GB2408235A - Portable smartcard reader/writer with user authentication - Google Patents

Portable smartcard reader/writer with user authentication Download PDF

Info

Publication number
GB2408235A
GB2408235A GB0500927A GB0500927A GB2408235A GB 2408235 A GB2408235 A GB 2408235A GB 0500927 A GB0500927 A GB 0500927A GB 0500927 A GB0500927 A GB 0500927A GB 2408235 A GB2408235 A GB 2408235A
Authority
GB
United Kingdom
Prior art keywords
smartcard
writer
card reader
portable card
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB0500927A
Other versions
GB0500927D0 (en
GB2408235B (en
Inventor
Mathias Koenig
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Motorola Solutions Inc
Original Assignee
Motorola Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Motorola Inc filed Critical Motorola Inc
Publication of GB0500927D0 publication Critical patent/GB0500927D0/en
Publication of GB2408235A publication Critical patent/GB2408235A/en
Application granted granted Critical
Publication of GB2408235B publication Critical patent/GB2408235B/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/0701Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips at least one of the integrated circuit chips comprising an arrangement for power management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips

Abstract

The portable card reader/writer 120 has a display 150, keypad or input device 125 and voltage supply (battery) 145. It includes user authentication means, such as fingerprint recognition using sensor 140 and/or voice recognition using microphone 135. User authentication may be by entry of a personal identification number using keypad 125. Reader/writer 120 initialises an operation of the smartcard 110 upon authentication of the user, so reducing the risk of fraudulent use of the smartcard. Smartcard 110 comprises a memory element and a charging circuit operably connected to it so that the charging circuit provides power to the memory element for a pre-determined time period only. A timing circuit 170, which may be a resistor-capacitor circuit, dictates the time it takes for the smartcard 110 to lose its charge. The smartcard and the reader/writer may communicate with each other and/or a remote communication unit by means of a wireless local loop, infrared communication link, or Bluetooth(RTM) communication link.

Description

SECURE SMARTCARD SYSTEM AND METHOD OF OPERATION
Field of the Invention
This invention relates to apparatus for, and a transaction between, a portable device, such as a smart card, and a fixed device, such as a card reader/writer.
The invention is applicable to, but not limited to, improving security in a Contact-less Smartcard by authenticating a user of the Smartcard.
Background of the Invention
Recent developments in wireless technology, primarily in the area of wireless local loop (WLL), have resulted in a new wireless device known as a Smartcard. Smartcards are used in a wide variety of applications. For example, it is known that Smartcards are used in electronic ticketing, time systems, and access control.
Furthermore, the Smartcards are also used as a data storage function, for example containing biometric data, social security information or user profile information.
In addition, Smartcards are being increasingly used in electronic purse functions such as retail, public transport ticketing, ski passport, telephone, road tolling, vending, parking and money transactions.
Current Smartcards are known to have more functionality than just memory. For example, some Smartcards are designed to communicate with a Smartcard reader/writer.
In this regard, the Smartcard is designed to include a wireless interface to the reader. The type of memory used in Smartcards is also varied. For example, - ) Smartcards are known to include random access memory (RAM) and/or electrically erasable programmable read-only memory (EEPROM), typically used for application related data such as 'electronic-money', codes, etc. or read-only memory (ROM), typically used to store card personality data.
In the field of this invention, namely security
associated with portable communication devices such as Smartcards, it is important to ensure the security of any Smartcard transaction process. In this regard, it is known that some current Smartcards utilise a Personal Identification Number (PIN), to provide security.
However, the security associated with PINs is known to be somewhat basic. User PINs are often communicated to third parties. Transactions based on the PIN can be intercepted and the PIN obtained. Also, a user's PIN may be guessed, or a third party may see what PIN a user is entering into the Smartcard. Thus, the use of PINs, in isolation, is a very limited form of security. Such use is likely to be unacceptable in future communication/ transactions that will include sensitive financial information.
An enhancement to the provision of basic PIN-based security is the use of cryptographic authentication of both the portable device (e.g. the Smartcard) and the receiving terminal (card reader). Consequently, the concept of Mutual authentication between the portable device and the fixed device has been increasingly used in the Smartcard industry.
Furthermore, it is known that the uniqueness and the non- reproducibility of the cryptographic key, as used to certify the authenticity of the overall transaction, needs to be guaranteed. As such, the concept of Cryptographic Signature (cryptographic key) has been widely used in the Smartcard industry as a reliable means to authenticate messages or transactions.
To complement this authentication process, a random session key, as opposed to a static key, is sometimes used to improve the security of the cryptographic operation involved. This makes a replay attack by a third party much more difficult. The current proposals for improving Smartcard security are focussed on asymmetric public key coding, for example, where one public key and one private key are used simultaneously.
A transaction is implemented as a critical section. The critical section commences, after a successful completion of the mutual authentication. The critical section is completed with a successful verification of the transaction signature. In such transactions, it is known that the integrity of the data stored in the portable device is an important design criterion.
Nevertheless, this approach to Smartcard transaction is still recognized as being prone to security breaches.
Even the most secure Smartcard technology suffers from the fact that the Smartcards may be stolen and the card manipulated to enable an unauthorized person to use and/or take advantage of the card.
Thus, there exists a need in the field of the present invention to provide a Smartcard transaction mechanism, a
-
Smartcard/portable device, a Terminal (card reader) and methods to initialise a Smartcard and enable a Smartcard transaction wherein the abovementioned disadvantages may be alleviated.
Statement of Invention
In accordance with a first aspect of the present invention, there is provided a portable card reader/writer, as claimed in Claim 1.
In accordance with a second aspect of the present invention, there is provided a Smartcard authentication and/or initialization system, as claimed in Claim 10.
In accordance with a third aspect of the present invention, there is provided a method of initialising an operation of a Smartcard, as Claimed in Claim 13.
In accordance with a fourth aspect of the present invention, there is provided a Smartcard, as claimed in Claim 18.
In accordance with a fifth aspect of the present invention, there is provided a portable card reader/writer, as claimed in Claim 19.
In accordance with a sixth aspect of the present invention, there is provided an integrated circuit adapted for use in a Smartcard or portable card reader/writer, as claimed in Claim 20.
A Smartcard comprising a memory element, the Smartcard characterized by a charging circuit operably coupled to ) said memory element such that the charging circuit only provides power to said memory element for a predetermined period of time.
Preferably the memory element is a non-volatile random access memory.
Preferably said charging circuit is operably coupled to an external power source that provides power to said charging circuit.
Preferably said external power source is within a portable card reader/writer, such that said external power source provides power to said charging circuit when said portable card reader/writer is operably coupled to said Smartcard.
Preferably said external power source is located within a portable card reader/writer, such that said external power source provides power to said charging circuit after a Smartcard user has been authenticated to use said Smartcard.
Preferably the Smartcard is further characterized in that the charging circuit comprises, or is operably coupled to, a timer circuit such that said timer circuit controls the period of time that the memory element is provided with power.
In summary, the inventive concepts described herein propose, inter alla, an improved Smartcard security architecture, preferably for use in Contact-less environments. The improved Smartcard security system comprises a Smartcard and a portable card reader/writer -ltS configured to self-authenticate a user of the Smartcard prior to initializing the Smartcard for temporary use.
Brief Description of the Drawings
Exemplary embodiments of the present invention will now be described, with reference to the accompanying drawings, in which: FIG. 1 illustrates a plan view of a functional block diagram of a Smartcard inserted into a portable card reader/writer used for self-authentication purposes in accordance with a preferred embodiment of the invention.
FIG. 2 illustrates a side view of the functional block diagram of FIG. 1 in accordance with a preferred embodiment of the invention.
FIG. 3 illustrates a flow of information between a Smartcard and a portable card reader/writer in accordance with a preferred embodiment of the invention.
FIG. 4 is a flowchart illustrating a preferred mechanism of selfauthenticating and initializing a Smartcard using a portable card reader/writer in accordance with a preferred embodiment of the invention.
Description of Preferred Embodiments
Referring now to FIG. 1, a plan view of a Smartcard inserted into a portable card reader/writer for self- authentication purposes is illustrated, in accordance with a preferred embodiment of the invention. A Smartcard 110 is illustrated as being inserted into a portable card reader/writer 120. The portable card reader/writer 120 includes a display 150 for displaying various items of information relating to the Smartcard and/or the portable card reader/writer. For example, the display may be used to display financial information held on the Smartcard, or messages indicating the instructions to carry out, or progress (or otherwise) of, the Smartcard user self-authentication and/or Smartcard initialization process.
The portable card reader/writer 120 further includes a user-input device 125, such as a keypad. The user input device 125 allows the user to enter information to the Smartcard 110 and/or the portable card reader/writer 120.
For example, if one or more personal identification number(s) (PIN) is used, the keypad enables the PIN to be entered. In the preferred embodiment of the present invention, the portable card reader/writer also includes an optional 'menu' button. A user preferably uses the 'menu' button to manoeuvre around the screen on the display 150, or select displayed information/options.
The portable card reader/writer 120 also includes a voltage supply 145. The (battery) voltage supply 145 is used to power the portable card reader/writer as well as charge the Smartcard 110. Advantageously, the Smartcard is only charged whilst operably coupled to the portable card reader/writer 120 for a period of time after the Smartcard 110 has been inserted into the portable card reader/writer 120.
After successful completion of the authentication process, and removal of the Smartcard 110 from the portable card reader/writer 120 (and thereby its voltage I 1 supply 145), the Smartcard is configured to lose its charge. A timer circuit 170, for example a resistor- capacitor (R-C) circuit operably coupled to a random access memory (RAM) 165, preferably dictates the time it takes for the Smartcard 110 to lose its charge, i.e. the charging capacitor provides a predefined voltage drop versus time.
In this manner, some of the Smartcard's functionality remains within the Smartcard for a predetermined time after: (i) The user of the Smartcard 110 has been authenticated by the portable card reader/writer 120; (ii) The Smartcard has been initialised by the portable card reader/writer 120; and (iii) The Smartcard has been removed from the portable card reader/writer 120.
It is within the contemplation of the invention that, in an alternative embodiment, a digital timer circuit may be used, instead of the R-C network shown in FIG. 3. In this configuration, it is envisaged that a user is able to control/set the timer period, via the keypad 125 on the portable card reader/writer 120. In this manner, the user is able to select an appropriate time period for any particular application, for example a longer time period to access a series of secure areas, before the Smartcard is to lose its functionality.
It is envisaged that a variety of Smartcard user self- authentication mechanisms can be used in the preferred _1: embodiment. For example, the preferred user authentication mechanisms include fingerprint recognition by means of a fingerprint sensor 140 and/or voice recognition by means of microphone 135 coupled to a speech analysis processor (not shown).
In accordance with the preferred embodiment of the present invention, the portable card reader/writer 120 comprises one or more Smartcard user selfauthentication modules. A first Smartcard user self-authentication process is performed, in order to activate the Smartcard for a desired transaction. Preferably, the first Smartcard user self-authentication process comprises fingerprint recognition as one of the selfauthentication modules, where the module includes a fingerprint sensor 140.
In this regard, the Smartcard owner places a finger onto a fingerprint sensor in order to validate the user as being approved to use the Smartcard 110. The subsequent validation process is described later with respect to FIG. 3 and FIG. 4.
In a similar manner, a second (alternative or additional) voice recognition process, using the microphone 135 and speech processing circuitry, can be used as a self- authentication mechanism. It is envisaged that speech recognition circuitry usually found in tabletop telecommunications or computing devices can be re-used in the portable card reader/writer.
In addition, a new Smartcard device is used, which comprises internal digital electronics, for example a microprocessor 160 and a memory element 165, such as non t! volatile random access memory (NV-RAM). In accordance with the preferred embodiment of the present invention, a portion, or the whole, of the NV-RAM 165 is only supplied with a voltage supply upon successful completion of the authentication process. Otherwise, the portion, or the whole, of the NV-RAM 165 is not provided with power and therefore loses any stored information.
Alternatively, it is envisaged that a number of memory elements can be provided in the Smartcard, for example read-only memory (ROM), electrically erasable ROM (EEPROM), standard RAM, etc. In this regard, the authentication process is concerned only with activating and using the NV-RAM of the Smartcard. Thus, other user specific data, which is permanently or semi-permanently stored on the Smartcard, is not lost whenever the portable card reader/writer has been removed and the Smartcard's charge has dissipated.
In accordance with a preferred embodiment of the present invention, the proposed portable card reader/writer 120 is incorporated into for example a key ring, or infrared security key, say, for a car door. It is also envisaged that the portable card reader/writer is of such a small size that it may be readily carried inside a wallet, a purse or small enough to be carried in a user's pocket etc. In this regard, it is envisaged that the portable card reader/writer is configured as a 'slim' device, as represented in the side view illustration in FIG. 2. In such a configuration, it is envisaged that the electronic circuitry of the portable card reader/writer 120 may be incorporated onto a flexible printed circuit board for / \,< electrically coupling to, or wrapping around, the Smartcard 110 when it is inserted into the portable card reader/writer 120.
Although the preferred embodiment of the present invention illustrates a Smartcard being inserted into the portable card reader/writer, a skilled artisan will appreciate that many other forms of mechanically and electrically coupling the two devices can be used, in order to benefit from the inventive concepts herein described. For example, in some embodiments, it is envisaged that a wireless coupling between the Smartcard and the portable card reader/writer may be used, for example using the same wireless local loop (WLL) technology used by the Smartcard in its normal operation.
FIG. 3 illustrates a flow of information between a Smartcard and a portable card reader/writer in accordance with a preferred embodiment of the invention. The flow of information effectively represents an enhanced security in the use of the Smartcard.
To be able to use the Smartcard 110 for a particular application, for example a financial transaction or access to a building, the Smartcard 110 needs to be inserted into a receptacle slot within the portable card reader/writer 120. Either by insertion of the Smartcard into the receptacle slot or, for example, by pressing a menu button on a user interface 125 on the portable card reader/writer 120, the portable card reader/writer will be activated. As an added security measure, it is envisaged that the portable card reader/writer may also be activated only by entering a pass (or PIN) code. I'l Al
In accordance with the preferred embodiment of the present invention, the Smartcard 110 comprises one or more Smartcard user self-authentication modules. A first Smartcard self-authentication process is performed, in order to activate the Smartcard for a desired transaction. Preferably, the first Smartcard user self- authentication process comprises fingerprint recognition as one of the self-authentication modules, where the module includes a fingerprint sensor. In this regard, the Smartcard owner places a finger onto a fingerprint sensor on the portable card reader/writer 120.
A digital data management function 325, for example a micro-controller and/or processor, in the portable card reader/writer 120 compares the scanned fingerprint with a previously stored fingerprint (i.e. one from a stored personal reference data set 315). If the scanned fingerprint matches the previously stored fingerprint with a sufficient degree of accuracy, then a number of operations are performed.
First, the Smartcard 110 is powered, via a charging/timer circuit 370, for example an R-C network. The NV-RAM of the Smartcard 110 is preferably only charged by the voltage supply 145 of the portable card reader/writer 120 following a 'match'. Once the Smartcard has been removed from the portable card reader/writer 120, the timer/charging circuit is arranged to provide a slowly dissipating supply voltage to the NV-RAM 165 of the Smartcard 110.
In addition, whilst the Smartcard is operably coupled to the portable card reader/writer 120, a user specific codeword is then transferred from the digital data -t management 325 of the portable card reader/writer to a specific portion of memory 365, such as NV-RAM, of the Smartcard 110. This transfer is performed via the Smartcard's digital data management function 350.
Preferably, the codeword is specific to the particular portable card reader/writer 120.
The charging capacitor comprises part of, or is preferably operably coupled to, a timing circuit within the Smartcard 110. Such timing/charging circuits 370 are well known in the general field of electronics. In this regard, the charging capacitor retains its power for a predefined period of time. In this manner, the NV-RAM is only configured to hold the specific codeword for this predefined time.
Consequently, the Smartcard user has been self- authenticated in the portable card reader/writer 120.
The self-authentication mechanism is configured to last a predetermined period of time. Thus, once authenticated, the card owner is able to perform the desired Smartcard action, for example, a bank transaction or enter a secure area only within this predefined time.
After the predefined time has elapsed, the charging capacitor effectively loses its power. Consequently, the NV-RAM 365 loses its power and the specific codeword within the Smartcard 110 is lost. Advantageously, this self-authentication mechanism provides substantial additional security, as the Smartcard 110 cannot be used for any subsequent transaction until the above described self-authentication process is repeated.
It is within the contemplation of the invention that, instead of, or in addition to, the fingerprint recognition mechanism 305, a PIN can be entered on the portable card reader/writer 120. Furthermore, it is envisaged that a second PIN may be used, whereby the second PIN may be entered on the Smartcard if it is configured with its own user input, such as a keypad (not shown).
It is also within the contemplation of the invention that alternative self-authentication modules can be used, to enhance the security of the Smartcard system. For example, as an alternative, or in addition, to the fingerprint recognition and/or PIN arrangement, voice recognition may be used. In this manner, a voice recognition module, operably coupled to say a built-in microphone within the portable card reader/writer, compares the spectral properties of a user's received voice input with a stored spectral voice signal for that user. The aforementioned Smartcard initialization processes of power and codes routed to the Smartcard are performed upon the portable card reader/writer determining a 'match' of the speech signal.
Notably, and in particular when a combination of self- authentication modules is used, increased security can be achieved.
It is also within the contemplation of the invention that the Smartcard and associated portable card reader/writer may be inexorably linked, inasmuch as they are a ('matched-pair' and are only configured to work with each other. For example, in this context, an additional code may be provided within the Smartcard, which is only recognised by its portable card reader/writer. In this manner, the security between the Smartcard and the portable card reader/writer is further enhanced.
In an enhanced embodiment of the present invention, the digital data management function 325 of the portable card reader/writer 120 is configured to extract information from the Smartcard 110, and display Smartcard information to the user. The portable card reader/writer user is able to read out, for example, financial or other information from the Smartcard 110. This is specifically useful in the case where a prepaid or preloaded Smartcard is used, where the user is likely to be keen to know how much money is available on the Smartcard 110.
It is within the contemplation of the invention that the aforementioned Smartcard system may be used as an add-on security feature to current digital signature technologies, such as asymmetric public key coding where one public key and one private key are used.
It is also envisaged that an additional advantageous feature of the present invention is the provision of a Bluetooth _ and/or infrared transceiver within the portable card reader/writer and/or Smartcard. In this regard, the portable card reader/writer is preferably configured to communicate with, say, a wireless phone, a computer and/or the Internet. With such a configuration, it is possible for a user to effect, say, a bank transaction whilst sitting in a car in front of a bank.
Referring now to FIG. 4, a preferred flowchart 400 for selfauthentication of a Smartcard is illustrated. The preferred method commences when the Smartcard is plugged
-
into a portable card reader/writer, in step 405. After inserting the Smartcard into the portable card reader/writer in step 405, the microcontroller operation is commenced in both the portable card reader/writer and in the Smartcard, as shown in step 410.
The preferred method for commencing the respective micro- controller operations is by, say, a user pressing a button on the portable card reader/writer.
Alternatively, it is envisaged that the micro-controller may by activated by the user just plugging the Smartcard into the portable card reader/writer.
Once the respective micro-controllers have been activated in step 410, one or more Smartcard user self- authentication processes are commenced as shown in step 415. A preferred user-authentication process is fingerprint recognition, whereby a user is able to press a finger onto the fingerprint sensor. Alternatively, other user-authentication processes can be used, such as voice recognition whereby a user utters a codeword into the microphone and/or typing in a PIN.
The portable card reader/writer data management/ micro controller then compares the user input to a previously stored user-authentication user input, i.e. fingerprint, voice recognition spectral pattern or PIN. The stored user-authentication input is termed a Personal Reference Data Set (PRDS) stored in the portable card reader/writer. If the comparison yields a,match', in step 420, then the portable card reader/writer transfers appropriate data to the Smartcard's micro-controller, as shown in step 425. The appropriate data may include one or more PINX number to be sent to the Smartcard.
In this regard, a PINX number can be considered as an extension to a PIN number. The PINX number may be a number that is generated from any series of numbers (PIN, codes or any user-entered number) from the Smartcard and/or Smartcard reader/writer. Thus, use of a PINX number further increases security in the use of the Smartcard.
The Smartcard micro-controller calculates the final codeword from the PINX (plus the PIN number) and the internal fixed codeword (IFC). The Smartcard micro- controller saves the codeword(s) into its NV-RAM cell.
Furthermore, the Smartcard is preferably powered from the portable card reader/writer once the Smartcard user has been authenticated. The Smartcard is then preferably removed from the portable card reader/writer, in step 430.
Now the portable card reader/writer automatically switches itself off, in step 435. A timer in the Smartcard is then activated. The timer may take any form, for example a simple resistor-capacitor (R-C) charging circuit. Whilst the timer has not exceeded a threshold, i.e. the timer has not elapsed, the Smartcard remains in an active operational mode. For example, it is envisaged that the R-C charging/timer circuit may be set for approximately ninety seconds, to allow the Smartcard user enough time to access a building using the active Smartcard or perform a financial transaction, as shown in step 440.
It is envisaged that plugging the Smartcard into an automatic teller machine slot may effect such a IN 18 transaction. Alternatively, it is envisaged that in the case of an optional radio frequency (RF) link (i.e. for a contact-less Smartcard) the user only needs to be in the vicinity of the banking machine.
After the Smartcard NV-RAM cell timer has elapsed, the Smartcard's operational mode is terminated, i.e. it is no longer capable of performing a financial transaction without re-starting the whole process with the portable card reader/writer again. Advantageously, if the Smartcard is subsequently stolen or manipulated after the timeout, no subsequent transaction is possible. Thus, for subsequent transactions to occur a user is required to authenticate the Smartcard with its portable card reader/writer again. In this manner, a user has to be in possession of the portable card reader/writer and the associated Smartcard and be authorized to use the Smartcard as described above.
Furthermore, in accordance with the preferred embodiment of the present invention, the disclosure or theft of a PIN number is not sufficient to allow a third party to fraudulently use the Smartcard, if the PIN mechanism is used with another user-authentication process.
It will be understood that the Smartcard system, the Smartcard/portable device, the portable card reader/writer (Terminal) and methods to enable authentication and initialization of a Smartcard, as described above, tend to provide at least one or more of the following advantages: (i) The provision of an authentication mechanism for a Smartcard, i.e. by requiring a user to authenticate (-I himself/herself with a particular portable card reader/writer, significantly reduces the risk of fraudulent use of the Smartcard.
(ii) The provision of a user authentication mechanism within the portable card reader/writer, prior to subsequently authorising the Smartcard, i.e. by requiring a user to undergo fingerprint analysis, voice recognition or entering a PIN, further significantly reduces the risk of fraudulent use of the Smartcard.
(iii) The provision of a mechanism to 'charge' the Smartcard only after a coupling the Smartcard to the portable card reader/writer and/or following authentication of the Smartcard, i.e. by incorporating a mechanism for the particular portable card reader/writer to charge a NV- RAM in the Smartcard. This further significantly reduces the risk of fraudulent use of the Smartcard.
(iv) The provision of a predetermined short time limit for any authentication of the Smartcard, i.e. by incorporating a charge dissipation mechanism in the Smartcard, further significantly reduces the risk of fraudulent use of the Smartcard.
(v) The proposed system is backward compatible, in that it is able toenhance existing Smartcard systems, as well as provide increased security to future Smartcard systems.
(vi) The provision of a display on the portable card reader/writer allows a user to view data and/or codes of the Smartcard and/or portable card reader/writer. A user is also able to receive instructions/messages on the self-authentication and/or Smartcard initialization processes.
It will, of course, be understood that a Smartcard or portable card reader/writer, as described above, will typically be constructed around one or more integrated circuits that are adapted to provide the required functionality described above.
Whilst specific, and preferred, implementations of the present invention are described above, it is clear that one skilled in the art could readily apply variations and modifications of such inventive concepts.
Thus, a transaction system, Smartcard/portable device, Terminal and methods of performing a transaction have been provided whereby the problems associated with prior art arrangements have been substantially alleviated. f f

Claims (20)

_ CLAIMS
1. A portable card reader/writer for interfacing with at least one card, for example a Smartcard, wherein the portable card reader/writer is characterized by a user authentication mechanism, for authenticating a user of said card.
2. The portable card reader/writer according to Claim 1, wherein the portable card reader/writer is further characterized by a memory element, operably coupled to the user authentication mechanism, which stores user authentication data.
3. The portable card reader/writer according to Claim 2, wherein the portable card reader/writer is further characterized by a processor, operably coupled to the memory element and the user authentication mechanism, such that in order to authenticate a user the processor compares user data provided by the user authentication mechanism with user data stored in the memory element.
4. The portable card reader/writer according to any of preceding Claims 1 to 3, wherein the portable card reader/writer is further characterized by the user authentication mechanism being one or more of: a finger print authentication arrangement, voice recognition circuitry, or a user input device for entering PIN or code data.
5. The portable card reader/writer according to any of preceding Claims 1 to 4, wherein the portable card reader/writer is further characterized by a display (150) for displaying information relating to the card and/or the portable card reader/writer.
6. The portable card reader/writer according to any of preceding Claims 1 to 5, wherein the portable card reader/writer is further characterized by a voltage supply (145) configured to provide power to a Smartcard when the Smartcard is operably coupled to the portable card reader/writer.
7. The portable card reader/writer according to any of preceding Claims 3 to 6, wherein the portable card reader/writer is further characterized by said processor sending data and/or access codes to a Smartcard, when said Smartcard is operably coupled to the portable card reader/writer.
8. The portable card reader/writer according to any of preceding Claims 3 to 7, wherein the portable card reader/writer is further characterized by a user-input device (125), such as a keypad, to enable a user to enter information to the portable card reader/writer and/or a Smartcard (10) operably coupled to the portable card reader/writer (120).
9. The portable card reader/writer according to any of preceding Claims 1 to 8, wherein the portable card reader/writer is further characterized by a communication transmitter and/or receiver for communicating with a remote communication system, wherein the communications with the remote system are performed using Bluetooth _ and/or infrared communications.
10. A Smartcard authentication and/or initialization system characterized by a Smartcard reader/writer comprising a Smartcard user authentication mechanism and a Smartcard for operably coupling to the Smartcard reader/writer such that the Smartcard reader/writer initializes an operation of the Smartcard in response to authenticating a user of the Smartcard.
11. The Smartcard authentication and/or initialization system according to Claim 10, further characterized in that said Smartcard reader/writer initializes an operation of the Smartcard by transferring a user-specific or Smartcard- specific codeword to the Smartcard (110).
12. The Smartcard authentication and/or initialization system according to Claim 10 or Claim 11 further characterized in that said Smartcard reader/writer and said Smartcard comprise one or more of the following communication mechanisms to communicate with each other or a remote communication unit: a wireless local loop communication link, a Bluetooth _ communication link, an infrared communication link.
13. A method of initializing an operation of a Smartcard, the method comprising the steps of: entering user information into a portable card reader; authenticating whether said user information matches a user of said Smartcard; and
- hi;
initialising an operation of said Smartcard in response to a positive authentication.
14. The method of initialising an operation of a Smartcard according to Claim 13, wherein said step of authenticating comprises the step of: comparing a user input to a previously stored user-authentication user input, wherein said user input is one or more of: a fingerprint, a voice signal, a PIN code.
15. The method of initialising an operation of a Smartcard according to Claim 13 or Claim 14, wherein said step of initialising comprises the step of: transferring financial or access code data to the Smartcard.
16. The method of initialising an operation of a Smartcard according to any of preceding Claims 13 to 15, wherein said step of authenticating comprises the step of: providing power to the Smartcard from the portable card reader/writer once the Smartcard user has been authenticated.
17. The method of initialising an operation of a Smartcard according to Claim 16, wherein said step of initialising comprises the step of: providing power to a memory element within said Smartcard for a limited period of time.
18. A Smartcard adapted for use in the method steps of any of the preceding Claims 13 to 17.
19. A Portable card reader/writer adapted for use in the method steps of any of the preceding Claims 13 to 17.
20. An integrated circuit adapted for use in a portable card reader/writer according to any one of preceding Claims 1 to 9.
GB0500927A 2002-12-20 2002-12-20 Secure smartcard system and method of operation Expired - Fee Related GB2408235B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0229918A GB2396330B (en) 2002-12-20 2002-12-20 A smartcard

Publications (3)

Publication Number Publication Date
GB0500927D0 GB0500927D0 (en) 2005-02-23
GB2408235A true GB2408235A (en) 2005-05-25
GB2408235B GB2408235B (en) 2005-09-21

Family

ID=9950242

Family Applications (2)

Application Number Title Priority Date Filing Date
GB0500927A Expired - Fee Related GB2408235B (en) 2002-12-20 2002-12-20 Secure smartcard system and method of operation
GB0229918A Expired - Fee Related GB2396330B (en) 2002-12-20 2002-12-20 A smartcard

Family Applications After (1)

Application Number Title Priority Date Filing Date
GB0229918A Expired - Fee Related GB2396330B (en) 2002-12-20 2002-12-20 A smartcard

Country Status (3)

Country Link
AU (1) AU2003298332A1 (en)
GB (2) GB2408235B (en)
WO (1) WO2004057546A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2478702A (en) * 2010-03-15 2011-09-21 Mohammed Ayub Ullah Secure biometric card device

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2003256693B2 (en) 2002-07-29 2008-05-01 Intel Corporation Method and apparatus for electro-biometric identiy recognition
GB2406826A (en) * 2003-10-08 2005-04-13 Afzal Muhammad Khan Wrist watch and smart card combination.

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2256170A (en) * 1991-05-02 1992-12-02 William Robert Brandes Integrated circuit card with fingerprint verification.
US6219439B1 (en) * 1998-07-09 2001-04-17 Paul M. Burger Biometric authentication system
US20020099665A1 (en) * 1999-09-28 2002-07-25 Burger Todd O. Portable electronic authorization system and method
US20020158747A1 (en) * 2001-04-26 2002-10-31 Mcgregor Christopher M. Bio-metric smart card, bio-metric smart card reader and method of use
WO2003056524A1 (en) * 2001-12-28 2003-07-10 Centre D'echanges De Donnees Et D'information Du Credit Agricole Mutuel-Cedicam Self-locking smart card and device for ensuring the security thereof

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS6354294A (en) * 1986-08-25 1988-03-08 株式会社日立製作所 Information medium and information protective method using said medium
GB2275654B (en) * 1993-03-04 1996-11-13 Landis & Gyr Energy Management Smart card
GB2284385A (en) * 1993-12-06 1995-06-07 George Derek Roy Tregellas Electronic transaction card.
EP0964361A1 (en) * 1998-06-08 1999-12-15 International Business Machines Corporation Protection of sensitive information contained in integrated circuit cards
DE69817543T2 (en) * 1998-06-08 2004-06-24 International Business Machines Corp. Automatic data recovery in chip cards
ATE259086T1 (en) * 1999-06-18 2004-02-15 Citicorp Dev Ct Inc METHOD, SYSTEM AND APPARATUS FOR TRANSMITTING, RECEIVING AND DISPLAYING INFORMATION
US6742714B2 (en) * 1999-09-16 2004-06-01 Kenneth B. Cecil Proximity card with incorporated PIN code protection
FR2810435B1 (en) * 2000-06-16 2003-10-24 France Telecom ELECTRONIC CHIP CARD PORTFOLIO
US20020139844A1 (en) * 2001-03-29 2002-10-03 Tzur Rochman Method for enabling credit cards and device therefor

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2256170A (en) * 1991-05-02 1992-12-02 William Robert Brandes Integrated circuit card with fingerprint verification.
US6219439B1 (en) * 1998-07-09 2001-04-17 Paul M. Burger Biometric authentication system
US20020099665A1 (en) * 1999-09-28 2002-07-25 Burger Todd O. Portable electronic authorization system and method
US20020158747A1 (en) * 2001-04-26 2002-10-31 Mcgregor Christopher M. Bio-metric smart card, bio-metric smart card reader and method of use
WO2003056524A1 (en) * 2001-12-28 2003-07-10 Centre D'echanges De Donnees Et D'information Du Credit Agricole Mutuel-Cedicam Self-locking smart card and device for ensuring the security thereof

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2478702A (en) * 2010-03-15 2011-09-21 Mohammed Ayub Ullah Secure biometric card device

Also Published As

Publication number Publication date
GB2396330B (en) 2005-05-11
GB0500927D0 (en) 2005-02-23
AU2003298332A1 (en) 2004-07-14
WO2004057546A2 (en) 2004-07-08
WO2004057546A3 (en) 2004-09-02
GB0229918D0 (en) 2003-01-29
AU2003298332A8 (en) 2004-07-14
GB2408235B (en) 2005-09-21
GB2396330A (en) 2004-06-23

Similar Documents

Publication Publication Date Title
US7242277B2 (en) Individual authentication device and cellular terminal apparatus
US7293717B1 (en) Method for recovering information stored in a smart card
KR101259925B1 (en) One-time password credit/debit card
US9529991B2 (en) Systems and methods for multi-factor remote user authentication
US7404081B2 (en) Electronic storage apparatus, authentication apparatus and authentication method
US20080028230A1 (en) Biometric authentication proximity card
US20110057034A1 (en) Secure transaction device and system
US6775398B1 (en) Method and device for the user-controlled authorisation of chip-card functions
DE60334759D1 (en) Security procedure for a mobile communication terminal
KR20180118152A (en) Fingerprint authentication device
JP2015511336A (en) ID authentication
JP2004164347A (en) Ic card and method for principal authentication using the same
WO2003003292A1 (en) Password identification apparatus and password identification method
KR20140061474A (en) Improved device and method for smart card assisted digital content purchase and storage
CN102546169A (en) Method and system for controlling the performance of a function protected by user authentication, in particular for accessing a resource
US7529369B2 (en) Data processing with a key
GB2408235A (en) Portable smartcard reader/writer with user authentication
CN100449990C (en) User centrificating apparatus and method for fixed network terminal
JP2007141113A (en) Ic card having biometrics authentication function and ic card program
JP2009152875A (en) Portable terminal and unlocking method
JP2003067687A (en) Electronic authentication system and card therefor
WO2020249997A1 (en) Communication device and method of using such a communication device
JP2002288623A (en) Ic card system
KR20040037449A (en) A Mobile Fingerprint Key And A Verification System using thereof
AU2021101726A4 (en) A Novel Approach to Make Active and Inactive Entire Device’s Screen for Fingers with Fingerprint Authentication

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20071220