EP1332478A2 - Kontaktloses elektronisches identifizierungssystem - Google Patents

Kontaktloses elektronisches identifizierungssystem

Info

Publication number
EP1332478A2
EP1332478A2 EP01973948A EP01973948A EP1332478A2 EP 1332478 A2 EP1332478 A2 EP 1332478A2 EP 01973948 A EP01973948 A EP 01973948A EP 01973948 A EP01973948 A EP 01973948A EP 1332478 A2 EP1332478 A2 EP 1332478A2
Authority
EP
European Patent Office
Prior art keywords
application
data
transponder
appl
memory
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP01973948A
Other languages
English (en)
French (fr)
Inventor
Jean-Claude Rais
Abdul-Hamid Kayal
Pierre Desarzens
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Omega Electronics SA
Original Assignee
Omega Electronics SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Omega Electronics SA filed Critical Omega Electronics SA
Priority to EP01973948A priority Critical patent/EP1332478A2/de
Publication of EP1332478A2 publication Critical patent/EP1332478A2/de
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/0719Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips at least one of the integrated circuit chips comprising an arrangement for application selection, e.g. an acceleration sensor or a set of radio buttons
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/0723Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips the record carrier comprising an arrangement for non-contact communication, e.g. wireless communication circuits on transponder cards, non-contact smart cards or RFIDs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/0008General problems related to the reading of electronic memory record carriers, independent of its reading method, e.g. power transfer

Definitions

  • the present invention relates generally to a contactless electronic identification system, commonly known by the name "RFID system” (Radio Frequency Identification) or “CID system” ( ⁇ ontactless Identification). More specifically, the present invention relates to such a contactless identification system employing information carriers, or transponders, arranged to operate with several applications. The present invention relates in particular to an electronic identification system according to claim 1.
  • RFID system Radio Frequency Identification
  • CID system ⁇ ontactless Identification
  • Electronic contactless identification systems are used in various applications, in particular as identification and access authorization systems for entry control, time management or subscription applications, or as access control systems. '' access to paid services (pre- or postpaid) for cash or automated machine applications.
  • a separate identification system is used for each application.
  • a system typically includes (i) information carriers, or transponders, carried by users and generally in the form of cards or electronic components integrated into portable objects such as watches, (ii) reading units dispersed over the various access sites (for example to the various entrances to a building to which access is regulated), and (iii) at least one programming unit for configuring the various transponders for the application concerned.
  • the transponder used in this identification system comprises in particular storage means comprising a segmented memory space for receiving application data relating to a plurality separate applications. More specifically, each memory segment comprises a segment identification or label making it possible to identify to which application the application data contained in the concerned memory segment relate. This label, or "stamp", is made up of a sequence identifying the application concerned and which is a function of the level of organization of this application in a hierarchical authorization system.
  • the aforementioned organization of the data in the memory of the transponder implies the systematic browsing (by the processor of the transponder or by the reading unit) of the stored data in order to identify whether the data application-specific applications are present in the transponder's memory. It will be understood that this solution has in particular a disadvantage in terms of speed and ease of access to the data stored on the transponder.
  • the security of the data is moreover simply ensured by a process of authentication of the transponder with the reading unit, that is to say a unilateral authentication.
  • the reading unit is arranged to transmit to the transponder a random number which is encoded by this transponder at by means of a coding key and then retransmitted to the reading unit to be decoded by means of a coding key which is stored in the reading unit and which is identical to the coding key of the transponder. If the result of the decoding is identical to the number transmitted initially, the communication is then established.
  • this unilateral authentication is generally not sufficient to ensure an adequate level of security.
  • a bilateral or reciprocal authentication should at least be implemented, that is to say an authentication of the transponder with the reading unit and of the reading unit with the transponder.
  • the fact remains that the data subsequently exchanged between the reading unit and the transponder can be observed by third parties.
  • a general aim] of the present invention is thus to propose an identification system making it possible in particular to respond to the above-mentioned problems, namely a multi-application identification system requiring, for a given user, only a single transponder to access to several separate applications.
  • Another object of the piesente invention is to provide such a multi-application contactless electronic identification system which is simple, rapid, which has a high level of security as well as great flexibility of use.
  • Yet another object of the present invention is to further guarantee security between the different applications, that is to say to guarantee that an application and that the data relating to an application developed by a first operator or service provider does not may be visible, accessed or modified by another service provider having developed another application to which the user has also subscribed.
  • the present invention thus relates to a contactless electronic identification system, the characteristics of which are set out in claim 1.
  • the present invention also relates to a method for formatting and managing data in means for storing a transponder, the characteristics of which are set out in claim 14.
  • the present invention also relates to a reading unit for contactless electronic identification, the characteristics of which are set out in claim 23.
  • the subject of the present invention is a transponder, the characteristics of which are set out in claim 29, as well as a portable object comprising such a transponder.
  • An advantage of the present invention lies in the fact that a user wishing to access several separate applications, will only need a single transponder to access these multiple applications. According to the present invention, a user has in particular a great flexibility of choice vis-à-vis the various applications available to him.
  • Another advantage of the present invention lies in the fact that the security between the various applications is nevertheless guaranteed and that the data of an application developed by a service provider cannot be altered by another application.
  • the security of the application data is also ensured by adequate encryption of these various data, in particular on the basis of a code specific to each transponder, such as a unique serial number of each transponder.
  • the application data are stored in memory segments determined from the transponder and an additional memory segment is provided to contain directory data indicating which applications are stored on the transponder as well as their position in memory.
  • the means for storing the transponder further comprise a memory segment comprising data relating to a validity over time of the application concerned, the reading unit comprising meanwhile clock means for determining the expiry of the validity of the application concerned and allowing, in the case where the application concerned has expired, a release of the corresponding memory part of the memory space of the means for memorizing the transponder.
  • the transponder does not have, so to speak, any particular “intelligence”. According to the invention, it is the reading unit which ensures the management and the security of the various applications, as well as the encryption and decryption of the data. It will be understood that this is a particularly important advantage in that the reading unit is typically managed by the operator of the application and can be physically placed in places that are perfectly under control. Other characteristics and advantages of the present invention will appear more clearly on reading the detailed description which follows, given with reference to the appended drawings given by way of nonlimiting examples and in which:
  • FIG. 1 shows a block diagram of an information carrier or transponder used in the context of the present invention
  • FIG. 2 shows an architecture of the transponder memory in the context of the present invention
  • FIG. 3 shows the general architecture of a reading unit according to the present invention arranged to converse with said transponder
  • FIG. 4a to 4c illustrate different operating phases of the reading unit of Figure 3 during communication with a transponder
  • FIG. 5 shows a simplified block diagram of the reading unit of Figure 3;
  • FIG. 6 schematically shows a diagram of the software modules of the reading unit
  • FIG. 7 schematically illustrates the structure of an application identifier in the context of the present invention.
  • FIG. 8 illustrates a network implementation of the identification system electronics according to the present invention.
  • FIG. 1 shows a block diagram of an information carrier or transponder for contactless identification system.
  • a transponder is for example marketed by the company EM Microelectronic-Marin SA under the reference P4150 "1 KBit READ / WRITE CONTACTLESS IDENTIFICATION DEVICE”.
  • P4150 1 KBit READ / WRITE CONTACTLESS IDENTIFICATION DEVICE.
  • Figure 1 is a schematic representation of this transponder circuit marketed by the aforementioned company.
  • This transponder typically arranged to operate at a frequency of the order of 125 kHz, is in particular arranged to cooperate with a reading interface such as the interface marketed by this same company EM Microelectronic-Marin SA under the reference P4095 "READ / WRITE ANALOG FRONT END FOR 125kHz RFID BASESTATION ", the publicly available technical specification of which is also incorporated here by reference. It will be noted that the use of the above-mentioned components is in no way limiting and that other similar components could be used provided that they make it possible to fulfill the functions which will be set out below.
  • the transponder is supplied by the ambient electromagnetic field, a field which induces a voltage at the terminal of a coil 1 1 of the antenna circuit. This voltage is rectified by an AC / DC rectifier block 12 and supplies the supply voltage + V necessary for the operation of the device. Voltage regulation means 13 as well as a power-up control block 14 ensure adequate initialization of control logic 15 of the circuit.
  • the transponder 1 further comprises clock extraction means 16 making it possible to derive from the electromagnetic field a clock signal ensuring the timing of the control logic 15, data extraction means 17a making it possible to extract data modulated on the electromagnetic field, as well as a decoder block of commands 17b.
  • the transponder 1 also comprises storage means 18, notably consisting of a reprogrammable EEPROM memory and a ROM read-only memory, and associated encoding 19a and modulation 19b means making it possible to modulate and transmit information stored in said transponders.
  • storage means 18 FIG. 2 schematically shows the architecture and organization of the storage means 18 of the transponder 1 illustrated in FIG. 1.
  • these storage means 18 comprise in particular a memory EEPROM as well as a ROM read-only memory.
  • the EEPROM memory is made up, without limitation, of a 1024 bit EEPROM memory organized in thirty-two 32 bit words (words 0 to 31 in FIG. 2).
  • the storage means 18 also comprise, always without limitation, two additional 32-bit words (words 32 and 33 in FIG.
  • ROM read-only memory (cf. in particular the specification of the aforementioned component P4150) .
  • These two ROM memory words 32 and 33 respectively contain a DEVICE SERIAL NUMBER and a DEVICE IDENTIFICATION identification number which are unique, that is to say specific to each transponder.
  • the first three 32-bit words are respectively assigned to a password designated PASSWORD, to a protection word designated PROTECTION WORD, and to a control word designated CONTROL WORD.
  • the password PASSWORD is in writing only and cannot be read from the outside. This PASSWORD password must typically be transmitted to the transponder if one wishes to modify the protection word PROTECTION WORD and / or the control word CONTROL WORD.
  • the CONTROL WORD control word notably defines which words from the memory are read during a spontaneous or standard read operation (this operation is defined as "Standard Read Mode" in the aforementioned product specification P4150) which is carried out from when the circuit is activated by the emission of an ambient electromagnetic field.
  • bits 0 to 7 (First Word Read - FWR) and 8 to 15 (Last Word Read - LWR) of the control word CONTROL WORD respectively define the first and last words read during the standard read operation "Standard Read Mode" (hereinafter "Standard Read")
  • bit 16 Password Check On / Off
  • bit 17 Read After Write On / Off
  • bits 18 to 31 are typically available to the user.
  • the protection word PROTECTION WORD defines which words in memory are protected in read and / or write.
  • the bits 0 to 7 (First Word Read Protected) and 8 to 15 (Last Word Read Protected) of the protection word PROTECTION WORD respectively define the first and last words protected in reading
  • bits 16 to 23 (First Word Write Inhibited) and 24 to 31 (Last Word Write Inhibited) define the first and last write protected words respectively.
  • the memory space composed in this example of the twenty-nine memory words 3 to 31 of the EEPROM (in this example 928 bits) is available in particular for the user and forms a user memory space 180 designated USER EEPROM.
  • additional data relating to the transponder can also be stored in this memory space.
  • This additional data may for example include the date of issue and the duration of validity of the transponder, a signature ensuring the origin of the transponder, or other data relating to the identification and validity of the transponder itself.
  • the memory space 180 includes a memory segment 186 containing data designated TAG IDENTIFICATION making it possible to verify that the transponder is affiliated with the identification system, that is to say that it is indeed a transponder managing several applications according to the present invention, as well as the time validity of this transponder and its origin (signature).
  • memory segments 181 and 182 could be allocated to a first application (or a first group of applications) of a first operator, and the segments 183 and 184 to applications of two other operators.
  • the memory space furthermore comprises an additional memory segment 187 for containing directory data designated DIRECTORY providing an indication of the applications stored on the transponder and their position in memory. More specifically, this designated directory data
  • DIRECTORY includes data (application identifiers or descriptors, hereinafter APPL. IDENTIFIER) relating to the applications used and stored in the memory space. Each application is associated with a separate application identifier, the characteristics of which will be presented below.
  • the remaining memory words are preferably reserved for storing additional data relating to the transponder (as mentioned above) or to the stored applications.
  • the additional data relating to the applications can advantageously include data 185 (designated APPL. VALIDITY) relating to the validity of the stored applications, for example the period of validity of the application or applications concerned. As will be seen later, this validity data can advantageously allow the release of part of the memory space allocated to an application which has expired.
  • the application data APPL. DATA i and preferably DIRECTORY directory data, TAG IDENTIFICATION transponder identification data as well as APPL application validity data.
  • VALIDITY are encrypted at least by means of a first coding key, coding key which is known and visible only for the reading unit.
  • the security and confidentiality of the data is strictly speaking ensured by the reading unit of the identification system.
  • the data stored on the transponder are perfectly readable during communication between the transponder and the reading unit but only in encrypted form, the encryption and decryption of this data being carried out by the reading unit only, by means of one or more coding keys as will be seen below.
  • the programming of words 0 to 2 is typically carried out by the manufacturer of the reading unit.
  • the two ROM memory words 32 and 33 are programmed during manufacture by the manufacturer of the transponder.
  • the remaining memory words are programmable in particular (but not only) by the user (in particular by the operator (s) or application suppliers), the programming of certain memory words (such as data TAG IDENTIFICATION or DIRECTORY directory data) being under the control of the reading unit.
  • the control word CONTROL WORD can advantageously be defined so that the identification data of the TAG IDENTIFICATION transponder (memory segment 186), the directory data DIRECTORY (memory segment 187), as well as the serial number DEVICE SERIAL NUMBER and the identification number DEVICE IDENTIFICATION of the transponder (memory words 32 and 33 in ROM) are automatically read during the above-mentioned "Standard Read" reading operation.
  • the APPL validity data. VALIDITY of memory segment 185 could also be automatically transmitted by the transponder. In this case, it is preferable to organize the abovementioned data so that the memory positions of these data are contiguous as schematically illustrated in FIG. 2.
  • FIG 7 schematically illustrates the structure of an APPL application identifier.
  • IDENTIFY in the context of the present invention.
  • IDENTIFY is a word or code of a determined length (for example a 32-bit word) used to identify the application concerned and the operator of this application.
  • this identifier preferably consists of a number of the operator concerned (USER NUMBER - for example a 24-bit code) followed by a number of the application or service of this operator (SERVICE NUMBER - by 8-bit code).
  • USER NUMBER - for example a 24-bit code
  • SESVICE NUMBER - by 8-bit code the manufacturer of the reading unit provides each operator of the system with a unique customer number and allocates them, according to their needs, the number of desired applications.
  • Each operator of the system thus has, for each of its applications, an application identifier which is specific to it and which cannot be used by another operator of the system.
  • the authorization system used in the context of the present invention allows a clear and total division between each operator as well as between each application.
  • each application (from the same operator or from different operators) is associated with a separate application identifier APPL. IDENTIFY.
  • This identifier is stored, with the other possible application identifier (s) in a specific memory segment, distinct from the memory segments intended for storing the application data, namely the directory segment (segment 187 in FIG. 2) containing the DIRECTORY directory data.
  • This DIRECTORY directory data makes it possible, on the one hand, to identify which applications are stored on the transponder and, on the other hand, to specify in which memory segment (s) the application data of these applications are stored.
  • This DIRECTORY directory data greatly facilitates the identification and localization of the application data stored on the transponder. In this way, it is no longer necessary to browse through all of the stored data to check whether the clean data has a specific application are present
  • reading unit we will describe the general architecture of a reading unit according to the present invention.
  • reading unit we will understand both a unit arranged to allow only reading of a transponder that a unit arranged to allow both reading and programming of a transponder
  • P4150 the product of the product P4150 mentioned above to obtain a general description of a reading unit arranged to carry out operations for reading and / or writing a transponder
  • the architecture and the organization of the reading unit according to the present invention are shown diagrammatically, generally indicated by the reference numeral 5.
  • the architecture of this reading unit essentially consists of three distinct parts, namely (1) a protected management module (or operating system) 50, (2) a protected memory 60, and (3) an application memory 70
  • the management module 50 is program and code by the manufacturer of the reading unit and is not accessible by the application II is in connection with a writing / reading interface 51 of the transponder, control and processing means 52 and encryption means / decryption 53 allowing the encryption, respectively the decryption, of data from one or more coding keys
  • a basic coding used for the encryption of the data is advantageously derived from the serial number e unique of each transponder (or any other unique code unique to each transponder) In this way the encryption of the data on the transponder is unique for each transponder, thus preventing a transponder containing a simple copy of the data from another transponder of the system can be used
  • Protected memory 60 is used for encryption of information and management of the transponder memory. This protected memory is not accessible. through the app. It includes various memory fields intended in particular to allow the memorization of the data relating to the serial number of the transponder, its validity, and to the application data.
  • the application memory 70 is made available to the application 75 and contains the information relating to it.
  • it includes memory fields intended in particular to store data relating to the identification of the transponder (in particular its serial number) and unencrypted data of the application.
  • the protected part 50, 60 of the reading unit includes the application identifier (s) of the applications for which the reading unit is configured. Note that this or these application identifiers could alternatively be stored in unprotected memory.
  • FIG. 5 shows a general block diagram of the reading unit, the general architecture of which has been presented above.
  • the reading unit 5 notably comprises an antenna 100 making it possible to interrogate the system's transponders remotely, a "front-end CID" part 110 for controlling the antenna 100, a power supply 120 (external or internal), a external connection interface 130 (typically comprising RS232, RS485 and / or USB connectors), an I / O input / output interface 140, and a microcontroller 150 comprising in particular storage means 155 (FLASH, EEPROM, RAM), a "watch dog", a serial interface, and communication pilots.
  • the "CID front-end” 110 is based on a circuit marketed by the company EM Microelectronic-Marin SA under the name P- 4095 "READ / WRITE ANALOG FRONT END FOR 125kHz RFID BASESTATION" including the public technical specification is incorporated by reference.
  • This part 1 10 and the antenna 100 form the write / read interface 51 ( Figure 3) with the transponder.
  • the reading unit 5 can comprise an application microcontroller 160 with additional memory, a real-time clock RTC 170, a buzzer 180, and an internal control interface 190 for example for a keyboard and / or a display. LCD.
  • the real-time clock RTC 170 can be used to determine the expiration of the validity of an application used (on the basis of the validity data APPL. VALIDITY mentioned above) for example in order to free up space. memory on the transponder.
  • the reading unit 5 can be provided as an extension of a computer terminal (in the form of an extension card or a peripheral) or in the form of a "stand alone" unit, that is to say a unit which does not require specific interfacing with a computer terminal.
  • the reading unit can perfectly be connected to a local or extended computer network and form a secure access interface for accessing data stored on a server of this network.
  • access systems for computer networks are already known comprising a smart card reader connected to a computer terminal for reading the personal access keys of a user stored on this smart card.
  • the identification system according to the present invention can thus be used, in the context of such an application, to replace the reader and the smart card.
  • FIG. 8 A particularly advantageous network implementation of the identification system according to the present invention is illustrated in FIG. 8.
  • at least one reading unit 5 is connected to a computer network (local or wide area) 800 by means of a computer terminal 80.
  • At least one server 85 accessible from the computer terminal 80 is also connected to the network 800, this server 85 containing for example a centralized database to which a user carrying a transponder 1 according to the present invention is eager to access.
  • the server itself is equipped or connected to a separate unit, designated 5 *, the functionalities of which are substantially similar to the read unit 5, apart from the write / read interface with the transponder.
  • This second unit 5 * can advantageously contain an application identifier common with the reading unit 5 of the transponder 1 (this application identifier may be different from the application identifier used to ensure communication between the communication unit reading 5 and transponder 1). According to this implementation, an authentication process is provided between the reading unit 5 of the transponder and the unit 5 * connected to the server.
  • the additional unit 5 * connected to the server 85, can in particular be arranged to ensure the encryption of the data transmitted to the reading unit 5.
  • secure access to data stored by the server 85 can thus be ensured, at a first level, by authentication between the transponder 1 and the reading unit 5, and, at a second level, by authentication between the reading unit 5 and the unit 5 * connected to the server.
  • a third level of security can be achieved by equipping the reading unit 5 and / or the transponder 1 with means for entering a personal identification code (PIN) or for measuring means. of a biometric size.
  • PIN personal identification code
  • access to the data stored on the server 85 requires the authorization of a multitude of successive mechanisms, interconnected in the manner of links in a chain.
  • the antenna 100 can be placed in the immediate vicinity of the reading unit or in a position remote from this reading unit, the latter solution advantageously making it possible to have the reading unit in a protected place outside of of any user.
  • the functions of the management module 50 are provided by the microcontroller 150.
  • the storage means 155 of the microcontroller 150 are segmented to fulfill the functions of the protected memory 60 and the memory d application 70.
  • FIG. 6 briefly summarizes the various software modules implemented in the microcontroller 150 of the reading unit.
  • a first layer or “primitives”, provides the basic functions of various components of the reading unit, namely:
  • Initialization Initialization of the processor and general modules. The initialization of the application is done by itself through the operating module,
  • DDoowwnnllooaadd programs for programming the configuration and keys of the application (EEPROM) and their protection.
  • COMM driver communication driver between the reading unit and the application (the application can reside in internal, external memory or in another processor),
  • EXT driver driver for communication with the outside world (asynchronous or synchronous serial interface),
  • I / O driver driver for parallel inputs and outputs (keys and relays).
  • D Drriivveerr RRTTCC :: RTC (Real Time Clock) control.
  • Tests test programs for commissioning and customer service.
  • TAG interface controls reading and writing of the TAG (transponder).
  • C Crryyppttoo encryption programs. These algorithms use fixed or application-defined encryption keys.
  • TAG manager Cash security multi-application management algorithms: algorithms for securing transactions and data.
  • Error control error handling
  • Appl. control application control.
  • Key application encryption keys.
  • a third layer, or application layer provides the functions specific to each application, this layer being able to reside in protected or unprotected memory, and to be resident or external to the reading unit proper. The management of an application by the reading unit can take place in several phases depending on the type of application and transaction to be carried out:
  • This phase is sufficient for applications requiring only identification (in the case of a centralized database for example).
  • the reading unit reads the memory area dedicated to this application (according to the "Selective Read” process presented in the specification of the EM P-4150 product), and transmits the information to it after decryption . In the case of a subscription type application, this phase ends the transaction.
  • the read unit writes to the transponder memory (after encryption) the information modified by the application.
  • the smooth running of the operation is controlled by decoding an ACK receipt transmitted by the transponder.
  • Standard Read essentially consists of a transmission, from the transponder to the read unit, of the memory words defined by the first and last memory words FWR and LWR defined. in the CONTROL WORD control word of the transponder as mentioned above
  • the standard read operation can consist of a transmission of the identification data of the TAG IDENTIFICATION transponder (memory segment 186), that is to say the transmission of encrypted identification data comprising in particular the serial number crypt, signature, and validity of the transponder
  • This information is stored in memory in the reading unit
  • the above-mentioned standard reading operation can be followed by a selective read request ("Selective Read") aimed at request additional transmission by the transponder of additional data, in particular the content of the memory word relating to the non-encrypted serial number DEVICE SERIAL NUMBER (word 32 in figure 2) of the transponder
  • the selective read operation is also described in detail in the technical documentation for the aforementioned P4150 product. Suffice it to say that the selective read operation is used to read data other than the data defined by the control word CONTROL WORD (words between FWR and LWR in the "Standard Read")
  • the reading unit In order to enter selective reading mode (“Selective Read") the reading unit must transmit a command (designated " Receive Mode Pattern "RM) during a read window (designated” Listen Window “LIW) in order to activate the transponder reception mode
  • a selective read command (“ Selective Read Mode Command ") is then transmitted by the reading, followed by the addresses of the first and last memory words to be read For the rest, the selective reading mode behaves like the aforementioned standard reading mode (“Standard Read”)
  • the selective reading request (“ Selective Read ") can also aim, if necessary, to request the transmission of the words directory memory DIRECTORY (memory segment 187 in FIG. 2)
  • the standard reading operation could advantageously consist of a transmission of all of the validity data of the APPL VALIDITY applications, of the identification data of the TAG IDENTIFICATION transponder, of the DIRECTORY directory data and the DEVICE SERIAL NUMBER serial number stored in ROM, this data then being placed in memory contiguously.
  • this identification phase preferably consists of a reading (S1), following activation of the transponder, of the TAG IDENTIFICATION identification data stored in the memory segment 186 of the transponder (cf. 2) and the serial number of the DEVICE SERIAL NUMBER transponder stored in ROM (word 32 in figure 2).
  • the TAG IDENTIFICATION identification data include an image of the serial number of the DEVICE SERIAL NUMBER transponder coded using a specific coding key unique to the transponder as well as information concerning the validity over time of this transponder.
  • the transponder identification process thus continues (S2) with a step of decrypting the TAG IDENTIFICATION identification data, then (S3) a comparison of the decrypted data with the serial number as well as (S4) an examination of the validity of the transponder. If the results of these checks are positive, the communication process can continue. Otherwise, the process is interrupted.
  • the identification phase may be sufficient in certain applications, such as access control applications where only the identification of the transponder is required to authorize access.
  • the identification process can advantageously implement a mutual authentication process between the reading unit and the transponder.
  • Such authentication processes are well known to those skilled in the art and will therefore not be described here.
  • step S5 reading the DIRECTORY directory data recorded on the transponder.
  • this DIRECTORY directory data can be read initially in step S1 above or alternatively be the subject of a request for selective reading.
  • step S6 this directory data DIRECTORY are decrypted by the reading unit in order to extract and identify the various application identifiers mentioned above indicating for which applications the transponder is configured.
  • steps S5 to S7 mentioned above are preferably also provided for reading, decrypting and checking the validity data (APPL. VALIDITY) of the applications of the transponder, and, in the event that the application considered is no longer valid, to free the memory space occupied by this application and interrupt the communication process (or possibly take the necessary steps for updating the data relating to this application).
  • the validity data (APPL. VALIDITY) of the applications of the transponder
  • the communication process normally continues by reading the application data specific to the application concerned.
  • the memory position of the application data of the application concerned namely the memory segment or segments in which this data is recorded), or more exactly the memory address of this data, is contained in the data.
  • Step S8 thus typically consists, in the present case, of a request for selective reading ("Selective Read") of the data specific to the application concerned.
  • This application data is again decrypted (step S9) and transmitted to the application.
  • the communication process can be interrupted, in certain applications, either at the end of step S7 or at the end of step S8. Certain applications may indeed be interrupted as soon as the presence of the application concerned has been detected or as soon as certain data specific to this application have been loaded by the reading unit (without requiring any subsequent modification of this data) .
  • the flow diagram of FIG. 4c shows the final phase of the communication process which normally consists (S10) in a modification by the application concerned of the loaded application data, followed by (S1 1) the encryption of the modified data and (S12 ) their writing in the transponder's memory.
  • a step final verification (S13) can also typically be carried out in order to ensure that the data have been correctly transmitted.
  • the aforementioned product P4150 uses, as an example of a transponder in the context of the present invention, the agency for transmitting ACK or NAK receipt depending on whether or not the data transmitted satisfies tests carried out by the transponder (such as parity tests as widely discussed in the technical specification of this product) In the event of an error, the process of writing is repeated
  • the encryption and decryption of the transponder data is carried out at least by means of a coding first
  • a basic key derived from the unique serial number of the transponder is used
  • An additional coding key preferably derived from the memory position of the data can be used to encrypt and decrypt the application data recorded in the application segments (segments 181 to 184 in FIG.
  • an encoding key derived from the identifier application can be used to encrypt and decrypt the same application data
  • the operator of the reading unit and of the application is perfectly capable of using other additional coding keys to encrypt certain data specific to its application
  • various encryption algorithms can be envisaged such algorithms based on or derived from standards such as DES or triple DES
  • PIN personal identification code
  • means for measuring a biometric quantity such as a fingerprint or the voice for example
  • the transponder can easily be incorporated into a portable object such as a wristwatch.
  • a portable object such as a wristwatch.
  • SWATCH registered trademark
  • this wristwatch can be used in the context of the identification system according to the invention after formatting the memory of the transponder according to what has been stated above.
  • Other examples of embodiments of such portable objects are known to those skilled in the art. We can for example refer to document EP 0 844 685 in the name of the company

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Artificial Intelligence (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Storage Device Security (AREA)
EP01973948A 2000-10-23 2001-10-23 Kontaktloses elektronisches identifizierungssystem Withdrawn EP1332478A2 (de)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP01973948A EP1332478A2 (de) 2000-10-23 2001-10-23 Kontaktloses elektronisches identifizierungssystem

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
EP00203702 2000-10-23
EP00203702 2000-10-23
PCT/CH2001/000629 WO2002035464A2 (fr) 2000-10-23 2001-10-23 Systeme d'identification electronique sans contact
EP01973948A EP1332478A2 (de) 2000-10-23 2001-10-23 Kontaktloses elektronisches identifizierungssystem

Publications (1)

Publication Number Publication Date
EP1332478A2 true EP1332478A2 (de) 2003-08-06

Family

ID=8172178

Family Applications (1)

Application Number Title Priority Date Filing Date
EP01973948A Withdrawn EP1332478A2 (de) 2000-10-23 2001-10-23 Kontaktloses elektronisches identifizierungssystem

Country Status (4)

Country Link
US (1) US20040025035A1 (de)
EP (1) EP1332478A2 (de)
AU (1) AU2001293609A1 (de)
WO (1) WO2002035464A2 (de)

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10155092B4 (de) * 2001-11-09 2006-10-05 Siemens Ag Freischaltverfahren für einen Nutzteil eines Computerprogramms und zugehörige Einrichtungen
US7920827B2 (en) * 2002-06-26 2011-04-05 Nokia Corporation Apparatus and method for facilitating physical browsing on wireless devices using radio frequency identification
EP1498841B1 (de) * 2003-07-14 2010-03-24 EM Microelectronic-Marin SA Schaltkreis für einen Mehrzwecktransponder und Verfahren zur Speicherverwaltung desselben
US7373109B2 (en) * 2003-11-04 2008-05-13 Nokia Corporation System and method for registering attendance of entities associated with content creation
JP4666943B2 (ja) * 2004-04-23 2011-04-06 株式会社エヌ・ティ・ティ・ドコモ Idタグ、タグリーダ、idタグセキュリティシステム及びidタグ送信復元方法
CN100375102C (zh) * 2004-11-30 2008-03-12 国际商业机器公司 非接触卡读卡器和信息处理系统
US7822793B2 (en) * 2005-04-01 2010-10-26 Microsoft Corporation User data profile namespace
US7501932B2 (en) * 2005-06-06 2009-03-10 Intermec Ip Corp. System and method of reading from and/or writing to an RF transponder
US7748031B2 (en) 2005-07-08 2010-06-29 Sandisk Corporation Mass storage device with automated credentials loading
US8322608B2 (en) * 2005-08-15 2012-12-04 Assa Abloy Ab Using promiscuous and non-promiscuous data to verify card and reader identity
US7536540B2 (en) * 2005-09-14 2009-05-19 Sandisk Corporation Method of hardware driver integrity check of memory card controller firmware
ATE416432T1 (de) * 2006-05-16 2008-12-15 Em Microelectronic Marin Sa Verfahren und system zur authentifizierung und zum sicheren austausch von daten zwischen einem personalisierten chip und einem dedizierten server
TWI319161B (en) * 2006-10-05 2010-01-01 Mstar Semiconductor Inc Radio frequency identification chip and setting/identifying method applied to the same
EP2075743B1 (de) * 2007-12-27 2010-06-30 EM Microelectronic-Marin SA Elektronischer Schaltkreis für nicht initialisierten Anrufbeantworter bei Einschaltung der Versorgungsspannung
BRPI0822642A2 (pt) * 2008-05-26 2015-06-23 Nxp Bv Transponder, leitor, meio legível em computador, bem como elemento de programa para ocultação de e método de ocultação de aplicativos
US8484351B1 (en) 2008-10-08 2013-07-09 Google Inc. Associating application-specific methods with tables used for data storage
US8810369B2 (en) * 2008-11-19 2014-08-19 Intermec Ip Corp Finding sensor data in an RFID network
US9626304B2 (en) * 2014-10-21 2017-04-18 Sandisk Technologies Llc Storage module, host, and method for securing data with application information
CN114604298B (zh) * 2022-05-12 2022-09-09 北京全路通信信号研究设计院集团有限公司 Rm模式的列车安全防护方法和装置、车载设备及介质

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2776153A1 (fr) * 1998-03-10 1999-09-17 Ordicam Rech Et Dev Procede pour l'identification securitaire d'une personne et dispositif portatif pour la mise en oeuvre du procede

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2164825B (en) * 1984-09-19 1988-05-11 Satellite Video Systems Ltd Coded transponder for indentification system
EP0332117B1 (de) * 1988-03-09 1994-05-11 Kabushiki Kaisha Toshiba Tragbarer elektronischer Apparat
GB8827288D0 (en) * 1988-11-22 1988-12-29 Byron R S Articles to be worn
DE3906349A1 (de) * 1989-03-01 1990-09-13 Hartmut Hennige Verfahren und vorrichtung zur vereinfachung des gebrauchs einer vielzahl von kreditkarten u. dgl.
CA2147824A1 (en) * 1992-10-26 1994-05-11 Johannes Marinus George Bertina Host and user transaction system
US5721781A (en) * 1995-09-13 1998-02-24 Microsoft Corporation Authentication system and method for smart card transactions
JP4071285B2 (ja) * 1996-03-11 2008-04-02 カバ シュリースシステーメ アーゲー パッシブ型電子データキャリアを持つ識別媒体
US6488211B1 (en) * 1997-05-15 2002-12-03 Mondex International Limited System and method for flexibly loading in IC card
US6230267B1 (en) * 1997-05-15 2001-05-08 Mondex International Limited IC card transportation key set
US6014745A (en) * 1997-07-17 2000-01-11 Silicon Systems Design Ltd. Protection for customer programs (EPROM)

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2776153A1 (fr) * 1998-03-10 1999-09-17 Ordicam Rech Et Dev Procede pour l'identification securitaire d'une personne et dispositif portatif pour la mise en oeuvre du procede

Also Published As

Publication number Publication date
AU2001293609A1 (en) 2002-05-06
WO2002035464A2 (fr) 2002-05-02
US20040025035A1 (en) 2004-02-05
WO2002035464A3 (fr) 2003-05-01

Similar Documents

Publication Publication Date Title
EP1332478A2 (de) Kontaktloses elektronisches identifizierungssystem
EP1004100B1 (de) Tragbare elektronische vorrichtung für systeme zur gesicherten kommunikation und verfahren zur initialisierung der parameter
EP1857953B1 (de) Verfahren und System zur Authentifizierung und zum sicheren Austausch von Daten zwischen einem personalisierten Chip und einem dedizierten Server
CA2171626C (fr) Systeme de controle d'acces limites a des plages horaires autorisees et renouvelables au moyen d'un support de memorisation portable
EP1253504B1 (de) Verfahren zur Anwendung von Software und Informationssystem zur Anwendung dieses Verfahrens
EP0426541B1 (de) Verfahren zum Schutz gegen betrügerischen Gebrauch einer Mikroprozessor-Karte und Vorrichtung zur Durchführung
CZ294507B6 (cs) Zařízení a způsob podmíněného přístupu
FR2613856A1 (fr) Systeme d'enregistrement d'informations
WO1991017528A1 (fr) Procede et dispositif de transaction entre un premier et au moins un deuxieme supports de donnees et support a cette fin
EP0425053A1 (de) Datenverarbeitungssystem mit Beglaubigungsmittel einer Speicherkarte, elektronische Schaltung zur Verwendung in diesem System und Verfahren zum Betreiben dieser Beglaubigung
WO2008065265A2 (fr) Procede et dispositif de personnalisation d'une entite electronique portable
KR20120112598A (ko) 범용 카드 시스템의 실현 방법과 시스템 및 스마트 카드
EP1238340A2 (de) Informatikvorrichtung für die anwendung bestätigter angaben auf eine software oder auf einen dienst
CN100470574C (zh) 网络信息保护方法以及存储介质
FR2765979A1 (fr) Terminal informatique individuel susceptible de communiquer avec un equipement informatique d'une facon securisee, ainsi qu'un procede d'authentification mis en oeuvre par ledit terminal
EP1749415B1 (de) Verfahren zur sicherung von einrichtungen wie etwa mobilen endgeräten und solche einrichtungen umfassende gesicherte baugruppen
EP1857966A1 (de) Tragbarer Gegenstand mit einem personalisierten Mikrochip geeignet um von einem externen Leser abgehört zu werden und Transponder für einen solchen tragbaren Gegenstand
EP0568438B1 (de) Verfahren zum Sichern von ausführbaren Programmen gegen die Benutzung durch eine unbefugte Person und Sicherheitssystem für seine Anwendung
WO2003005311A1 (fr) Procede et dispositif de traitement de donnees pour la personnalisation d'une application sur un dispositif communicant portatif, par exemple une carte a puce
EP1365362B1 (de) Kontaktloses elektronisches Identifikationssystem
FR2710769A1 (fr) Système de traitement des données d'une carte à microcircuit, carte et lecteur pour ce système et procédé de mise en Óoeuvre.
WO2005066904A1 (fr) Module electronique notamment pour terminal de paiement electronique
FR2730076A1 (fr) Procede d'authentification par un serveur du porteur d'un objet portatif a microprocesseur, serveur et objet portatif correspondants
CN114650174B (zh) 一种个人财产信息的继承方法、装置和设备
FR2834366A1 (fr) Carte a puce autoverrouillable, dispositif de securisation d'une telle carte et procedes associes

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR

AX Request for extension of the european patent

Extension state: AL LT LV MK RO SI

17P Request for examination filed

Effective date: 20031103

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20061004

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20070215