EP1299788A1 - Dispositif mobile de stockage et de communications de donnees, et procede de communication - Google Patents

Dispositif mobile de stockage et de communications de donnees, et procede de communication

Info

Publication number
EP1299788A1
EP1299788A1 EP01934750A EP01934750A EP1299788A1 EP 1299788 A1 EP1299788 A1 EP 1299788A1 EP 01934750 A EP01934750 A EP 01934750A EP 01934750 A EP01934750 A EP 01934750A EP 1299788 A1 EP1299788 A1 EP 1299788A1
Authority
EP
European Patent Office
Prior art keywords
data
memory locations
information
records
host computer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP01934750A
Other languages
German (de)
English (en)
Inventor
Jacob EHRENSVÄRD
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cypak AB
Original Assignee
Cypak AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cypak AB filed Critical Cypak AB
Publication of EP1299788A1 publication Critical patent/EP1299788A1/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices

Definitions

  • the present invention relates to an electronic mobile data communication device for storing information related to a holder of the device and communicating such information to a requester such as a host computer in a data network.
  • One aspect is authentica tion, where the general problem is in the service end to positively identify an individual at a remote location.
  • the general approach is a login procedure, where the service provider prompts the user for a user identity and a password.
  • a more sophisticated method is to use a challenge-response scheme, where the service provider challenges the user with a code, which differs from time to time, and the user must then pass back a response, which is unique to each challenge.
  • This method also includes usage of single use codes, where the user initially has been supplied with a set of secret random codes, known only by the service provider and the user.
  • a second aspect is digital signatures, where a recipient of information needs a replacement for a hand-written signature and to positively identify the information integrity, where a fraudulent modification of the information can be detected.
  • a third aspect is privacy in terms of visibili ty, where some applications require encryption of the information passed between a sender and a recipient.
  • the encryption key must be known by the sender and the recipient only. In order to increase the. strength of the encryption, the key can be changed over time, ultimately for each new session.
  • a fourth aspect is privacy in terms of accessibility, where the access to private personal data needs to be controlled.
  • different types of information may have different security attributes for read and write access.
  • Even if most operating systems include some access security, information stored on a local hard disk is generally accessible for both reading and writing when a user is logged in.
  • a fifth aspect is mobili ty, where the user moves between different computers, including mobile terminals.
  • Personal information including secret keys and passwords gener- ally resides on a computer's fixed storage, i.e. the hard disk. It is generally not feasible to move this information between different locations, as well as the problem of keeping data in different locations synchronized.
  • a related concern is the security problem, which arises when secret information is stored in a non-movable media.
  • a sixth aspect is session termina tion, where a login procedure generally distinguishes between being on-line or off-line.
  • a common concern is the case when a user have logged in to a service and performed some desired action and then leaves the computer without having performed a logout action.
  • a visible metaphor is a car, where the start procedure turns the engine on and makes the car usable. When the key is removed, the engine stops and the car is. unusable. If the car is left with the key in and the engine on, anyone can steal it and drive away.
  • Another aspect is the growing number of manufacturers providing support for their products on the Internet, where each product has an URL containing product information, sup- port, software updates, drivers etc.
  • a URL is generally present to obtain support about the product. It is an obvious obstacle for the end-user to start the Internet browser, accurately en- ter an URL and finally register the product to gain access to the support site.
  • the physical state of a product may be used to direct a end ' user to different applications or URLs.
  • a product which has .not been paid in a store, not being opened, being tampered with, being negatively affected by transportation etc., may provide valuable feedback for the manufacturer at the same time , that its state properties may allow a support environment to change its behavior based thereupon.
  • a simple user-friendly form on a packaging itself may be used to manually enter some variables in the same way a traditional paper form is being used.
  • a simple keypad incorporated in a packaging may be used to direct the user to an appropriate support site, customer feedback form, upgrade site, advertisement etc.
  • An object of the invention is to provide a. small, portable, application- and workstation-independent low-cost device which is capable of storing information related to a holder/owner of the device in a well-defined manner, and capa- ble of readily communicate a selection of this information to a requester in a data network.
  • the requester would typically be a service provider in the network, for example on the Internet, but could also be the owner oneself retrieving per- sonal information stored in the. device to a personal computer.
  • Another object of the invention is to provide a mobile data communication device that is capable of carrying and readily communicating a number of single use secret codes to securely authorize or entitle a service from a service pro- vider.
  • the secret codes could be used in producing digital signatures on information stored in or external to the device and communicated between the holder and service provider.
  • the secret codes could also be used to encrypt the information to be. communicated.
  • Still another object of the invention is to provide a mobile and low-cost data communication device which is capable of storing locations in a data network, such as URLs on the Internet, and is capable of readily accessing these locations in an automated manner.
  • an electronic mobile data communication for storing information related to a holder of the device and communicating such information to a requester such as a host computer in a data network.
  • the device has electric energy supply means, data input means, data processing means, data storage non-volatile memory means and data transceiver means in operative connection.
  • the data storage means has a number of programmable memory locations for storing said information as a structured collection of data, and the data transceiver means, when initialized by the holder, is adapted to automatically transmit selected pieces of said data to said requester.
  • the device can be regarded as a mobile data carrier or "token" device (TD) having ' differ- ent non-volatile memory locations and input means to control access to these memory locations.
  • the device further comprises a wireless transceiver interface to allow bi-directional communication with a host application running either on a local computer or in a multi-tier environment, where the client ap- plication is controlled by a server application running at a Service Provider (SP) .
  • SP Service Provider
  • the terminal device is equipped with a transceiver interface connected to an I/O port, allowing a software application to communicate with the TD bi- directionally.
  • the memory locations included in the TD can be characterized as having different purposes and attributes:
  • Fixed static storage that cannot be altered after personalization of the TD. These locations may include fixed information like a world-unique TD identifier, a user name, nationality, sex, weight, length, hair color, i.e. passport information, programmed by the TD issuer. In addition to this, other fixed information may be included, such as licenses, including flight certificate, drivers li- cense, haulers/carrier license etc-.
  • a tag owner database where each entry stored in the memory array is tagged with a tag identifier and a link to this database.
  • Each stored tag can be queried from the application program running in the connected computer.
  • the user can assign different security attributes on each tag and for each entry in the tag owner database, depending on the privacy and secu- rity concern for each particular combination of tag and owner..
  • the meaning of the tags is to be defined by a central tag authority, thereby enabling a public use of them. There may also be some tag owner specific tag IDs, where only the tag ' owner knows the meaning. Each tag may also keep a timestamp when it expires.
  • a timestamp can be specified not to expire at all, the administrative task of keeping track of which tags to keep when the storage space is about to be exhausted is left to the TD owner.
  • the TD owner can at any time delete a specific tag, or all tags owned by a specified tag owner. For fixed tags, the rules may apply differently.
  • the TD checks the security attribute for the tag. If the tag is programmed as "not free", the TD alerts the re- questing application to prompt the user to acknowledge the request to retrieve the particular tag(s). The user then performs the acknowledgement by using the input means on the TD, thereby achieving a security that cannot be tampered with in the local application.
  • the information storage is secured by software means, it can be considered that some users will find an extra relief in the emotional feeling that the removal of the TD- from the interface physically inhibits further information retrieval and modification.
  • the device according to the invention is capable of performing secure transactions, where a ' SP needs to verify if a desired action is authentic.
  • a device according to the invention is capable of keeping a storage of single-use keys to perform encryption. An application in the terminal retrieves keys from the TD, where each new encryption uses a unique set of keys, known only by the ' TD and the SP.
  • a device is also capable of creating a "digital signature" for each transaction being performed.
  • An irreversible hashing algorithm using the binary representation of the information being transferred and the key retrieved from the TD can form such a digital signature, which can be used by the SP to verify that the transferred in- formation is intact and signed by an authorized user.
  • a device is further capable of governing a timed usage of a service, where each "logon" procedure marks a key value as used. When all keys in the TD has been used, the authentication fails and the service usage expires.
  • a metaphor is the ticket or "telephone-card", where the usage and physical marking of the ticket is represented by the invalidation of each key index entry.
  • Each key entry represents a specific option available for download. After one option has been used once, it cannot be used again. Value added vouchers, often included in software packages or music recordings, allows retrieval of an option or a future upgrade to authentic users.
  • a device addresses one common method of protecting software, where small devices, "dongles", are connected to an I/O port of the computer, where the application software searches for the presence of the dongle in order to start or perform some desired action.
  • This is a big obstacle for the user, since these dongles generally interferes with the ordinary usage of the I/O port. Also, functional generally prob- lems arise when multiple dongles, particularly from different vendors, are attached. Another obstacle is the physical location of the I/O ports, which makes it impractical to move the dongle between different computers.
  • a token device can also take other forms.
  • it can be manufactured to be integrated into a package such as a cardboard box, a courier pack,, ticket, voucher etc.
  • a navigation device in its most basic. form, has a pre- • programmed URL.
  • an installed driver launches a browser application and navigates to this predetermined URL.
  • the access token is provided with input means, which may include a keyboard or touch-sensitive graphic images or electronic circuits, registering the state of a package.
  • the navigation process can be controlled to switch between different pre-programmed URLs.
  • the access token contains a world-unique identifier, such as a 64-bit number.
  • a read/write memory area which can be altered from the host application.
  • the navigation process can be performed in three dif- ferent ways:
  • the server application receives the identity and the state of the token and/or input means to determine which URL or application to launch.
  • the client application or browser receives the state of the token and/or input means to determine which URL or application to launch.
  • the TD keeps a list of URLs. Depending on the state of the token and/or input means the TD transmits different
  • the invention provides a convenient device , and ' a method for the management of personal data, addressing mobility and privacy concerns, enabling information to be carried between multiple locations as well as the ability to physically hold the information in a secure place when needed.
  • FIG. 1 is a front view with parts broken away of a transaction card according to the invention
  • FIG. 2 is a diagrammatic view showing a transaction card according to Fig.l in communication with a service provider in a network
  • Fig. 3 shows a first layer printed onto a bottom lamina of a transaction card according to the invention and including capacitive conductor patches;
  • Fig. 4 shows a second layer printed onto the first layer of the bottom lamina and including an insulating, patch
  • Fig. 5 shows a third layer printed onto the second layer of the bottom lamina and including electric circuits
  • Fig. 6 is a functional diagram of a transaction terminal according to the invention.
  • Fig. 7 is a functional diagram of a transaction device according to the invention.
  • Fig. 8 is a block and circuit diagram of a system including a transaction terminal and a transaction device ac- , cording to the invention.
  • Fig. 9 diagrammatically depicts components of a device according to the invention.
  • Fig. 10 diagrammatically shows a device according to the invention in communication with a personal computer
  • Fig. 11 shows a database table representation of a portion of a non-volatile memory of the device
  • Fig. 12 shows a table explaining the data field shown .in Fig. 4;
  • Fig. 13 shows table representations of another por- tion of a memory of the device and of a service provider; and.
  • Fig. 14 shows a device according to the invention incorporated in a package provided with input means and adapted for communication with a service provider.
  • FIGs. 1 through 5 A preferred embodiment of a mobile low-cost electronic token device according to the invention is shown in Figs. 1 through 5.
  • the device can be implemented in objects having virtually any shape, such as a badge, cardboard box or a CD envelope, a convenient standardized format is the physical shape of an IS07811 credit card having integrated electronics.
  • the card 10 may optionally be provided with a magnetic strip (not shown) and an embossed text field to be approved for use as a conventional credit card.
  • the card 10 is preferably composed of three laminated sheets 12, 18, 24, preferably of polyester plastics, material and having a combined thickness of about 0.8 mm, i.e. the thickness of the conventional credit card.
  • the card is provided with in ⁇ put means including a keypad 14, data storage and processing means including an integrated circuit (IC) 50, and trans- DCver/energy supply means including a capacitive transceiver or bi-directional transmitter 38, parts of which are shown in Figs. 6 through 9.
  • the input means is shown and described as a keypad, it may well be a biometric sensor, such as a fingerprint reader (not shown) .
  • a biometric sensor such as a fingerprint reader (not shown)
  • the capacitive interface there is used the capacitive interface.
  • the card can be made sealed with no sensitive parts accessible by the user, where for traditional Smart Cards, mechanical degradation, • dirt, grease and corrosion of contact pads is a major obstacle .
  • the keypad 14 which is suitably located at an upper part of the card front face has twelve keys for manual entry of numbers 0-9 as well as "Enter” and "Clear” commands.
  • the keypad 14 is preferably a membrane-type keypad that is embedded in the card 10. More precisely, the thin resilient polyester plastic material of the top sheet 12, having printed key sym- bols on its front face, constitutes the keypad key membranes.
  • On the bottom inside face of the top sheet 12 electrically conductive switch pads 16 are printed.
  • the intermediate sheet 18 functions as a spacing layer having circular recesses 20 in register with the switch pads 16 and also having a rectangular recess 22 housing IC 50.
  • the bottom sheet 24 has an uppermost printed circuit layer 26 (se also Fig.
  • switch areas 28 in register with the switch pads 16 and the circular recesses 20.
  • the arrangement is such that when a cardholder presses. a key on the keypad 14, the corresponding conductive switch pad 16 overbridges the space of about 0.5 mm formed by the corresponding recess 22 and comes into contact with a registering switch area 28.
  • a corresponding electric circuit 32 which is normally broken by a dense pattern of conductors 30 camming into each other in the switch area 28, is thereby closed.
  • Each electric circuit 32 is connected to the IC 50 via printed connector patches of a connecting interface 54.
  • the printed circuit layer 26 forms a top layer in the bottom sheet 24.
  • the inside of the bottom sheet 24 has two underlying additional printed layers, namely a printed electrically insulating ' intermediate layer 34 and a printed capacitive bottom layer 36.
  • the bottom layer 36 which forms a part of the capacitive transceiver 38 (Fig. 9) to be later described, com- prises three capacitive patches 40, 42, 44 which are electri- . cally connected to the IC 50 via printed, connector patches 46, 47, 48. These are in turn connected to connector patches 56, 58, 58 of the connecting interface 54 (Fig. 4) when the top circuit layer 26 is printed onto the insulating intermediate layer 34.
  • the IC 50 has data storage, processing and input/output means designed for the particular purpose and for use of the card as a transaction device.
  • Fig. 2 shows a transaction card 10 ready for use, placed on a Card Interface (CI) comprising a capacitive close proximity transceiver in the shape of a card reader 60.
  • CI Card Interface
  • the card reader 60 has a card-receiving surface 62 onto which the card 10 is placed to communicate with a requester or a Service Provider (SP) 72, which in turn is capable of communicating with the card reader via a network 70 and a Transaction Terminal (TT) 68 connected to the card reader 60 by a cable 66/
  • SP Service Provider
  • TT Transaction Terminal
  • the shown card reader 60 has also a display 64 for prompting necessary actions during a communication process.
  • a database 74 of the SP 72 stores information that can be used in communication with a large number of devices 10 according to the invention.
  • the connection between TT 68 and SP can either be continuous or intermittent.
  • the TT 68 can either be specially de- signed for the purpose or be a standard personal computer including a portable computer, PDA (Personal Digital Assistant) or even a cellular telephone, equipped with the reader or reader interface 60.
  • the transceiver of the card reader 60 is capable of bidirectional communication with cards.
  • the card reader 60 is shown as a stand-alone device but can also be an integral part (not shown) of the TT 68.
  • the card can perform data exchange with the TT using the card reader 60.
  • exchange of data is performed by wireless means using close-proximity capacitive data transmission and power supply for the card to be later described.
  • Figs. 6 and 7 show diagrammatic, functional arrangements of respectively a card reader 60 and the card/ device 10, whereas Fig. 8 shows specific components of the combined system.
  • the capacitive patches 40, 42, 44 of the card 10 will come into registration with corresponding capacitive patches 40b, 42b, 44b facing the patches 40, 42, 44 in close proximity when the card 10 is located on the receiving surface 62 (Fig. 2) .
  • the card 10 and the card reader 60 will then form a capacitive circuitry which is capable of supplying electric power to the circuitry of the card 10 and ex- changing digital data between the card 10 and the card reader 60 as follows:
  • the card reader is regarded as an external host unit 60 sharing a capactive interface in close proximity to the card 10 regarded as a guest unit and including the integrated circuit 50 connected via an interface 126.
  • the three pairs of conductive areas 40-40b, 42-42b, and 44-44b form the common- capacitive interface.
  • the transaction terminal 68 When the transaction terminal 68 is a personal computer, it is typically equipped with a standard V.24/V.28 interface.
  • the transaction terminal 68 is further equipped with a proprietary software driver (not shown) to control the data flow for the host unit 60.
  • this driver can either be an installed driver module or a part of an application program.
  • the CCITT V.24/V.28 electrical specification states a minimum voltage output swing at a stated loading. Even though the specification itself does not state that an attached device may be powered from the interface, as long as the stated maximum loading is not exceeded, it is a benefit to be inde- . pendent of external power. Where it is undesired to put further, loading on the serial port or the serial port itself does not fully comply to the driver requirements stated in the specification, external power may be applied from an AC/DC adapter or batteries included in the host unit. If desired, an interface. control signal may be used to control the power of the host unit 60, where one state is a low-power, standby condition and the other an active, full-power state.
  • a principal circuitry of the host unit 60 may be imple- mented as follows:
  • the host unit 60 is designed to be connected to a standard V.24/V.28 serial port, where the voltage levels of outputs RTS and DTR are programmed by the interface software to be at a high level, thereby providing a positive supply volt- age. for the circuit elements.
  • the Receive Data Input (RxD) has mark level at a negative level, thereby providing a negative supply for a level shifter 98.
  • Additional tank and smoothing capacitors 82, 96 are provided and may be supplemented with a voltage-stabilizing element, such as a parallel zener diode (not shown) .
  • a level shifter 84 provides shifting of input voltages to the host unit, and provides- a logic high output when the input is at mark level, i.e. inactive.
  • An oscillator schmitt-trigger NAND circuit 86 will then oscillate at a frequency primarily set by a LC resonant circuit comprising a resistor 90, an inductance 92, and a capacitor 94 present on the output of schmitt-trigger 88.
  • This resonant circuit provides a carrier output on conducting area 42b.
  • the value of resistive feedback can be kept high to reduce the loading of the resonant circuit.
  • Further benefits of using HCMOS devices includes low operating power, low output impedance, rail-to-rail output swing and input protection diodes, thereby providing a high output swing of the resonant circuit with a minimum of design complexity.
  • a logic low output disables the oscillator function, so that the output of the resonant circuit fades and a DC level is present on terminal 42b.
  • the output of the resonant circuit will provide a pulse-modulated carrier, which is then capacitively coupled over to the portable device.
  • the guest unit 10 has a high input impedance and is further explained below in the detailed description of the trans- action device interface.
  • capacitors are formed by plates 40- 40b, 42-42b and 44-44b.
  • the actual capacitor values are pri- mari.ly given by the plate size, the distance between the plates and the type of dielectric material (s) present between them.
  • the design where plates 42 and 44 are connected together implies a reduced stray capacitive coupling between plates 42b and 44b.
  • Another benefit is that the portable device is symmetric, i.e. it can be rotated in steps of 180° without loss of functionality.
  • a first closed capacitive loop is formed by following the output of the resonant circuit in the host unit 60, via plates 42b-42 to the guest unit 10, through a rectifier bridge 120 having four diodes 122, through the parallel impedance circuit 114 including a capacitor 116 and a resistor 118, and back to ground in the host unit 60 via plates 40-40b.
  • a second closed capacitive loop is formed by following . the output of the resonant circuit in the host unit 60, via plates 42b-42, 44-44b and via the input diode 106 and resistor 102 down to ground in the host unit 60.
  • the first capacitive loop induces a voltage on terminal RX in the. guest unit 10.
  • an optional peak-hold diode and tank capacitor (not shown) , a low-current circuitry can then be powered in the guest unit 10, without severely affecting the signal transfer between the host unit 60 and the guest unit 10.
  • the guest unit 10 further comprises a transistor 112 connected in parallell with the impedance circuit 114.
  • Digital data information can be transmitted back from the guest unit 10 to the host unit 60 by controlling the transistor 112 -from a TX terminal in the guest unit 10.
  • the transistor 112 conducts, the input on plate 42 is effectively shorted to ground via plates 40-40b, thereby attenuating the voltage on plate 44 coupled to plate 44b.
  • the quiescent coupling of the carrier filtered in the input network connected to the level shifter 98 in the host unit 60 is then attenuated.
  • a properly selected threshold value of the input to level shifter 98 together with a hysteresis perform the demodulation of the in- formation transferred from the guest unit 10 to the transaction terminal 68.
  • NRZ Non- Return to Zero
  • the off-time can be reduced, thereby enabling a more continuous voltage in the guest unit 10.
  • This preferred embodiment has an inexpensive, easy to im- plement, self-tuned design with relaxed requirements of the reactive components.
  • Components having a relatively poor tolerance of about ⁇ 10% of ideal values are usable in the system and are widely available at a low cost.
  • the capacitive loading formed by the guest unit 10 as well as different stray capaci- tances just slightly moves the oscillator center frequency, without severely affecting the output amplitude.
  • the host unit 60 As the host unit 60 operates at low power, it can be directly powered from the interface signals, thereby eliminating the need for external power, such as provided from an AC adapter or a set of batteries.
  • the guest unit operates at virtually zero quiescent current, without compromising the abilities to receive data at any time.
  • a token device (TD) 10 according to the invention is shown in communication with a service provider 72 via a data network 70 such as the Internet.
  • he device 10 can also be considered as comprised of the major components organized as in the diagrammatic scheme of operatively interconnected blocks shown in Fig.9.
  • the device 10 has the integrated circuit 50 incorporating data processing means 130 and nonvolatile memory means 132.
  • the integrated circuit 50 is capable of transmitting and receiving information to and from the service provider 72 by the interface coupling means 36 via signal conditioning means 136.
  • the electric energy for the components of the device 10 ' is supplied via voltage stabilizing means 138.
  • the electric energy source can be a thin cell battery laminated in the card. However, the electric energy is. preferably transferred to the device 10 from the card reader 30 by the interface coupling means 36.
  • the interface coupling means 24 includes wireless transceiver means incorporating the close proximity capacitive transceiver described previously.
  • the card reader 30 communicating with the device 10 is provided with the corresponding interface 60 (fig. 8) capable of transmitting and receiving digital information to and from the device 10.
  • the corresponding interface 60 (fig. 8) capable of transmitting and receiving digital information to and from the device 10.
  • the reader inter- face 60 is connected to a personal computer 68 by a cable such as a serial cable 66, and may conveniently be located close to the top surface of a mouse pad 140.
  • a cable such as a serial cable 66
  • the device 10 according to the invention shaped as a credit card is placed on the reader interface 60 it is immediately prepared to communicate with an application program in the transaction terminal/personal computer 68.
  • the device When the user receives the device 10, the device is prepared for personalization and the memory 132 is preprogrammed with a unique identification number.
  • a driver package is available as a resident program or a plug-in module to an Internet browser, allowing a request for a particular memory tag to be retrieved back to the host application server.
  • the information stored in the non-volatile memory 16 is organized in a record structure, where each record is divided into data fields. Each record is identified by a unique record identifier, ID, which is specified for each access to a record. The central part of each record is the data, the meaning of which depends on the ID.
  • ID unique record identifier
  • an authority defines the meaning of certain ranges of IDs. In an open environment, where the meaning of certain IDs are clearly defined and available, an application may retrieve information from a TD. and get the desired data without having further knowledge about the purpose and the issuer of the TD.
  • an authority In order to clearly identify each issued TD as unique, an authority must define an ID which holds an unique identifier. That record must be stored at the time of manufacturing of the TD and must not be changed during the lifetime of the TD.
  • the memory 132 has memory locations for storing records according to the tables shown in Figs. 11 and 13 as a structured collection of data. As shown in Fig. 12, each record represents a piece of information or data and includes attributes governing the access to these data. More precisely, the access attributes govern restrictions whether the information stored therein may be read or altered by overwriting.
  • tag 0 representing the location for the world-unique identification number of the device can be read without restriction.
  • Tags 1-4 can be read only by acknowledgement, either by pressing an OK- key (tags 1,2) or entering a four digit PIN-code on the keypad (tags 3, 4) .
  • overwriting memory locations labeled by tags 0-2 cannot be altered at all once they are entered, whereas the memory locations labeled by tags 3, 4 may be altered by the owner only.
  • Information in the TD is organized in a record structure, where each record is defined by: Identity field: Uniquely identifies the record in the memory array.
  • Data Data associated with the record. The exact meaning of the data field i.s defined by the ID.
  • Read attribute Controls the read access for the record.
  • Write attribute Controls the write access for the record.
  • the attributes govern the access permissions read and write access, respectively, where the attributes are defined by a type and access counter, defined below.
  • Type which is one of the following:
  • Disabled Access is disabled. Free: The record can be accessed without restrictions.
  • Access must be acknowledged using the input means, typically an OK button.
  • Identify Access is allowed if the TD holder identifies itself using a personal signature using the input means, typically a PIN code entry, where different types may apply for length of code or different codes.
  • a preset counter which after each valid access is decremented by one. When the counter reaches zero, further access to the record is disabled.
  • An external host application can request access to records in the TD by specifying a list of IDs. Depending on the security attributes, further user authentication may be needed using the input means. If the request is positively acknowledged, in the case of read access, the information is then transferred back to the host application. In the case of write access, information is then requested from the host application.
  • a sample ses- sion may be executed as:
  • the server application finds that the requested ID is not in the database, so another request for tags 1 and 2 are passed to the TD. Since the attributes are set to Req ACK, the client browser displays a dialog indicating "The server application would like to retrieve your First name and Last name. Acknowledge if you accept this request”. If the user con- firms the request by pressing the "Ok” button on the TD, the data "John” and “Smith” are both passed back to the server application.
  • the storage capabilities of the TD can be used to store personal settings on the TD, instead of keeping it in a central database.
  • the user is always in charge of controlling any attempt to retrieve or alter data from the TD by setting access attributes accordingly.
  • the user can at any time delete all records in the TD associated with a particular site or service.
  • An additional stand-alone software application may be provided to be installed on the host computer to support an easy overview over the stored information and, when applicable, performs basic operations regarding tag data and attributes.
  • a backup and restore utility may also be provided to move information between disk storage and the TD.
  • FIG. 13 there are stored six predefined keys in the non-volatile memory. Two of these keys have been used.
  • the TD keeps an image of the same key values as those stored in the SP database. Following this example, a transaction can be performed as :
  • the SP requests the ID, i.e. the data corresponding to tag ID 0 in Fig. 12, thereby identifying which SP image in the database to be used for the transaction process. 2.
  • the SP requests the next key unused value, specifying index 258.
  • the TD prompts the user from the display of host computer 68 or card reader 60 to enter the PIN from the keypad of
  • the SP requests authentication of a desired action.
  • the TD searches for the first unused value, which would be 258. 3.
  • the TD prompts the user to enter the PIN from the keypad
  • the TD transfers the ID, index 258 and the value 6210CBD4 back to the SP.
  • the SP uses the ID together with index 258 to determine if the key value is authentic.
  • the limited number of pre-stored keys can be used to enable a time- or usage-limited scheme, such as a given service expires after a predetermined number of usage occasions.
  • the device 10 is preferably issued by a "trusted partner" as compared with current trusted partners supplying network interface boards, each of which also has a world- unique identification number.
  • a TD is issued, the user is prompted to change the PIN, thereby making the usable access code known only to the TD holder.
  • the general commonly used method to permanently block the TD if more than three consecutive invalid PINs are entered may be implemented.
  • TDs may be shipped blank and be programmed later in the lifecycle of the .card.
  • the TD authority may define the write attributes of some IDs as "write once", which then means that the data can be written one time only.
  • a key aspect of the invention is that there is no way of retrieving or modifying the PIN using the external interface. This implies that even if a fraudulent knowledge about a TD' s PIN is presnt, there is by no means possible to remotely retrieve information from a TD without having the physical TD. The possibility of a valid TD holder in a fraudulent way retrieving information from the TD can of course never be prevented. Since the security and integrity of the system must not rely on the fact that some parts of the technology and algorithms are kept strictly secret, it can be expected that third party drivers, including fraudulent ones, are developed, and from the applications point of view, acts like if it was a physical TD connected, there must be a secure way of qualifying retrieved or written information as authentic.
  • One option is to use a digital signature of each record retrieved from or written to the card, where data of a predetermined record are used as an operator for the digital signature algorithm.
  • TD authority defines a limited range of IDs, where the data is automatically transferred to the host application when triggered by events like TD presence, TD removal and triggering of input means. Depending on the driver, this can be used to automatically trigger launching of a host application, such as a word processing program or an Internet browser. Further, the data passed from the TD may include additional application parameters, such as a document specifier or a target URL, to be used for navigation, thereby creating an interactive navigation device.
  • the device 10'' is integrated into a package 11 such as a cardboard box.
  • the cardboard structure has a user input means 15 provided with pressure sensitive areas 17 for signaling depressions by the user via. signal lines 13 to the device 10''.
  • the pressure sensitive areas 17 are provided with printed symbols or characters (not shown) guiding the user in the process.
  • the transaction terminal reader interface 60 is in this case embedded close to the surface of a tabletop 140', for example in a package distributing terminal.
  • the device 10' is integrated in a software CD package 11' that can be placed on the capacitive reader interface 60.
  • the capacitive interface 60 is connected to the serial port of a per- sonal computer 68.
  • the capacitive interface may alternatively be a small device ' such as the interface 60 in Fig. 2 having a cavity matching the physical shape of the device 10.
  • An installed software driver or browser plug-in provides the logic to retrieve data from the card memory and transfer it to the application, providing additional steps if necessary.
  • the memory in the TD can either be fixed, pre-programmed by the issuer of the TD or be freely programmable by the TD owner using a stand-alone support application.
  • the action of placing the device 10 on the capacitive interface automatically triggers navigation to the predetermined URL stored in the memory. If an Internet browser is not active, the software driver first launches the appropriate browser application.
  • the card is equipped with membrane keys as described previously, where each key or each key sequence is linked to a particular URL stored in the memory. This provides a solution for the mobile user to quickly accessing the "personal favorites" often stored on disk and accessible from an Internet browser.
  • the TD can be freely integrated into simple sheets of plastic, paper or cardboard, thereby opening up the field of integrating the technology into product packaging, either integral, as tear-off part or as an included printed "active voucher".
  • the vendors can then open a dialog with the customer, whereby on placing a product packaging on the interface, the customer is automatically directed the appropriate product page, where product registration, support information and additional promoting may be available.
  • Applications may include Music CD-envelopes, software packages, computer hardware etc.
  • An additional feature is the ability to programmati- cally alter an URL at a specific location from the server application, thereby allowing a different navigation procedure after some event has occurred, such as after a successful download or after an identification procedure has been com- pleted.
  • a different navigation scheme can be estab- lished, thereby automatically directing the user to different locations depending on the physical state of the product.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Storage Device Security (AREA)
  • Credit Cards Or The Like (AREA)

Abstract

L'invention concerne un dispositif électronique mobile de communications de données, qui peut stocker des données concernant un détenteur du dispositif et les communiquer à un demandeur dans un réseau de données, au moyen d'un ordinateur hôte. Le dispositif comprend une source d'énergie électrique, un moyen d'entrée des données, un moyen de traitement des données, une mémoire permanente de stockage des données, et un émetteur-récepteur de données actif. La mémoire de stockage des données présente plusieurs emplacements de mémoire programmables servant à stocker les données à communiquer en tant qu'ensemble structuré de données. Une fois configuré par le détenteur, l'émetteur-récepteur peut transmettre automatiquement au demandeur une sélection de données.
EP01934750A 2000-05-19 2001-05-17 Dispositif mobile de stockage et de communications de donnees, et procede de communication Withdrawn EP1299788A1 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US574832 1990-08-29
US57483200A 2000-05-19 2000-05-19
PCT/SE2001/001096 WO2001090858A1 (fr) 2000-05-19 2001-05-17 Dispositif mobile de stockage et de communications de donnees, et procede de communication

Publications (1)

Publication Number Publication Date
EP1299788A1 true EP1299788A1 (fr) 2003-04-09

Family

ID=24297834

Family Applications (1)

Application Number Title Priority Date Filing Date
EP01934750A Withdrawn EP1299788A1 (fr) 2000-05-19 2001-05-17 Dispositif mobile de stockage et de communications de donnees, et procede de communication

Country Status (5)

Country Link
EP (1) EP1299788A1 (fr)
JP (1) JP2003534592A (fr)
CN (1) CN1265257C (fr)
AU (1) AU2001260903A1 (fr)
WO (1) WO2001090858A1 (fr)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1397014A1 (fr) * 2002-09-04 2004-03-10 SCHLUMBERGER Systèmes Primitives WIM (WAP Identification module) pour gérer le protocole secure socket layer (SSL)
JP4511459B2 (ja) 2002-10-17 2010-07-28 ヴォウダフォン・グループ・ピーエルシー トランザクションの容易化および認証
GB0319918D0 (en) * 2003-08-23 2003-09-24 Ibm Method system and device for mobile subscription content access
WO2005027035A1 (fr) * 2003-09-16 2005-03-24 Gold Fusion International Limited Systeme, appareil et procede de transmission sans contact
WO2005101977A2 (fr) * 2004-04-22 2005-11-03 Fortress Gb Ltd. Systeme de securite multi-facteurs a dispositifs portatifs et noyaux de securite
CN103065079B (zh) * 2012-12-21 2015-06-17 飞天诚信科技股份有限公司 一种防骗签的方法

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5852775A (en) * 1996-09-12 1998-12-22 Earthweb, Inc. Cellular telephone advertising system
US5964877A (en) * 1997-04-07 1999-10-12 Victor; David William Method and system for programming a security system to protect a protected unit

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO0190858A1 *

Also Published As

Publication number Publication date
JP2003534592A (ja) 2003-11-18
CN1440525A (zh) 2003-09-03
WO2001090858A1 (fr) 2001-11-29
CN1265257C (zh) 2006-07-19
AU2001260903A1 (en) 2001-12-03

Similar Documents

Publication Publication Date Title
US6616035B2 (en) Method and device for identification and authentication
US8811959B2 (en) Bluetooth enabled credit card with a large data storage volume
JP4682498B2 (ja) 通信装置及び通信装置のメモリ管理方法
US7886970B2 (en) Data communicating apparatus and method for managing memory of data communicating apparatus
US10303867B2 (en) External secure unit
CA1293325C (fr) Systeme pour support de donnees portatif
US7089388B1 (en) Terminal for use in a system interfacing with storage media
KR20210029198A (ko) 스마트 카드를 통한 동적 url 생성 시스템 및 방법
KR20160070061A (ko) 신원 검증 장치 및 방법
US20080048024A1 (en) Accommodating multiple users of a secure credit card
EP1703408B1 (fr) Appareil de communication de donnees et procede de gestion de la memoire d'un appareil de communication de donnees
US9466057B2 (en) RF presentation instrument with sensor control
WO2005117527A2 (fr) Dispositif electronique destine a securiser une authentification pour un proprietaire et procedes de mise en oeuvre d'un systeme mondial d'authentification hautement securisee
EP0270571A1 (fr) Agencement pour supports portatifs de donnees ayant des fichiers a applications multpiles.
JP4738105B2 (ja) 情報処理装置およびその制御方法
US11449631B2 (en) Electronic device for managing personal information and operating method thereof
EP1299788A1 (fr) Dispositif mobile de stockage et de communications de donnees, et procede de communication
JP4135151B2 (ja) Rfidを用いたシングルサインオン方法及びシステム
JP5107885B2 (ja) 個人情報提供装置、個人情報提供方法
CN101084508A (zh) 网络信息保护方法以及存储介质
JP5409871B2 (ja) 個人情報提供装置、および個人情報提供方法
KR200401587Y1 (ko) 원 타임 패스워드 생성용 스마트카드 리더 장치
JP4291068B2 (ja) Icカード及びicカードシステム
CN101383014B (zh) 信息处理系统和装置、读/写器、访问控制管理方法
US20020124058A1 (en) Navigation device

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20021206

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR

AX Request for extension of the european patent

Extension state: AL LT LV MK RO SI

17Q First examination report despatched

Effective date: 20050224

17Q First examination report despatched

Effective date: 20050224

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN WITHDRAWN

18W Application withdrawn

Effective date: 20081015