetector member 274, here in the form of an attached component, next to the microcircuit chip 268, but vertically turned over, that is to say with its sensitive surface turned in the opposite direction to that of the surface 352.
- a chip card "micromodule” consisting of a printed circuit in the form of a very thin substrate 344.
- Adequate tracks such as 354 are provided on the substrate 344 of the micromodule so as to be able to connect by welding the pads 356 of the photosensitive component 274 and the pads 358 of the inverted microcircuit 268.
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Computer Hardware Design (AREA)
- Computer Networks & Wireless Communication (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Toxicology (AREA)
- Artificial Intelligence (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Credit Cards Or The Like (AREA)
Applications Claiming Priority (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR9713345A FR2770315B1 (fr) | 1997-10-24 | 1997-10-24 | Systeme pour la communication securisee sans contact entre un terminal et un objet portatif tel qu'une carte a puce |
FR9713345 | 1997-10-24 | ||
FR9800428 | 1998-01-16 | ||
FR9800428A FR2770316B1 (fr) | 1997-10-24 | 1998-01-16 | Systeme pour la communication securisee sans contact entre un terminal et un objet portatif tel qu'une carte a puce |
PCT/FR1998/002209 WO1999022334A1 (fr) | 1997-10-24 | 1998-10-14 | Systeme pour la communication securisee sans contact entre un terminal et un objet portatif tel qu'une carte a puce |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1048003A1 true EP1048003A1 (de) | 2000-11-02 |
Family
ID=26233889
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP98949065A Ceased EP1048003A1 (de) | 1997-10-24 | 1998-10-14 | System zur gesicherten kontaktlosen kommunikation zwischen einem endgerat und einem tragbaren gegenstand wie eine chipkarte |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP1048003A1 (de) |
JP (1) | JP2002530726A (de) |
FR (1) | FR2770316B1 (de) |
WO (1) | WO1999022334A1 (de) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE10317257A1 (de) | 2003-04-14 | 2004-11-04 | Giesecke & Devrient Gmbh | Kontaktloser Datenträger |
US20050116813A1 (en) * | 2003-08-19 | 2005-06-02 | Ramesh Raskar | Radio and optical identification tags |
GB2410151A (en) | 2004-01-15 | 2005-07-20 | Rf Tags Ltd | A radio frequency identification tag with means sensitive to light for controlling communication between rfid tag and reader |
FR2957438B1 (fr) | 2010-03-09 | 2012-03-30 | Proton World Int Nv | Detection d'un deroutement d'un canal de communication d'un dispositif de telecommunication couple a un circuit nfc |
FR2957439B1 (fr) | 2010-03-09 | 2012-03-30 | Proton World Int Nv | Protection d'un canal de communication entre un module de securite et un circuit nfc |
FR2957440B1 (fr) | 2010-03-09 | 2012-08-17 | Proton World Int Nv | Protection d'un module de securite dans un dispositif de telecommunication couple a un circuit nfc |
FR2969341B1 (fr) | 2010-12-20 | 2013-01-18 | Proton World Int Nv | Gestion de canaux de communication dans un dispositif de telecommunication couple a un circuit nfc |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2180349A5 (de) * | 1972-04-11 | 1973-11-23 | Gretag Ag | |
US4325146A (en) * | 1979-12-20 | 1982-04-13 | Lennington John W | Non-synchronous object identification system |
FR2478849B1 (fr) * | 1980-03-21 | 1985-12-20 | Veilex Robert | Carte portative d'identification et systeme de traitement mettant en oeuvre une telle carte |
FR2665008B1 (fr) * | 1990-07-20 | 1994-09-23 | Elgelec | Dispositif a infra-rouge comportant une fonction "reveil" de l'alimentation. |
GB9205269D0 (en) * | 1992-03-11 | 1992-04-22 | Olivetti Res Ltd | Tracking and/or identification system |
FR2728710A1 (fr) * | 1994-12-23 | 1996-06-28 | Solaic Sa | Carte electronique comportant un element fonctionnel activable manuellement |
-
1998
- 1998-01-16 FR FR9800428A patent/FR2770316B1/fr not_active Expired - Fee Related
- 1998-10-14 WO PCT/FR1998/002209 patent/WO1999022334A1/fr not_active Application Discontinuation
- 1998-10-14 JP JP2000518358A patent/JP2002530726A/ja active Pending
- 1998-10-14 EP EP98949065A patent/EP1048003A1/de not_active Ceased
Non-Patent Citations (1)
Title |
---|
See references of WO9922334A1 * |
Also Published As
Publication number | Publication date |
---|---|
FR2770316A1 (fr) | 1999-04-30 |
WO1999022334A1 (fr) | 1999-05-06 |
JP2002530726A (ja) | 2002-09-17 |
FR2770316B1 (fr) | 2000-06-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1062633B1 (de) | Vorrichtung zum maskieren von betriebsvorgängen in einer mikroprozessorkarte | |
EP0670556B1 (de) | Tragbare Vorrichtung für funktionelle Verbindung zwischen einer IC-Karte und einer Zentraleinheit | |
EP0633551B1 (de) | Verfahren zur schnellen und sicheren Übertragung von in einer IC-Karte enthaltenen Daten, während einer Teletransaktion | |
EP0565469B1 (de) | System zum kontaktlosen Austausch von Daten zwischen einem Endgerät und einer modularen, tragbaren Einheit | |
EP2065857A2 (de) | Mikroprozessorkarte, eine solche Karte enthaltendes Telefon und Ausführungsverfahren eines Befehls in einer solchen Karte | |
FR2799860A1 (fr) | Systeme pour des transferts de carte a carte de valeurs monetaires | |
EP2517141B1 (de) | Mehrzweck-chipkarte mit biometrischer validierung | |
EP1210689A1 (de) | Architektur für chipkarte mit integrierten peripheriegeräten | |
EP2390823A1 (de) | Bankkarte mit Displayanzeige | |
EP1759333B1 (de) | Optische vorrichtung zur biometrischen erfassung mittels kontakt und system mit dieser vorrichtung | |
EP2065858A2 (de) | Mikroprozessorkarte, eine solche Karte enthaltendes Telefon und Ausführungsverfahren eines Befehls in einer solchen Karte | |
FR2998392B1 (fr) | Systeme de carte a puce, carte a puce, dispositif destine a une interaction sans contact avec un systeme de carte a puce ou avec une carte a puce et procede de mise en fonctionnement et procede de fabrication d'un systeme de carte a puce ou d'une carte a puce | |
CA2439516A1 (fr) | Objet portable sans contact comportant au moins un dispositif peripherique connecte a la meme antenne que la puce | |
EP2936379B1 (de) | Erkennung einer transaktionsvorrichtung | |
EP1048003A1 (de) | System zur gesicherten kontaktlosen kommunikation zwischen einem endgerat und einem tragbaren gegenstand wie eine chipkarte | |
EP2065859A2 (de) | Mikroprozessorkarte, eine solche Karte enthaltendes Telefon und Verarbeitungsverfahren in einer solchen Karte | |
EP1025531A1 (de) | Induktives kontaktloses kommunikationssystem zwischen einem endgerat und einem tragbaren gegenstand wie eine chipkarte | |
FR2548803A1 (fr) | Etiquette optoelectronique | |
FR3059803A1 (fr) | Systeme et procede de securisation d'au moins un element d'une borne transactionnelle non surveillee | |
EP0919959B1 (de) | Tragbares Objekt, insbesondere Uhr mit mehreren auswählbaren elektronischen Modulen | |
EP2242005A1 (de) | Kommunikationsvorrichtung mit zwei über eine gemeinsame Kommunikationsschnittstelle verbundenen Chips | |
FR3078422A1 (fr) | Carte a puce sans contact a modules electroniques multiples communicants | |
FR2561703A1 (fr) | Appareil d'acces a serrure et cle codee | |
EP2378453B1 (de) | Tragbares elektronisches Kartenprüfgerät, das für die Ausführung von nicht zertifizierten Programmen adaptiert ist | |
EP1965328B1 (de) | Sicherungsverfahren und damit gesichertes Mobilgerät |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20000512 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE |
|
17Q | First examination report despatched |
Effective date: 20010125 |
|
GRAG | Despatch of communication of intention to grant |
Free format text: ORIGINAL CODE: EPIDOS AGRA |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED |
|
18R | Application refused |
Effective date: 20020823 |