JPH01500378A - Device for portable data carriers with multiple application files - Google Patents

Abstract

A portable data carrier (10) typically the size of a standard plastic credit card is usable in a variety of applications, from custom repertory dialing to storage of individual medical and/or banking records. The portable data carrier provides a high security file system capable of supporting multiple applications, all independent of the details of the data carrier's generic internal structure. Although the data carrier looks and feels much like an ordinary credit card, it includes a computer (110) and an electrically erasable programmable read-only memory (115). Power for operation of the portable data carrier is provided from an associated station (118) via a reader/writer (15). The reader/writer also couples data between the data carrier and the associated station. Security is enhanced since application software in the station receiving and interpreting the data from a file sees a contiguous stream of bytes relating only to the file of the application being accessed. No information is provided to a user of a particular application about other applications in the data carrier or about the data carrier's internal file structure.

Description

[Detailed description of the invention] Device for portable data carriers with multiple application files Background of the invention 1. Technical field The present invention provides portable data carriers, e.g. A smart card with memory, more specifically a portable data carrier related to devices for storing data contained within for multiple applications. do.

2. Description of prior art Using credit cards for shopping, banking and other transactions Today's travelers usually don't carry much cash. A plastic card with an embossed account number and account name is simply a bank card. Rui is the authorized account that should be the billing light for the transaction at the credit card company. The magnetic strip on the back of some cards whose only function is to identify the card is similar to this. Contains the same information, but is read mechanically to speed up transactions is now possible. All account information is stored at your bank or credit card company. separate cards are required for each account.

Many consumers use multiple cards to facilitate everyday transactions in stores. The credit card you carry around is itself ``light, compact, and convenient.'' . However, if there are multiple pieces such as 6 or 7 pieces, it becomes quite bulky, and it becomes difficult to use in pockets, wallets, etc. It is inconvenient to put it in. each card so that the customer only needs one card. Several types of multi-company credit card systems have been proposed and used. This way In one type of Una Card, the main card is individually sized to fit in a wallet. issued to credit card users. This primary card is an authorized user display or other means to identify the user and which company a display means or microcircuit for determining whether the include.

Such devices (cards) have a small number of potential credit providers and therefore This is satisfactory as long as there is sufficient space on the primary card, but this multi-company Number of credit providers and accounts to be maintained and updated on the credit card This will be insufficient in applications where there are a large number of customer credit The average user knows that it is possible to combine all of the providers into a single card. But now we know that users can store all their account balances on one card, Credit limits for all accounts and other personal data, e.g. We will request that you include your family size, phone number, etc. It is easy to imagine that each account must have its own identification indicator on the card. Dedicated circuitry or customer software for individual accounts The number of accounts that can be included in this type of card is extremely constrained by the need to It will be done.

Summary of the invention According to the invention, the porter is the same size as a standard plastic credit card. Pull data carrier or smart card into customer repertoire diary from records to personal medical and/or banking records. Used for various purposes. This card looks like a traditional credit card. However, computers use electrically erasable read-only memory (EE). PROM) and card read/write installed at related stations a circuit for receiving a combination of power and timing signals from a monitoring device; These circuit elements and circuits also provide read/write connections between the card and the associated station. Send data via a writing device.

Customer's personal information resides in multiple files in the EEPROM on the card . Appropriate application software residing in the station When given a password, the card can be used to search and modify these files. the individual designated level of interaction between the card and the associated station; secured by requiring a separate password to gain access to It will be done. Security is an optional password when accessing specified files on the card. further strengthened by requiring users to identify themselves by password. Ru. In addition, unauthorized login attempts are limited to a predetermined number of attempts, and if this is exceeded, The card is locked and no further cards and stations at that login level are allowed. Interaction between components is prevented.

Each of the multiple files has its own credentials (file security) on the card. Therefore, multiple applications can run without conflicts or confusion in these files. tion or separate account exists. User can store 10 pieces, all on the same card. A separate credit or debit account that exceeds.

To access the electronic checkbook and even the user's apartment or home security passes can be recorded. The maximum number of files allowed on a card is limited only by the amount of memory available on the board.

The card is accessed through a set of operating system instruction primitives. Runs a managed operating system that is These instruction primitives The card file system is maintained in accordance with the regulations imposed to ensure the security of the card. Manipulate the stem. The use of a management operating system allows an intruder to Prevent access to the database within the card. In addition to this, especially confidential For sensitive applications, encrypt the data as it is fed to the card. can be done.

The file system on the card consists of two areas: the administrative part, the heading and application files are segmented into data parts.

This highly secure heading displays card numbers, passwords for different login levels. password, number of consecutive unsuccessful login attempts for each level, and Contains information such as the size of memory used for storage within the card 0 Normal users cannot access the heading section directly.

The card's data segment is divided into fixed records. Individual with data Records are specified in specific files. Identification of a specific file is that file This is done by the first byte of each record specified by the identification number.

If the file is scanned by the card operating system, the file The first record located with the file identification number is the first record in the file. file and the last located record with that file identification number is the is the last record in the file.

The card operating system assigns these records to a particular file. Read when it is encountered within a file, receive and translate data from a file. Station application software is accessed by the application being accessed. View only the sequence of bytes associated with the application. Therefore, for specific applications the user for information about other applications on the card or for files inside the card. No information about the file structure will be leaked.

The invention and its mode of operation may be further understood by reading the following detailed description together with the accompanying drawings. This becomes even clearer.

Brief description of the drawing Figure 1 shows the main functional elements of the Portable Data Carrier System and their is a functional block diagram showing interconnections; Figure 2 shows access to the portable data carrier used within the system shown in Figure 1. is a table showing six possible security levels; Figure 3 shows two areas for data contained within the portable data carrier. , that is, a file system segmented into a heading area and a data area. indicates; Figure 4 shows data in the segment area of the Portable Data Carrier System. shows three sections of individual files located in; Figure 5 shows a communication system that uses optional file-by-file passwords and additional-only functions. Normal Security Class Level (Nor++alSecurity C1ass Lev elg); Figure 6 shows the hierarchical structure of the operator on the portable data carrier. A table representing the instruction primitives used to communicate with the programming system. Bull; Figure 7 helps prevent unauthorized access to portable data carriers. is a flowchart illustrating the login sequence; Figure 8 is designed to work with the protocol used in this system. Shows the software hierarchy of the portable data carrier system; Figure 9 shows the communication between the main subsystems of the portable carrier system. indicates a message format suitable for sending; Figure 10 shows the application station operating in half-duplex protocol. is a flow diagram illustrating a link layer decision-making process to; and Figure 11 shows both halves of the read/write device and the portable data carrier. A flowchart illustrating the link layer decision-making process for operation in heavy protocols. be.

Like elements are designated with like numbers throughout the drawings.

■Blue hair belly view Figure 1 shows a portable data carrier. rier, PDC) Three subsystems to make the system easier to understand It is divided into two parts. The first subsystem is the data carrier or card 1 It is 0.

This includes a second memory that has the ability to store and update information for the user. The subsystem is a card reading/writing device! 15, which moves the card to the third support. station 18, which is a bus system. This last subsystem is This is a properly configured application station, which stores the notes in the card. A computer running the application software required to access the consists of a computer or dedicated workstation. Application software The software resides within this station and stores information stored in the memory of the card 10. Perform searches and corrections.

Card 10 is accessed via a set of operating system instruction primitives. Run the monitored operating system that will be accessed. These instruction primitives The library operates the file system on the card in accordance with the rules required for card security. make

The main elements located within the card 10 include a microcomputer 110, an electrical Programmable memory (electrical erasable) programmable read-only+ma++5ory EEP ROM) 11E5. Analog interface circuit 130, transformer 12 0 secondary winding 121, and capacitive plates 125-128.

The microcomputer 110 has a central processing unit and random access memory. its internal read-only memory, including memory units in the form of memory and read-only memory; It operates under the control of firmware provided by memory and is The computer 110 is directly connected to the EEPROM 115 and is also connected to the read/write device 1. 5 to the station 18. E　E　 The entire FROM or a part of it can be integrated as part of a computer. , or it can be a separate element. The microcomputer 110 also An instruction prefix received from station 18 through read/write unit 15 Translate mitiv.

By using the EEPROMI 15 in the card 10, authorized users can The memory section of the card may contain some applications if necessary. Data is operational, with the ability to reprogram files with new and different data. Do not write to or read from EEPROM while power is being applied. It is possible to erase the data. When operating power is removed, the All modifications made to the data remain at 0, and card 10 is re-powered. It is possible to search each time it is found.

The analog interface circuit 130 reads/writes the memory card 10. Provides a means for interfacing to the device 15. This interface reads The operating power from the magnetic energy coupled from the card 1 to the write/write device [15] 0 and the read/write device 15 and the microcomputer in the card 10. performs a number of functions including combining data between data processors 110; operate card 10 The power for 0 through the inductive interface provided by the secondary winding 121. Ru. This transformer means that this secondary winding within card 10 is a read/write device. 15 into the primary winding 122. Station 18 is reading Provides a power source for operation of both the eject/write device 115 and the card 10. Ru.

The transformer 120 has a primary winding 122 and a secondary winding 4812 of the transformer. Ferrite core in read/write device to increase coupling between 12 3, and a second one within the transformer 120 to further improve the coupling efficiency. including a ferrite core 120 and associated with a secondary winding 121 within the card. You can also do it. In cases where power is plentiful and efficiency is not an issue, this One or both of the cores can be omitted.

The reception or future transmission of data to the card 10 is via an analog interface. is provided by a capacitive interface connected to the bus 130. This capacitive The interface is read by the electrodes or plates 125 to 128 on the card 10. /When fitted into the corresponding electrode or plate 155 in the writing device 15 Consists of four capacitors formed. Two of these capacitors are read/ The writing device 15 is used to transmit data to the card 1o, and the remaining two is used to transmit data from card 1o to read/write device W15. . Combination of inductive and capacitive interfaces is a read/write device 15 and the memory card 1°.

The organization of some elements within read/write device 15 is functionally similar to elements within card 10. It has a mirror relationship. These elements include, for example, an analog interface circuit 1 40 and a microcomputer 150. In addition to this.

Read/write device 15 includes power source 162 and input/output interface 160 A power source 162 includes a power source 162 for providing power to the card 10 and for reading/writing. The clock signal from the embedded device 15 is transferred to the card 10 through the transformer 120. used to join. In principle, the input/output interface 160 is Universal asynchronous receiver transmitter eiver transmitter.

UART) and is included in the microcomputer 150. This UART Communicate with application station 18. This application -tion 18 is office editing station, factory editing station, publisher editing stations, public telephone stations, or other suitably configured stations. It can be an option.

Security issues for PDC systems can be divided into two major areas. first area is an identification and authentication problem, in which the station (1) communicates with an authenticated card; and (2) communicate with the authenticated application file on the card. It's about ensuring both things.

The second area controls access to files on the card and access at the station. Restrictions on the execution of card instructions by applications. Here, the application A transaction is an account that accesses specific data in a specific file on the card. be.

Without proper authentication procedures, a person with the intention of defrauding the system could There is a risk of simulating rotocalls and obtaining information about the PDC system.

Ensuring that the station communicates with the authentication file on the authentication card is 1 Assign a unique number to each card and then scan this number or a subset of numbers. A hidden application that resides within your system. This is achieved by These numbers are manipulated algorithmically to create an authentication code. This is stored in the application file on the card at the time of generation. be done. This code is passed by the station during subsequent transactions. Compares with similar independently generated code.

Provides security for card file systems and card commands, and To ensure the flexibility to handle different types of applications, The card employs six different security levels. These security levels have two cards. type of resources, i.e. card file system and card instructions. . Access to these resources is determined by authorized login level, requested command, files to be accessed and any additional constraints imposed by the card owner is a function of

FIG. 2 shows these six login security levels. first four lower levels is a category of normal security class (Normal Security C1ass) and placed in a room for use in a public environment. The first within this hierarchical security level The lowest level is PUBLIC for general information.

Gain level medical information that does not require a password for access and public data included at this level, such as insurance numbers or library card information. This is an example. The card is initialized at power-up or reset at the station. When set, this becomes the PUBLIC login level.

The second level is the USER level, which requires user passwords for access. Requires Seward. Users can include balance accounts at this level.

The third level is the SUB15SURE (sub-issuer) level. this level also requires a password for access, which is typically the MASTER15S Applications authorized by UER (Upper Issuer) or card owner used in the

The fourth level of security is the level maintained by the MA, 5TERl5SUER. It is. Cards are formatted at this level and issued from here. child As an example of how these levels are used, banks can issue a card containing This bank authorizes retailers to use this card and The retailer creates its own credit or debit account on this card. do. In this example, the bank is the MASTERISSUER and the retailer The vendor is 5UBISSURES (subordinate issuer). Of course, the cardholder USER, in this example, each account is a separate file on the card. be handled by a person or program authorized to handle a particular file. Only RAM can access the file at the appropriate application station. can do.

Two upper security levels, DEVELOPER and 5UPERUSER (Super User) is an Extended Security Class (Super User). C1ass) category, but this category is usually classified as security class (C1ass) category. Nor+1alSecurity　C1ass) Provided for the level within the category allows the use of commands that are

The fifth level, the 5UPERUSER level, is the 5UPERUSER level. manufacture, test, and initialize the card to ensure its security and prevent unauthorized cards from being used. This is a manufacturing level that makes it impossible to use the code.

Finally, the sixth and highest level is the card developer level.　S　U Both P E RU S E R and DE-VELOPER security levels are later. The entire card file system, including the card system headings detailed in This is the level at which one has the ability to access the content.

Because there are multiple files on the card, each with unique entitlements, multiple apps applications can be stored separately in these separate files without conflict or confusion. It can exist. 10 or more separate credits or credits all on the same card to access debit accounts, electronic checkbooks, and user apartments. One can easily imagine a user with a security pass of Publishers and users , the card must be used to access files other than those permitted at a non-public level. The password requires the user to identify himself/herself, so the card is There is no need to worry about being used.

In Figure 3, there are two areas: the heading, which is the administrative part, and the application. Card file system segmented into data parts containing files is shown.

Security heading 35 is the password for the card number 1 individual login level, individual Number of unsuccessful password attempts for each level, login level blocked Lock bytes, size of fixed records in the database , and the memory size of the EEPROM 115 in kilobytes.

Direct access to heading sections is only possible at the two highest security levels. Ru.

Card data segment 30 is set by MASTERISSUER 0 individual usage records divided into fixed records of length n bytes 31, 32°33 are assigned to a specific file. Identification of a particular file This is done by the first byte of each record assigned to the file identification number. be exposed.

Cards do not have a file directory (Directory) and have the same file There are no pointers between records in different files, and the order of file data is the same. indicated by a linear order rather than by a continuum of records. It will be done.

The card's operating system changes the addresses in EEFROM from the lowest to the highest. Scan towards high address.

The first record located with a particular file identification number is The first record and the last record located with the file's identification number is the last record in the file. Card operating system The stem identifies records in a file as each individual record within a particular file is encountered. and read it out.

The maximum size and number of files allowed on the card is the EEFROM memory size. Limited only by Station application for reading files The software only sees a stream of bytes independent of the card's internal file structure. Ru.

Figure 4 shows the card file system data for each file in the segment area. The first record of 9 individual files shows the three sections of the file in more detail. A prefix section 41 located within the code contains a file identification number 42 and a protection byte. File identification numbers are numbers between 1 and hex FE, including 43.44 and 45. Ru. Hexadecimal number OO and hexadecimal number FF are unused records and E, respectively. Reserved to indicate the end of available memory in PROM.

Protection bytes 43 to 45 specify file permissions.

The first pie 1-43 represents read permission, and the maximum number that can read the file is Specify low level. The second byte 44 represents read/write permission for the file. Specifies the lowest level at which the file can be both read and written.

Therefore, read permission for a certain file can be changed to read/write permission for a certain file. It can be separated from the permission. read/write access for read access For example, you can specify different security levels for certain files. public access to public information by specifying read permission at the PUBLIC level. on the other hand, specifying write permission at USER level without user consent. can prevent writing to a file.

Figure 5 shows the normal security class that uses an optional password and additional dedicated functions. (Normal 5scurity C1ass) Level hierarchical structure is shown . To increase the flexibility of card usage, individual files on the card can be options within its protected bytes before access is allowed to a particular file. This includes the requirement that the user provide a password for the The operating system of the card must be used to gain access to the files. This requirement is in addition to the requirement that the level of security required by be. -As an example.

Has write/read permissions, including an optional write password for the user The file is created by (1) logging into the card at the user level, and (2) request to open a file in order to read it. However, this In order to write to the card, the user must (1) log in to the card at the user level; and (2) provide an optional password to access the file for “write.” You will be asked to open the file. This is more than the file permissions require. Does not apply to those logging in at a high level. Log in at this high level Users are required to use an optional password even if the specified security level requires it. can gain access to the file.

Normal security class (Norw+al 5 security C1ass) level floor The layer structure is such that MASTER15SUER is at that level and everything below that level. Can read and write files; SUB A similar structure that allows files to be read and written at all levels below , the cardholder can read all files at its level or at the public level. and can be written.

In applications where this is appropriate, set protection byte 45 in Figure 4. only allows users to add data to the file, and only allows users to add data to Realize an “append-only” mode that does not allow deletion. Can be done. This data is a record that reflects the appropriate application file. is generated and stored as soon as it is input. In other words, read a file /Can be specified as additional permission or as read/write permission.

The information section 46 of a file contains the actual information located within each record of the file. and also the number M in the last byte 48 of the last record N. The prefix section 47 contains the application data buffer in its last record. Indicates the number of items.

The management operating system on the card is generally understood as shown in Figure 6. Normal security class (Normal 5e) accessed by the C1ass) level. These instruction primitives controls secure access to the card, file generation and access; It also controls management and testing operations. 5UPERUSER or DEVEL Additional instruction primitives are available for the OPER login level.

The behavior of these instruction primitives can be explained through the explanation of the behavior of the “login” instruction. Wear. To log in to the card, the user must enter the login level and password. You are required to specify the code. This password is internally set by the card. algorithm for the corresponding password of the same login level in the card heading. checked rhythmically. than the card user is required by that file. If you are also trying to gain access to a file with a low login level denies permission to open the file for either reading or reading/writing. It will be rejected.

The password for each security level is entered into the card's header when the card is manufactured. kept inside. Password commands are locked. Users with a security level of level or lower, thus , this is a higher level of security if the password is lost or forgotten. This can be done by logging into the password and using the password command. For this reason , there is no need to recover lost passwords.

The number of consecutive unsuccessful “login” attempts allowed at one security level is a predetermined number. limited to. If this number of times is exceeded, the security level of the card will be locked. or configured to erase all databases on the card. If configured to lock, any level higher than or equal to the locked level will unlock it. Can be locked. This allows you to maintain the card above the locked level. It becomes possible to leave it to the lowest level. The number of failures is the heading of EEPROM Enter the appropriate “password failure counter” (passtlIordfail) in the , ure counter)".

It is also possible to protect files requiring an optional password. Fa The file is stored in the same way as the card, if necessary within the file's protected bytes. Files can also be individually protected by setting a bit to erase them. can. Thus, try opening a file that requires an optional password. The viewer is only allowed a certain number of attempts, and if this is exceeded, the card will be removed. Erasure of the data in that locked file occurs.

Figure 7 shows the operating system on the card and the unauthorized access to the card. A partial flowchart for preventing log-ins is shown. Login instructions are accessed Each time a password fails, the password failure counter is updated to reflect the password failure. First, the password given is checked against the password in the card heading. is blocked.

If the correct password is given, the password counter is cleared. child The feature updates the failure counter to reflect the failure after an unsuccessful login attempt. password protection using a device that removes power from the card before it is accessed. Provides protection against strange challenges.

High-level software to aid in application software development. A. The library connects the station to the read/write device and the station to the card. generated to support all interactions between the As a result, the application Programmers do not have to deal with the tedious details of the card internals or communication protocols. Programmer's code directly interfaces with the library and the library interfaces with the card.

The library consists of four sections: card instructions as shown in Figure 6; Card library section to provide direct mapping, read/write read/write library to provide direct mapping of write instructions instruction library containing instructions, cards and/or read/write instructions. divided into control sections containing common control functions located on the station be done. These functions detail the initialization, termination, and control of boats and logical devices. include. Therefore, this library acts as a software interface, to devices and files that are very similar to typical computer protocols. provide a method of access, reducing the burden on application programmers.

The card operating system allocates records, releases records, and a function to organize unnecessary parts. When information is removed from the file, the card returns the freed records to the pool of available records and cleans up the unused records. Arrange usage records in linear order by performing . Organizing this unnecessary part , all unused records on the card are collected at the end of the card memory. It will be done. If necessary, allocating additional records is done until the last record in the file is written. Automatically executed when the code is crossed. Always record available at the edge of the card by keeping new records to the file always at the front of the file. are allocated past the edge, which causes the linear ordering of records in individual files to be Retained.

Information regarding the allocation and release of record 1- is provided by the application at the station. application is not provided with the implementation, the application simply Security is improved because only a series of data is viewed. Also, the primitive format Direct access to application files is also classified as normal security class (Norma). l　5security　C1ass) Provides access to instructions found within the level. Access to all cards, which is not allowed for users with Extended Security Class (Extended Security Class) nded 5 security C1ass) Access to instructions found within the level This ensures confidentiality during card manufacturing and testing. is retained.

Figure 8 shows the software arranged for operation within the communication protocol of the PDC system. The software hierarchy is shown.

Application layer 181 within station 18 interfaces with card 10 and interface with the user at terminal 187 through terminal interface 182. interface and optional data through database interface 184. interface with the database. To simplify access to card 10 , the application layer 180 interfaces with the library layer 185 described above. do. On the other hand, the library layer is the actual link between the read/write device [115 and the card 10]. It interfaces with a link layer 186 that handles transactions.

Station 18 is connected to read/write device 15 through a serial port. , which communicates directly with the card 1o as well as the read/write device 15. on the card All directed messages are therefore passed transparently through the read/write device 15. is sent to card 10. The destination address is the preamble of the message. The message format suitable for use in the present invention is shown in Figure 9. , which will be explained in detail later.

The read/write device 15 and the card 1o are both connected to the data link layer 186. The same half-duplex communication protocol is used to communicate with the stations. Card 1o is complete is completely passive and does not lead transactions to or from station 18. The read/write device 115 is not capable of providing serial baud between these stations. The point where an “attention” signal can be sent through the carrier detection lead in the It differs from card 10 only in . Station 8 displays the current target being processed at the time. Respond to this "attention" signal after the transaction is complete. Stacie The section then interrogates the read/write device 15 to determine the reason for the 'attention' signal. decide. An example of a situation in which the read/write device 15 sends this attention signal is Then, the card 10 is inserted into a receiving slot (not shown) on the read/write device 15. This signal is sent when inserted and in a position to communicate with station 18.

A second example is when the card 10 is removed from the slot in the read/write device 15. This signal is sent when the

The read/write has two layers: a link layer 151 and a command layer 152. Link layer 151 is a transparent medium between station 18 and card 10; A link layer 151 within the read/write device 115 conveys commands or responses between , providing buffering and baud rate conversion, if necessary. Card 10 and reading/ The transmission rate during write device w15 is maintained at 19200 baud. station 1 8 and the read/write device w15 is the baud rate between the read/write device 15 and the card If the baud rate is less than 1o, the read/write device 15 performs the baud rate conversion. to allow messages to be sent as a series of blocks of data. to oppose The second layer within the read/write device is the command layer. This layer is read/ in the writing device and specifically addressing the reading/writing device from station 18. respond to commands given.

Data within the protocol is sent serially, character by character, over the communication link.

One of the zero characters where the character is framed with one start bit and one stop bit A block of consecutive messages can be sent at any time within the constraints of the half-duplex protocol. Ru. Station 18 and read/write device 15 or card 10 are connected to a predetermined media. Information is exchanged using Tsusage packets. Where in the packet is the data stored? Control information and messages regarding data initiation and termination; check data integrity; Contains information to check.

FIG. 9 shows a message format suitable for use in the present invention in more detail in conjunction with FIG. -mat is shown. Here, station 18 is a read/write device [15 Otherwise, address card 10. Message format is read/write device Preamble 91 and Message for Addressing 15 or Card 10 frame start control sequence 92 (DLESTX) to mark the start of the include. The next column in the message format is link status 93, which is Whether the message was acknowledged (ACK) or negatively acknowledged (NAK). information indicating whether an error occurred during transmission, and information indicating whether the current Contains the message number (tag).

Each message is assigned a number. The message format is A modulus-8 scheme (mod ulus 85c11e+*e) is used.

The next field after the command is data field 94, which contains the data transmitted and the messages that follow. Frame end control sequence 95 (DLE ETX ), and finally a 2-byte checksum 96 containing J, G, Fletcher (J, IEEE Transactions on Communique by G., Fletcher) (IEEE Transactj, Onson Communicati ons)+Vol, Com-30, January 1982, pages 247-25 2 [Arithmetic Checksum for Serial Transmission (An Ar1th+ wetic Checsusfor 5erial Trans+5issio ns)] using the algorithm described in .

Read/write device! ! 15 or card 10 and returned to station 18 Message packet responses are message packets generated by a station. Same as Kerato. The message format shown in Figure 9 is therefore: Applies to communication between all subsystems.

The preamble of the message sent from station 18 consists of 8 bytes. . A message must contain at least three of these consecutive preamble characters to communicate with it. corrected by station 18 when detected by the testing subsystem. shall be deemed to have been received promptly.

In order to realize communication with the read/write device 15 or the card 10, a step is required. tion 18 sends a “link reset” message. A 0 communication occurs when the station receives a NAK or before a response is received. fails when a predetermined amount of time has elapsed.

Once communication with the read/write device 15 is established, the read/write device indicates that card 10 has been inserted into station 18 or has already been inserted. Notify that When the card 10 is inserted, the read/write device [i! 15 is Send an "attention" signal to station 18. The card in which the station is inserted If the card is, for example, a smart card rather than a card with only a magnetic stripe. If the station determines that the card is Link Reset Send message. Once initialized, the card is A request is received for instructions from the application layer 181 within the application layer 181. This is processed by the command layer 101 in the card 10, and the response is sent to the station. Returned to 18. During this time, card 1o waits for the next command, station 18 , and which message should be sent, i.e. the link You can arbitrarily choose whether to send a reset message or a command.

FIG. 10 is a flow diagram illustrating the link layer decision-making process for station 18. Figure 1. Read/write device 15 or card during normal transaction. In communicating with host 10, station 18 sends messages and sets timers. First, the station receives a response from the subsystem with which it is trying to communicate. Either the answer is received or the predetermined time expires. A link in a message response to a station. If the link status byte contains an ACK, this indicates that the transaction was successful. Indicates completion.

The tag value is incremented to modulus 8. This response is then sent to the application within station 18. application layer 181.

If a negative response, or NAK, is received, at least two more link retries are required. The line is executed and the tag value is left unchanged. station does not request retransmission; Send final command. An acknowledgment, or ACK, is not received after three attempts. If not, link level error recovery is initiated.

FIG. 11 shows the link layer structure for both read/write device 115 and card 10. 1 is a flowchart illustrating the decision-making process. See both Figures 8 and 10. As can be understood by the station during normal transactions In this communication, the read/write device 15 or card 10 is The current request is a new transaction or examines the tag to determine whether it is a retransmission request for a previous transaction. Bell. If the current tag value differs from the previous transaction's tag value, the entry Messages are treated as new transactions. The current tag value is the previous tag If equal to the value, it indicates that a retransmission is requested by station 18. vinegar.

The read/write device 15 or card 1o always reads the last valid command it processed. Respond with the tag associated with the command.

Therefore, if the current transmission fails, i.e. in the case of a "bad message", the link The network layer responds with a negative acknowledgment (NAK) and a final valid tag. 'Zero' command is read Write/write device 15 or card 1o that order tag to the tag it receives. Command to reset. At reset, read/write device 15 or card The code is 1o.

To ensure that incoming messages are treated as new messages, set to an invalid value.

Termination of the session with the card IO is carried out by the station 18 at the read/write device 1. 5 to turn off the power to card 1o, or the user This is done by taking out the . In the latter case, the read/write device 15 Automatically stops supplying power to empty card slots and returns power to station 18. Send an “attention” signal. The station then reads/writes 11 Sends a “status request” command to 5. In response, the read/write device 15 The link layer reports to the station 18 that card 1° has been removed, and the link layer Reports a communication error to the application layer after three failed attempts to communicate with the application layer. this only the application layer can declare that the read/write device is not operational. It is necessary for this reason.

FIG.6 FICi, 7 international search report ,,,,+,,,,,,+,,,,,,,,,,+,, PCT/US 8710 0913ANNEX To’LHE INTERNATIONAL 5EAR CHREPORT ON

Claims (14)

[Claims] 1. In a multi-purpose portable data carrier (10), the data carrier can It includes a plurality of files (31-33) for storing variable data. Each of the files has an associated station (1) to access the desired variable data. 8) can be selectively addressed from Access to a file causes a transaction within that particular file. Multi-purpose portable data that can only be accessed by authorized users. Takyariya. 2. A multi-purpose portable data carrier according to claim 1, wherein the port access to a portable data carrier is transcribed within the portable data carrier. The first password specified for the user authorized to perform the suction A multipurpose portable data carrier characterized in that it is controlled by: 3. A multi-purpose portable data carrier according to claim 2, in which the desired access to each specific file for each transaction the second specified by the user authorized to conduct transactions within the file. Versatile portable data carrier characterized by password control Ya. 4. A multi-purpose portable data carrier according to claim 3, in which the port The individual files in the portable data carrier are subject to the access granted to the user. multi-purpose, characterized in that it includes file permission information (41) for defining the file type. Portable data carrier. 5. A multi-purpose portable data carrier according to claim 4, in which the port The file permission information in the data carrier is read permission, write permission, and The first file (43) contains add permissions and has read permissions when the user A second file (44) that only allows the user to read the data and has write permissions. allows the user to read data in it and write data in it. , and a third file (45) with read and add permissions that the user can Characterized by only allowing data to be read and data to be added to it A versatile portable data carrier. 6. A multi-purpose portable data carrier according to claim 5, further comprising: consists of a minimum security level, a maximum security level, and multiple security levels in between. It includes multiple security levels arranged hierarchically, and access to each security level is access to users authorized to access data at that security level. A multipurpose port characterized in that it is controlled by a corresponding password specified by data carrier. 7. A multi-purpose portable data carrier according to claim 6, in which the file File permission information can be specified according to security levels, with the first highest security level being Reading data in the second file (44) and writing data to it and a second lower security level reads the data in the second file. A multi-purpose portable data carrier characterized by only allowing the following: 8. A multi-purpose portable data carrier according to claim 6, in which the file File permission information can be specified according to security levels, with the first highest security level being Read the data in the second file and write the cheetah to it. and a second lower security level allows reading data in the second file. A multipurpose portab characterized by only allowing data to be added to it. data carrier. 9. A multi-purpose portable data carrier according to claim 2, further comprising: by multiple related stations to access the desired variable data Contains selectively addressable files, allowing access to individual specific files is controlled by the configuration of the individual associated stations. portable data carrier. 10. A multi-purpose portable data carrier according to claim 9, wherein Access to the particular file for the desired transaction is A specified password is sent to a station that is authorized to conduct transactions within the Multipurpose portable data carrier characterized by being controlled by a password . 11. A multi-purpose portable data carrier according to claim 10, comprising: Access to the portable data carrier is triggered within the portable data carrier. The password specified for the user authorized to perform the transaction A multi-purpose portable cheetah carrier that is controlled by 12. A multipurpose portable data carrier according to claim 11, comprising: The individual files in the portable data carrier are located at the associated station. File permission information to define the type of access allowed by users of A multi-purpose portable data carrier comprising: 13. A multi-purpose portable data carrier according to claim 12, comprising: The file permission information in the portable data carrier includes read permission, write permission, and The first file with read permission, including add permission and Allows the user at the section only to read the data in it, and disables write permission. The second file with There is a third file that allows the user to write data and has read and add permissions. The user can only read data in it and add data to it. A multi-purpose portable data carrier featuring forgiving. 14. In the multi-purpose portable cheetah carrier according to claim 13, Additionally, a minimum security level, a maximum security level, and multiple other security levels therebetween. It includes multiple security levels arranged hierarchically such that each security level access to the data by users authorized to access the data at that security level. controlled by a corresponding password specified only by the user. Multi-purpose portable data carrier.