FR2768533A1 - Secure data processing for execution of electronic transactions - Google Patents

Abstract

The smart card memory contains rules for execution of and calculation in a transaction. The processor on the smart card controls the calculation in accordance with these rules and controls execution of the transaction via the communication path between smart card and reader. The processor can also calculate a chance value as a function of a predetermined probability and allow or disallow a transaction on the basis of this risk for use in electronic gaming machines.

Description

 The invention relates to data processing systems using a device, in particular a portable microcircuit object, for executing an electronic transaction.

 Although in the following, the term "card" will be used for the portable object - since this is the most widespread form in practice - the invention is in no way limited to the specific case of a card. microcircuit, and it is possible to envisage other portable objects as well (for example a key, a plug-in module, etc.) as soon as this portable object comprises a microcircuit operating in accordance with the teachings of the invention.

 The microcircuit cards conventionally comprise a data memory, means of communication with the outside and logic control and calculation means cooperating with the data memory and the communication means.

 Communication with the outside takes place with a transfer device (which, for convenience, we will simply call "card reader" or "reader"), which can be both a stand-alone reader and a terminal connected for example to a remote processing center This reader can take various forms, a small portable reader, a computer peripheral, a stand-alone machine, an appropriately programmed personal computer, a reading terminal, an ATM, etc.

 The communication between card and reader can be carried out both by means of galvanic contacts (so-called "contact" technology) and by remote transmission, for example by magnetic or electromagnetic waves (so-called "contactless" technology).

 However, it will be seen that the invention is not limited to the case of a system comprising, on the one hand, a portable object, on the other hand, a reader, but also applies to the case where these two organs are integrated into a single device, that is to say where the microcircuit device includes means for entering data (typically a keyboard) and a display for presenting messages or calculation results to the user. So, each time we talk about "card" (or "portable object") and "reader", we will understand the case where it is a card insertable in a reader, but also the case where card and reader constitute only one and the same object.

 The control and calculation logic of the card can be both wired logic and microprogrammed logic. The latter solution is often chosen for its various advantages, both in terms of performance, variety of configurations and the possibility of modifying the microprocessor software according to the diversity of needs and changes over time.

 Microcircuit cards are subject to numerous protective measures, both logical and physical, which provide them with very high intrinsic security.

 Thus, certain areas of the memory may be non-modifiable once written, others may be impossible to read from the outside, therefore reserved exclusively for the internal use of the logic of the card, as is for example the cases for passwords, encryption keys or cryptographic calculation results, etc.

 On the physical level, the cards are designed to make it extremely difficult to read or modify the memory outside of the access by the planned communication channel (galvanic contacts, coupling coils) and the rules fixed by the control logic. : realization in a single chip to limit the size of the interconnections between logic and memory, permutation according to a secret order of these interconnections, circuits for monitoring physical conditions (supply voltage, clock frequency, temperature, lighting, etc. .), circuits which may prohibit any implementation outside the nominal operating conditions of the control and calculation logic, etc.

 On the other hand, the intrinsic security of readers is much less.

 Indeed, a reader is not produced monolithically in a single chip but comprises various components, interconnections, links, etc. that a fraudster may be tempted to study to understand how it works. Of course, readers often understand, when necessary, a "security module" which is a special module protected both physically and electronically against intrusion attempts by fraudsters who would like to try to find a secret key or an encryption algorithm kept in this module. But this precaution does not prohibit a fraudster in possession of a reader from trying to operate it illegally to exchange unauthorized (but technically compliant) information with the card: reloading an area "wallet", selective deletion of a transaction history, changes to the rights attached to the card, etc.

 The same problem arises for other types of readers, for example gaming machines or bank terminals. In this case, security needs are generally met by a resistant formwork, shielding or other expensive and impractical mechanical protection.

 One of the aims of the invention is to propose a new concept of a system for processing monetary transactions, in particular by microcircuit card, which makes it possible, among other things, to remedy the aforementioned drawbacks, while also providing various additional advantages that the 'we will expose later.

Essentially, the system of the invention is a system comprising, integrated into the same microcircuit, a data memory, means of communication with the outside of the microcircuit, and logic control and calculation means, cooperating with the memory of data and means of communication. Characteristically of the invention: - the data memory contains the calculation and execution rules
the transaction to be executed; - the logical means operate this calculation in the microcircuit in function
tion of the said rules contained in the data memory - the logical means
calculate a transaction amount and order execution
of the transaction based on the amount calculated in the microphone
circuit,
and or
calculate a hazard based on a predetermined probability and
order or not the execution of the transaction of an amount
predetermined on the basis of the hazard calculated in the microcircuit.

 The invention starts from the observation that, in all known systems, the decision to execute the transaction is, totally or partially, taken by the reader.

 Indeed, the card (more precisely, its microcircuit) only plays a subsidiary role (verification of a password, calculation of a cryptographic certificate, limitation of the value of an electronic wallet, etc.) , the final decision being always taken by the reader, with a master o slave relation which is a reader <card relation.

 Thus, in an example of a “electronic wallet” or “token holder” type system, or even in an electronic payment system, the amount of the debit or credit is communicated to the reader by an external agent (for example by the merchant) or calculated by the reader (for example the calculation of the amount of a transport ticket), the amount thus determined is then applied to the card for the execution of the debit / credit transaction. It is therefore necessary to take precautions against the alteration of this amount at the reader, for example to avoid excessive recharging of the card when the latter can be recharged by the reader.

 A comparable example is that of electronic lotteries, in which the reader plays the role of the "slot machine", the coin mechanism being replaced by the electronic purse of the card: the player applies to the reader his possible stakes and orders the launch lottery. The reader debits the card with a predetermined amount or the amount of the stake, carries out a random or pseudo-random draw and determines the possible gain of the player according to this draw and possibly other elements introduced into the reader, such than a player's bet or action. In the event of success, the reader pays the gain to the player in the form of an increment of the electronic purse.

 We understand that this reader contains the cryptographic keys allowing, in the event of gain of the player, to reload any card likely to be inserted in the reader and that, to avoid frauds, the reader must be physically protected against interventions aimed at improperly reloading the card, for example by influencing the draws.

 These security constraints are a major drawback to the development of electronic lotteries, let alone portable electronic lotteries (a more detailed analysis of the risk inherent in this type of application is given below).

 The new concept of the invention, which essentially proposes to reverse the master / slave ratio in the system by making the card (or, more precisely, the microcircuit) master of the system, makes it possible to overcome these drawbacks.

 By incorporating into the microcircuit the rules of calculation and execution of the transaction and by implementing in this microcircuit the stages of the decisional process of the transaction (determination of the amount of the transaction and / or decision to perform or not a given action ), we benefit from the maximum physical protection provided by the microcircuit.

 In addition, even supposing that a fraudster manages to bypass the security of the card microcircuit and "break" the secret elements, this intrusion will be limited to the single card and will not allow fraud to the other cards - Unlike conventional systems where the fact of "breaking" a reader allows access, for example, to the reload master key located there and thus to reload any card (electronic lotteries are a typical illustration of this. problematic).

Among the other advantages of the invention, we can cite: - the least need for the reader to know and / or decide
data which are functionally linked to the card, - the reduction in the volume of data exchanged between the card and the
reader, reducing both the duration of the operation and the risks of
fraud by alteration of these exchanged data, - the possibility of changing the operating rules of the transaction
(e.g. modification of tariff rules) without modification
readers, - reduction or deletion of cryptographic keys in
readers.

 The invention covers various possible applications of this system, in particular the case where the data memory contains a monetary value and the logic means are capable of incrementing or decrementing a monetary value during the execution of the transaction.

 The system may include at least one portable object incorporating said microcircuit, and at least one transfer device for exchanging data with a portable object separably coupled to this transfer device, via said microcircuit communication means. The logic means can in particular operate as a function of data, at least some of which is transmitted to the microcircuit from the outside.

 However, the data used to operate the logical means are not necessarily communicated by the reader, and in certain cases the transaction can even be carried out without using a separate reader. The card may in particular include a keyboard making it possible to order it directly, for example to trigger a lottery draw, the external reader then only serving to highlight any winnings, but not participating in the draw itself.

 In addition, one can get rid of an element of monetary counterpart during drawdowns until the moment of claiming the gains: since the drawdown transaction is purely internal to the microcircuit, there is no more money transfer to another device during the draw, thus eliminating all the disadvantages and risks associated with such a transfer.

 In a first conceivable application, the transaction is an electronic game transaction, the result of which is not foreseeable by the player; the rules contained in the memory of the microcircuit then include the rules of the game, and the calculation made in the microcircuit by the logical means results in the attribution of a gain or a loss to the user of the system.

 The game in question can be a deterministic game or a game of chance; in the latter case, the logic means of the microcircuit include means for generating random or pseudo-random numbers on which said allocation of gain or loss is based.

 Besides games, the invention has other applications in which the amount of the transaction can be determined according to rules stored in the card. Thus, the data stored in the card memory can be very varied in nature, such as reduction rate, history of previous transactions, cumulative amount of purchases, etc. As for the data transferred to the card from a reader, it may be a bet, an indication of the service to be paid (for example the indication of the station where the payment is made), the nature of the goods to be paid, etc., the determination of the amount being, in all cases, carried out internally in the secure microcircuit, and no longer in the reader.

 In such another application, the transaction is a transaction for payment of a good or a service; the rules contained in the memory of the microcircuit then include tariff rules applicable to the user of the system, and the calculation made in the microcircuit by the logical means is a calculation of an amount to be debited to the user of the system.

 In yet another application, the transaction is a secure payment transaction; the rules contained in the memory of the microcircuit then include authorization request criteria, and the calculation operated in the microcircuit by the logical means is a decision whether or not to call an authorization center, the result of which conditions completion of the transaction. We can even foresee an electronic call with an increasing probability of call with the amount of the transaction.

0
Other characteristics and advantages of the invention will appear on reading the detailed description below of an example of implementation of the invention, with reference to the accompanying drawings.

 Figure 1 shows schematically the different organs constituting the system of the invention.

 FIG. 2 is a block diagram showing the various elements of the card implemented in the system of FIG. 1.

 FIG. 3 is a block diagram showing the various elements of the reader implemented in the system of FIG. 1.

0
We will describe a particular implementation of the invention, in an application to an electronic game of chance, this application is of course in no way limiting.

 Basically (Figure 1), the system comprises, in itself known manner, a game machine 100 operated by a player by means of a microcircuit card 200. The card serves to support the player's assets, qu '' it uses, in a comparable way to a bucket of casino chips, the card containing the player's money or an equivalent.

 The gaming machine 100 can be a gaming machine such as a "slot machine", roulette, black jack, etc. comprising a display such as a screen showing the operation of the wheel, or showing rotating cylinders marked with aligned figures, series of cards, etc. in the same way as in a casino game.

 To play, the player inserts his card 200 into the machine 100, which he sets in motion by means of an appropriate command, the player's bets being debited from the card and his possible winnings recorded there.

 To reload the card and / or to convert his winnings and / or his assets into cash, the player (or a cashier) couples the card to an appropriate machine 300.

 The invention relates to the way in which the game machine 100 and the card 200 cooperate, it being understood that these two elements can possibly be combined in one and the same assembly 400, for example in the form of a stand-alone electronic game device comprising its own display and appropriate control keys.

 On the other hand, the way in which the card 200 cooperates with the machine 300 for recharging and converting assets remains in itself conventional, and is that of a card of the "electronic purse" type with a debit and recharging machine (we can refer to the draft standard EN 1546 "Identification card systems - Intersector Electronic Purse" developed by the working group TC 224 within the European Committee for Standardization, which represents the state of the art on the concept of the door -Electronic money and its associated debit and reloading devices).

 The mother idea of the invention, as explained above, consists in ensuring that it is the card 200, and no longer the machine 100, which determines the outcome of the game, calculates and accounts for the gain of the player. In this way, it will no longer be necessary to have in the machine 100 secret elements and / or insusceptible to be altered by the player, which, compared to existing systems, allows the construction of intrinsically resistant playing machines. smaller, lower cost player fraud attempts, including portable and / or individual machines and / or in the form of programs for personal computers.

 We will now describe in more detail the structure and operation of the machine 100 and of the card 200.

Qn will take the example of a roulette game whose rules (simplified) are as follows - at each game the player bets on a "even" space or
"odd" or numbered from O to 36, and the bet value is subtracted
of his assets; - an equiprobable draw is made, the result of which is a number
between 0 and 36; - if the player has played "even" (respectively "odd") and the result
draw status is even (respectively odd) and not zero, the player
wins twice its stake; - if the player has bet a box number corresponding to the draw, he
wins 36 times its stake; - in the event of gain, the gained value is added to the credit of the player.

 The card 200 contains the means 201 to 252 illustrated diagrammatically in FIG. 2, it being understood that these means can be implemented in any suitable manner, in particular in whole or in part in the form of software for controlling a processor incorporated in the microcircuit of the map. The invention relates essentially to the combination in the microcircuit of the card of the elements 201 to 207 described below, in particular the presence in the card of the elements 205 and 206. The other means, which are borrowed from the prior art or Obviously deduced therefrom for those skilled in the art, will not be described in detail.

 First of all, the card includes a memory 201 containing the player's assets. The technology of this memory, for example EEPROM, is chosen so as to make it both modifiable (when the card is used) and non-volatile (to maintain the value when the card is not used). The card also includes a stakes register 202 receiving the amount wagered by the player, as well as a bet register 203 containing the nature of the bet made, that is to say, in the example above, one of the thirty-nine possibilities (number from 0 to 36, "even" or "odd").

 A device 204 verifies that the stake of the register 202 is at least equal to the having of the memory 201, and subtracts the stake of the having to give a new credit, which is stored in the memory 201 (here and in below, the term "device" does not prejudge in any way the structure, software and / or hardware allowing the function considered to be executed).

 A random or pseudo-random generator 205 performs the draw, that is to say, in the game considered, produces an integer between 0 and 36, essentially unpredictable by the player.

Various means are known for producing such a generator, including in a microcircuit card, based on physical principles (RC Fairfield, RL Mortenson, and KB Koulthart, "An LSI Random Number
Generator ", Advances in Cryptology: CRYPTO '84 Proceedings, Springer Verlag) and / or cryptographic (L. Blum, M. Blum, and M. Shub," A Simple Unpredictable Pseudo-Random Number Generator ", SIAM
Journal on Computing, vol. 15, no. 2, 1986).

 After debiting the bet (device 204) and drawing (device 205), a device 206 calculates the gain according to the stake (register 202), the bet (register 203) and the drawing (device 205), according to the rules set out upper. Any gain is added to the credit in memory 201 by a credit device and the new value is recorded in memory 201.

To allow its cooperation with the recharging and conversion machine for assets 300, the card 200 includes a certain number of means making it possible to debit and credit the memory of assets 201 under good security conditions. These means, which are known per se, may in particular include: - a memory 208 containing keys, registered for example in fa
brication; - debit means 209, to reduce the hold in memory
201 of a given value, and producing at the end of this operation
an appropriate cryptographic certificate using the key 208, certified
cat intended to prove that the card has operated the debit, preventing
song any fraud or falsification; - credit means 210, to increase the hold in memory
201 of a given value, on condition that the card receives equal
from outside an appropriate cryptographic certificate, the
consistency with respect to key 208 is checked by a device ap
property, certificate intended to prove that the card must perform well
credit; means 211 for recording a history and / or a total
tion of certain operations affecting the card such as debit (func
amount of 209) and / or credit (operation of 210) and / or gains
(operation of 207, possibly only if 206 has produced
a result greater than zero or some other predetermined threshold)
and / or bets (operation of 204) and / or bet (contents of the register
203) and / or draw (result provided by device 205) and / or date
and / or time and / or arbitrary information such as an identifier of the
100 game machine used.

 These means 211 make it possible in particular to deal with disputes during games interrupted by a malfunction of the game machine or the breakdown of the coupling between the game machine and the card, and / or to fulfill accounting obligations and / or to determine characteristics of the game machine used by the player, for example to identify and compensate the operator who made it available to the player.

 The data recorded in this history can be displayed, collected and / or exploited by appropriate means of the gaming machine 100, or possibly of a specific external device to which the card can be coupled.

The card 200 also comprises, in a conventional manner, means 250 of coupling, temporary or permanent, to an external device such as 100 or 300, supply means 250 for the sub-assemblies of the card (autonomous supply or delivered by the machine 100), and communication means 252 capable of transferring: - the amount of the stake and the value of the bet from a device
external to the respective registers 202 and 203, - the value of the credit (memory 201), the result of the draw (device
205) and the gain made (device 206) from card 200 to a
external device, - and, more generally, to transfer all the necessary information
how the different subsets of the card work
200.

The preferred embodiment of the card 200 is a microcircuit card of a known type, conforming to standard ISO 7816, "Integrated
Circuit Cards with Contacts ", 1987-1997, the active element of which is a microcircuit such as the ST16SF42 from SGS-Thomson Semiconductors, comprising on the same monolithic microprocessor chip, ROM, EEPROM and RAM memories, pseudo-random generator, means of In this case, the functions of the card 200 are obtained by programming the microprocessor, that is to say by adapting the metal mask defining the content of the ROM memory and / or establishing electrical charges. defining the content of the EEPROM memory.

 As indicated at the beginning of this description, the realization in the form of a single microcircuit offers protection against the examination by the player of values which must remain secret and / or the alteration of values which must evolve according to rules precise. This protection, intrinsic to the microcircuit because of its monolithic nature, replaces the mechanically resistant casing which usually surrounds the sensitive elements of a traditional gaming machine (cashing / disbursing device, random generator and device for calculating the gain).

 The gaming machine 100 is illustrated in the form of a block diagram in FIG. 3.

 By convention, for the numerical references relating to this machine 100, the same values of figures of tens and units have been given to the elements which have a homologous element in the card 200: for example the device 101 of the machine is used to display the 'having contained in the memory 201 of the card, the amount of the stake entered in 201 will be transferred to the register 202, etc.

The game machine 100 comprises the following main elements: a device 101 for displaying to the player the amount of having con
held in memory 201.

- means 102 for entering by the player the amount of the stake (except
if this is determined by the rules of the game).

- Means 103 for entering by the player the nature of his bet
(unless it is determined by the rules of the game).

- bet validation means 104, to trigger the debit of the
bet by the device 204 and thus engage the stake.

means 105 for displaying the result produced by the generator
random 205. For the sake of the game, it is advantageous to perform
a graphic animation, reproducing for example on a screen
the hesitations of a roulette ball (the means of calculating the po
intermediate parts of the ball can be incorporated into the ma
China 100 and / or à la carte 200).

- Means 106 for displaying the player's gain calculated by the availability
sitive 206, for example by reading the value in this device and / or by
calculating it in machine 100 by a device analogous to the dis
positive 206.

means 140 for recording a history of operations,
same nature as the device 211 described above with regard to the
menu. This history can in particular record in the machine
information identifying the card 200; of course it will
provided appropriate means of display, collection and / or use
tation of all or part of the history recorded in 140.

The gaming machine 100 also conventionally comprises means 150 of coupling, temporary or permanent, to the coupling means 250 of the card 200, means 151 of supplying the subassemblies of the machine 100 and possibly of the card 200 ( possibly substituting for the supply means 251 of the card) and communication means 152 able to: - transfer from the reader the stake entered at 102 and the bet entered at
103 to registers 202 and 203, respectively, - transfer from the card the values contained or determined by
elements 201, 205 and possibly 206, towards elements 101,
105 and 106, respectively, - and, more generally, transfer all the necessary information
res to the operation of the different sub-assemblies of the machine
100 and 200 card.

 The invention allows, characteristically, to do without secure or secret elements in the game machine, the alteration or knowledge of which would allow the player to cheat at the expense of the system manager. The game machine 100 can thus be produced in the form of a low-cost portable machine, of the same type as consoles or video game devices for the general public, or even a program for a personal computer equipped with a card reader. with microcircuit.

 In addition, the miscalculated sy in 206 does not exceed a predetermined ceiling.

Another function which it is possible to implement is a verification by the machine 100 and / or 300 of the authenticity of the card 200. Known cryptographic methods make it possible to carry out this operation, including without requiring a secret value in 100 and / or 300 (LC Guillou, and JJ. Quisquater, "A Practical Zero
Knowledge Protocol Fitted to Security Microprocessor Minimizing Both
Transmission and Menory ", Advances in Cryptology: EUROCRYPT '88
Proceedings, Springer Verlag).

 Another improvement consists in making the rule of the game followed by the device 206 and the various devices of the card 200 dynamically variable, in particular with a rule supplied to the card 200 before the start of the game by the game machine 100 or other. suitable machine. The advantage of such a variable rule is to facilitate the multiplication of new 100 gaming machines without the need to change the 200 cards.

However, to protect the interests of the system manager, the rule must be verified by an appropriate device incorporated in the card 200. A first means can be the control of the cryptographic certificate of the rule, which can operate without the presence of any element. secret in the 200 card using a public key certificate, for example a DSS algorithm (see in particular National Institute of Standards and
Technology, NIST FIPS PUB 186, "Digital Signature Standard", US

Department of Commerce, 1984). Another way is to have the card calculate values, in particular the player's expected gain, deduced from the rules by applying an appropriate and predetermined systematic procedure to the manufacture of the card, and to check that these values are found. within predetermined limits limiting the risk taken by the system manager.

 Another improvement consists in providing a verification that the card is playing a "fair game": the player may indeed fear that the card will "cheat", and in particular that the draw by the random generator will be biased by the bet stored in register 203.

To this end, the player can delegate to a gaming machine 100 the task of carrying out verification operations making detectable cheating of the card. Known cryptographic protocols can be adapted for this purpose (see in particular Bruce Schneider, "Applied Cryptology", 2nd edition, Wiley ed., 4.9 to 4.11), the gaming machine then being able to activate a means suitable for alerting the player that card 200 does not carry out the agreed operations fairly.

 Another improvement can consist in providing in the card a device which attributes to the player bonuses according to certain criteria, for example as compensation after a series of particularly unlucky games (a given card being supposed to be used always by the same player). In other words, it can be expected that the rules for calculating the gains take account of the data recorded in 211 in the history.

 A possible variant of the system of the invention consists in associating with the memory 201 receiving the initial credit of the player a memory 201 ', the credit of the gains operated by 207 being made in 201' and the debit of the bets operated by 204 s' also performing in 201 'within the limit of the balance available in 201', and then in 201. This produces the equivalent of a playing machine that does not allow cash winnings, which some legislations may require.

 Various simplified variants can be envisaged, in particular, as indicated, by permanently coupling 100 and 200 the resulting object 400 is an autonomous personal game machine capable of being coupled to a terminal 300 for reloading and cashing out winnings. The advantage of the invention is then to be able to have a light, inexpensive and safe game machine, possibly individual and portable, by concentrating all the security elements in a single tamper-resistant microcircuit.

 We can also do without machine 300; the card is then supplied preloaded, and in case the player wishes to convert his winnings he does so on presentation of the card, the means of proof of the value associated with the card and his means of credit being integrated into the card and / or to the gaming machine 100.

 In other variants, the accounting for having it in memory 201 can be carried out in other ways. For example, the debit device 204 is reduced to its role of control, and the device for calculating the gains 206 is modified to produce a result reduced by the stake memorized in 202, therefore negative when the player loses.

 The accounting for the credit in 201 can also be performed outside of the card 200, for example by a machine 100 or 300 from the results of the history recorded in 211. In this case, the elements 201, 204 and 207 are absent and replaced by equivalent means in machines 100 and 300.

 The invention, which has just been described in the context of a game of pure chance, can be adapted to games comprising strategic aspects and / or progressive bets, such as backgammon, black jack or poker. The invention can even be applied to games which are not games of chance, the card 200 containing for example a game program of tic-tac-toe, drafts, chess, go, etc. the stakes on the outcome of the game being won by the winner.

Claims (8)

 1. A data processing system for the execution of an electronic transaction, comprising, integrated in the same microcircuit: - a data memory, - means of communication with the outside of the microcircuit, and - logical means of order and calculation, cooperating with the  data memory and means of communication; system characterized in that: - the data memory contains the calculation and execution rules  the transaction to be executed; - the logical means operate this calculation in the microcircuit in function  tion of said rules contained in the data memory; - logical means:  calculate a transaction amount and order execution  of the transaction based on the amount calculated in the microphone  circuit,  and or  calculate a hazard based on a predetermined probability and  order or not the execution of the transaction of an amount  predetermined on the basis of the hazard calculated in the microcircuit.  2. The system of claim 1, in which: - the data memory contains a monetary value, and - the logic means are capable of incrementing or decrementing a  monetary value when executing the transaction.  3. The system of claim 1 or 2, comprising: - at least one portable object incorporating said microcircuit, and - at least one transfer device for exchanging data with  a portable object detachably coupled to this device  transfer, via said communication means of the microcircuit.  4. The system of one of claims 1 to 3, in which the logic means operate as a function of data, at least some of which are transmitted to the microcircuit from the outside.  5. The system of one of claims 1 to 4, in which: - the transaction is an electronic game transaction, the result of which  is not predictable by the player, - the rules contained in the memory of the microcircuit include  the rules of the game, and - the calculation made in the microcircuit by logical means results  by attributing a gain or a loss to the user of the system.  6. The system of claim 5, in which the game is a game of chance and the logic means of the microcircuit include means generating random or pseudo-random numbers on which said allocation of gain or loss is based.  7. The system of one of claims 2 and 3, in which: - the transaction is a transaction for payment of goods or a service  vice, - the rules contained in the memory of the microcircuit include  tariff rules applicable to the user of the system, and - the calculation carried out in the microcircuit by the logical means is a  calculation of an amount to be debited to the user of the system.  8. The system of one of claims 1 to 3, in which - the transaction is a secure payment transaction, - the rules contained in the memory of the microcircuit include  authorization request criteria, and - the calculation made in the microcircuit by the logical means is a  decision to appeal or not from an authorization center.