WO2001048688A1 - Method and system for secure contactless card applications - Google Patents

Method and system for secure contactless card applications Download PDF

Info

Publication number
WO2001048688A1
WO2001048688A1 PCT/AU2000/001577 AU0001577W WO0148688A1 WO 2001048688 A1 WO2001048688 A1 WO 2001048688A1 AU 0001577 W AU0001577 W AU 0001577W WO 0148688 A1 WO0148688 A1 WO 0148688A1
Authority
WO
Grant status
Application
Patent type
Prior art keywords
reader
card
application
key
ic card
Prior art date
Application number
PCT/AU2000/001577
Other languages
French (fr)
Inventor
Istvan Erdos
Paul Gor
Walter Fath
Original Assignee
Vfj Technology Pty Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/355Personalisation of cards for use
    • G06Q20/3552Downloading or loading of personalisation data
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/357Cards having a plurality of specified features
    • G06Q20/3576Multiple memory zones on card
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Card specific authentication in transaction processing
    • G06Q20/4093Monitoring of card authentication

Abstract

A method of providing a user with a user-programmable IC card (24) and an IC card reader (2) so as to enable said user to define at least one application for said IC card (24) and reader (2) in a system whereby said reader (2) is adapted to read information from said IC card (24) when said IC card (24) is in the vicinity of said reader (2), said method comprising the steps of storing a master key and at least one application key in a storage device; loading said master key in said reader (2); loading said at least one application key in said reader (2); loading said at least one application key in said reader (2); loading one or more access keys onto said IC card (24); duplicating said at least one application key onto said IC card (24) using said storage device; such that said card reader (2) operates on recognition of said one or more access keys. The IC card reader (2) having storage means (14) for storing transaction data, including data representative of monetary value; wherein said storage means (14) is removable from said IC card reader (2) to enable the transaction data to be securely downloaded externally.

Description

METHOD AND SYSTEM FOR SECURE CONTACTLESS CARD

APPLICATIONS Field of the Invention

This invention relates to a system and method for enabling secure contactless card applications and operations, and more specifically relates to a method and system for providing secure contactless card transactions and authorisation to gain for example entry to a gate or tollway and to provide for financial transactions involving contactless smart cards.

Background of the Invention

Presently there exists many contact and contactless IC cards, such as smart cards, and their corresponding readers that provide a very low level of card and reader interface. As such there are only limited commands available which require extensive integration work and understanding to make the reader convenient for use in any intended application. Typically existing readers and their corresponding IC cards are only programmed for a specific and individual application and are not able to be readily extended to other applications. For example where a reader device has been programmed to operate in an autobus or train fare environment, that reader is not readily adapted to be used for entry to a tollway or for booking theatre tickets for example as new software will have to be written and applied for the additional application. Thus the provision of further hardware components and new system software having to be developed on every occasion that a separate application arises, provides a very onerous task for operators and manufacturers alike.

The present invention seeks to overcome these disadvantages by developing software and hardware that can be adapted for any particular application. On the hardware side, any number of intelligent interfaces, modular components or customer designed chips may be selected for a particular application in a simple manner. Furthermore the software is designed to enable the user to input the one or more applications required for their purposes. Another problem associated with existing contact and contactless readers and their IC cards are the security features inherently built into them. Specifically security codes associated with the readers are stored externally as external software that must be protected by traps set up to stop any would be infringers from having access to the security codes. The external provision of these codes is open to attack and such traps do not always function properly and detect any such would be infringers. The present invention seeks to solve this particular problem by having the security codes to access the reader actually stored inside the reader itself.

Another problem associated with card readers is that although transactions are stored in a memory module, in order to further process that data, the reader must be removed to the site where the data is to be downloaded or an external module must be brought to the reader to download the data. The present invention, in one embodiment, provides a much easier method to securely remove the transactional data without having to remove the card reader or have the need to bring the external module to the reader itself.

Summary of the Invention

According to one aspect of the invention there is provided a method of providing a user with a user-programmable IC card and an IC card reader so as to enable said user to define at least one application for said card and reader in a system whereby said card reader is adapted to read information from said smart card when said smart card is in the vicinity of said reader, said method comprising the steps of: storing a master key and at least one application key in a storage device; loading said master key in said reader; loading said at least one application key in said reader; loading one or more access keys onto said IC card; duplicating said at least one application key onto said IC card using said storage device; such that said card reader operates on recognition of said one or more access keys. The types of access keys may include one to enable a card with a read function and another to enable a card with a read and write function. The method may include the loading of said master key and said at least one application key by said user.

The master key and one or more application keys may be loaded into said reader using an approved algorithm. The IC card reader may be contactless. The method may include the step of generating, by said user, the master key and said at least one application key prior to loading these keys in said reader. The access keys may be generated as a result of the algorithm using said master key, application keys and a serial number of the IC card.

According to another aspect of the invention there is provided a system including an IC card reader and an IC card that is adapted to be read by said card reader when said IC card is within the vicinity of said card reader; wherein said card reader and said IC card are user programmable to enable the user to define at least one application for said card reader and said IC card; said card reader having storage means for loading and storing a master key and at least one application key; said system further including a storage device for storing said master key and said at least one application key prior to loading said master key and said at least one application key into said storage means of said card reader; wherein said storage device is used to duplicate said at least one application key onto the IC card; said IC card further having one or more access keys stored therein and generated by using said storage device so that in use the access key, one or more application keys and master key are used to provide secure communications between said IC card and said card reader. The master key and at least one application key may be loaded into said storage means of said card reader using an approved algorithm. The storage device may be a dongle attached to a processing means, such as a PC. The access keys may be generated as an output from the algorithm, which algorithm has input thereto the master key, one or more application keys and a serial number of the IC card. According to yet a further aspect of the invention there is provided a contactless card reader for use with one or more IC cards such that said reader is able to read information from said one or more IC cards when said one or more IC cards is within the vicinity of said card reader; said reader further having storage means for storing transaction data, including data representative of monetary value; wherein said storage means is removable from said card reader to enable the transaction data to be securely downloaded externally.

Thus, a user may program their own master key and application keys to enable a card reader to undertake certain functions and commands and by programming the IC cards used in the system with at least one access key, it provides a secure transaction facility for any particular application. Furthermore, by enabling the reader to have a removable memory module storing the transaction data, users may securely download this data to an external unit. According to yet another aspect of the present invention, there is provided a computer readable medium having a program recorded thereon, where the program is to instruct a system to execute a procedure for providing a user with a user- programmable IC card and an IC card reader so as to enable said user to define at least one application for said card and reader in a system whereby said card reader is adapted to read information from said smart card when said smart card is in the vicinity of said reader, said procedure comprising the steps of: storing a master key and at least one application key in a storage device; loading said master key in said reader; loading said at least one application key in said reader; loading one or more access keys onto said IC card; duplicating said at least one application key onto said IC card using said storage device; such that said card reader operates on recognition of said one or more access keys.

Brief description of the drawings A preferred embodiment of the invention will be hereinafter described, by way of example only, with reference to the accompanying drawings wherein;

Figure 1 is a block diagram showing the functional components of a contactless card reader used in accordance with the present invention; Figure 2 is a block diagram of the functional components of a validation unit, which, for example, may be fitted to any transit system;

Figure 3 is a functional diagram showing the various layers of hardware and software used in the reader of the present invention;

Figure 4 is a block diagram of the hierarchical structure of various keys used in the present invention;

Figure 5 is a system diagram showing the processes involved in programming software associated with the reader and various security keys involved.

Detailed description of the preferred embodiment

With reference to Figure 1 there is shown the components of a card reader 2 which is specifically a contactless card reader for reading IC cards such as smart cards. It includes a processing means 4 which essentially controls the whole card reader with interaction between other components of the reader via a local bus 6. The processing means 4 may be any standard microcontroller such as the Motorola MC68376 microcontroller which operates at a clock frequency of 18.432 MHz. The reset and power monitoring circuitry 8 manages the overall power consumption within the reader 2. The reader 2 has three memory modules including a first memory module 10 which ideally is a flash EEPROM having a storage capacity of 512 Kb which is used for system and application code and data storage. A second memory module means 12, which may be for example a 1Mb SRAM, which is used for system and application code and data work area and a third memory module means 14 which is ideally a removable flash and EEPROM having a storage capability of either 4Mb or 8Mb which is used for storage of all transactions in which for example the card reader 2 debits all smart cards that are read by the reader. It essentially provides a reliable and safe storage for all of the transactions. Each of the memory modules 10, 12 and 14 are linked to the bus 6 for bidirectional communication.

Also included is a real time clock 16 which is used to maintain the current date and time and is battery backed Y2K compliant. The indicator interface 18 is used to enable four indicators, namely red, yellow, green and a buzzer with on, off and blink control. The reader interface unit 20 together with the RF module and integrated antenna unit 22 enables communication between the reader 2 and a smart card 24. Specifically the RF module converts digital signals from the main board of the reader into analog signals that are fed to an antenna unit, which may be integrated with the unit 20, which communicates with the smart card 24. The synchronous serial interface unit 26 is used for optional peripheral extension for connection to for example a graphic display or keyboard and is a short distance TTL level unit. The link 27 between the unit 20 and smart card unit 24 is an opto isolated serial communication link which is software configurable as a 3-wire RS232 port with no modem control lines or configurable as a 4 wire RS485 port. It can operate up to a speed of 115,200 baud. The reader interface unit 20 and RF module 24 are particularly adapted to communicate with Philips MIFARE™ contactless cards. The card reader is particularly designed to read and write to smart cards within an operating range of up to 10cm. Furthermore a 32 bit long unique hardware serial number is stored in one of the memory modules for device identification purposes.

The hardware aspects of the card reader are specifically designed to allow for "piggy backing" of boards so that extra components of the hardware can be added or removed depending on what application the reader is designed for. For example peripherals such as display units, keyboards, connections to turnstiles may be added in addition to the basic components that are used for every manufactured card reader. The underlying connections between the components do not change but the architecture can be implemented in a number of different ways. Therefore anything that needs to operate quickly for a particular application is already existing on the board and further modules or components needed for a particular application can be added to these. Shown In Figure 2 is a reader arrangement 30 similar to Figure 1 but specifically configured for a transport system such as a bus validator unit which is installed on one of the buses in the transport system. The reset power monitoring circuit, flash EEPROM memory module, removable flash EEPROM memory module, processor means, real time clock unit, and the combined reader interface unit and RF module are the same set of components as used as in the contactless card reader 2 in Figure 1 and have the same reference numerals. Additional components of the reader arrangement system 30 include a custom designed field programmable gate array (FPGA) device 32 which has integrated hardware control logic to operate the device. A 2Mb dynamic random access memory (DRAM) module 34 is used for program code and data work area. An infrared data association (IrDA) dedicated channel is available through the compatible infrared interface port 36. A customer access network (CAN) interface 38 is connected to the bus 6 and to a further port 40 to provide a high speed link to a console unit and/or to other validators in a particular validation system. The port 40 is shown linked to a wireless LAN system 42 to enable this particular bus validator reader to communicate with a central system through the wireless LAN 42. For example this may be used for downloading additional data received and stored in the validation reader unit 30. There exists two serial communication links, the first of which can be software configured as a standard RS232 port with modem control lines, or as a standard 2 wire RS485 port. This link is indicated with reference numeral 49. The second link or channel is fixed as a 3 wire RS232 port which is intended for debugging and development only and has no external connector. There also exists two LED array units 44 and 46 for a red cross and green arrow indication having on, off and blink control. Also an audio module 48 with attachable speaker 50 is available to allow play back of pre-recorded sound sequences. This particular reader 30 also has a 160x80 dots graphic display 52 with an LED backlight and software controlled contrast. The reader 30 also has a 32 bit long unique hardware serial number for device identification purposes which is stored in one of the memory modules and allows for an operating range of up to 7cm to read cards 24. The above described reader arrangement 30 may be incorporated as part of a user or driver's console unit with the addition of a built-in keyboard, specifically designed for public transport applications, that allows the user to control the operation of all connected devices, for example networked card validator units. The readers above-described may be used in a variety of applications such as autobus automated fare collection, electronic purses to purchase goods and services, health card systems, customer loyalty programs, parking payment systems, toll payments and security and access control.

Regarding the software, each of the card readers 2 and 30 are supplied with software which runs on a real time operating system, known as RTEMS otherwise known as real time executive for military systems, which optimises all the necessary functions intended for the application that the reader is put to. Specifically the card reader 2 is supplied with application software wherein the device may be configured for slave mode operations where it is attached to a PC or other controlling devices or alternatively may be applied to stand alone applications.

Device driver interface libraries provide an environment for third party application developers whereby various users can program the device drivers to take on any particular applications they require. A reader application programming interface

(RAPI) is implemented in the reader unit 2 via the RS232 communications port which is initialised as 38,400 baud, 8 bit with no parity and one stop bit. The reader application is written using a custom built operating system such as proven industry standard known as RTEMS as previously mentioned. It is custom programmable using C language with a source level de-bugging support.

The RAPI encapsulates the low-level Reader Communication Protocol, the Reader Request Protocol and other customised functions, these are provided in the form of a Dynamic Link Library (Winl6 and Win32 DLLs) to simplify and accelerate development of PC-based smart card applications.

The card reader of the bus validation system 30 and the user's console unit is supplied with device test and demonstration software. The operating system based on RTEMS, the device driver modules, system procedures and the application programming interface (API) libraries are pre-programmed and the device is then ready for custom software development whereby users can pre-program the device drivers to enable different applications to be undertaken for the needs of each user or developer.

With reference to Figure 3 there is shown a system level diagram indicating the hardware and software architecture used by the card readers. The hardware architecture is generally indicated at 54 and the software architecture at 56. The hardware architecture 54 includes each of the various readers, such as the card readers 2 the bus validation reader 30 and the console unit card reader 31. This layer generally includes the main circuit board and the various modules that may be installed on to that circuit board where the modules may include for example the RF interface, the memory modules and/or any peripheral attachment devices such as printers and keyboards. The lowest level of the software architecture is the hardware dependent set up and initialisation and above that is layer 60 which relates to system start up and initialisation. The operating system based on the RTEMS is depicted at 62 and above that there are two portions in a further layer namely that for the Unix like file system interface 64 for all device drivers (API libraries) and the low level contactless card system driver 66. Above that layer are the device drivers and system processes 68 followed by communication protocols 70. The application programming interface, which includes the system software protection is layer 70 and then the top layer on this is the actual applications layer 74 which includes general purpose applications, third party applications, user specific applications and system services applications. Across all of these layers of the hardware and software architecture is the card and system security feature 76 which will be explained in greater detail hereinafter. The following description outlines the set up and initialisation process of the card readers for the users of the card readers including the installation of security keys by the user of the readers and corresponding smart cards.

There are generally two types of devices or readers, the first of which is a slave attachment where the reader needs to be connected to an intelligent device such as a PC or controller to drive it, such as a printer and secondly a stand alone device where all the programming is already built into the device and therefore it can operate on its own accord. The set-up and initialisation process for the standalone reader is the same as that for the slave reader, which is hereinafter explained.

The slave reader device is firstly attached to a PC or intelligent device through a secure memory storage device, such as a dongle, then switched on after which it will come up with a message "not initialised". The slave device then requests to be set up and master keys 80 are initially generated by the user together with communication authentication keys and application keys and are stored in the dongle storage device. Thus once the user programs the master key, no-one else can have access to the device other than the user, not even the manufacturer. The master keys are the keys to the whole system. The master keys are then loaded into the card reader using a utility, called "Master Key Load", on the PC, which utility is supplied with security management software. The utility takes the master key from the dongle storage device and loads it into the reader to be stored inside the RF antenna module 22, and more specifically inside a read only memory module located therein.

The reader device is then configured to perform certain functions or undertake various applications using base keys 82. The application (base) keys 82 are generally stored in a safe area such as on the dongle type device attached to the PC and then the dongle device is used to configure the smart cards with the base keys and to further provide access keys A, B at 86. Alternatively, the application keys may be stored on an IC card, such as a smart card, or on any other commercially available secure memory storage device that can be attached to a PC. The card serial number 83 (one for each card) is used in a function diversification algorithm 84. With reference to Figure 4, the master key 80, application (base) keys 82 (read/write keys) and the CSN 83 are used as data inputs to a function diversification algorithm, specifically a Message Authentication Checking (MAC) algorithm such as ISO-8731-2: 1992(E). The output from the algorithm 84 is the access key(2) 86 used to access the IC card.

The master key loading may be done in a secure room and the base key loadings need not necessarily take place in a secure room. Once the master key and base keys are stored on the dongle and loaded into the reader then the access smart cards can be programmed. The smallest block on the smart card is an application which in itself is a file. Dividing each card into application blocks is done to reduce time for calculation and it speeds up the operation of the commands between the smart card and the reader. The access card supports two types of access, that is read only and read and write. The (application) base keys and access keys are duplicated for read only and for read and write. For example key A is used to designate a read only status on the access card and key B is used to denote a read and write function on the access smart card.. The base keys are duplicated, one for key A and one for key B and at any one time only one of the keys A or B is stored on the smart card. The smart card is essentially like a floppy disk having a number of files or sectors wherein an access key is required to each sector or file. The card operating system is also included in the reader. The user, in creating the key cards, defines what application should be on the key card, for example whether it should be used for autobus read and write operations or ticketing read and write operations or booking applications for example. To break into the system a user would be required to know the base key, access keys and the card serial number or essentially to reverse engineer a card in the system the forfeiter would need to know the master key, base keys and card serial number in order to obtain the access keys. The base keys, when loaded in the reader, are loaded into a memory module and can take up to six bytes in one particular row of the memory. A number of bytes are used to indicate the type of application in the same row and a number of other bytes in that same row are free to store other applications. Each of the master keys and base keys are generated using a bank approved algorithm, such as the MAC algorithm previously mentioned, such that the data specification is based on the bank approved algorithm. The two types of information stored on the access card are an information block type or a purse type. The information block type is essentially a read only type where, for example if entry is needed to go past a gate all that is required from the reader is to read the card and deduct a certain amount of monetary value from the card to be stored in the removable memory module 14. This stops any replenishing or addition of cash values to the card by any would-be thieves. Thus this particular card and reader would be configured to only provide key A. The other type of information stored on the smart card is a "purse-type" where there may be situations where key B, which is a read and write type, is required for example in a booking office application wherein monetary value can be written to the particular card. This is solely up to the user how they want to define their applications using keys A and B.

Once the access keys are loaded, the smart card is ready for use and has to conform to the applications provided through keys A or key B and in accordance with the base keys. A security check is made by each reader when a card comes into contact with the reader to check the number of required keys including the master key and the base keys and has to identify the access keys for each file or sector stored on the card. Thus there is no need to personalise the software. If the reader gets an instruction to read file A for example, but there is no key for this, it will simply return to the user and say "cannot read this". Therefore access to have a particular transaction undertaken will be denied. Thus the required keys are needed to read the files and there is no need to configure the readers or servers attached thereto as these are already built in commands. The readers will not know initially what files to read, this has to come externally or from the information that is read from the card.

With reference to Figure 5 there is shown the various steps that a user would undertake to program the master keys and base keys and format each of the smart cards with access keys. Firstly at step 120 the slave reader device is connected to a PC device or similar intelligent device which then requests set-up to be performed. Next, at step 122 the master keys are stored on the secure storage device (dongle) and subsequently loaded into the reader and are stored in a memory module inside the RF antenna module 22. This is generally performed by the user of the reader and IC cards used with the reader. The reader device is then configured to perform certain applications using base keys which base keys are stored on the dongle and subsequently loaded into the reader for storage at step 124. Each of the master keys and base keys are loaded by the user using a bank approved algorithm. Now the process turns to replicating or duplicating smart keys using the dongle type device. All keys used by the smart card securing system are managed by security manager software which is programmed by the applicant under the name SmartSMan™. The customer or end user enters, on a key generation unit, two sets of four character codes to begin the key generator process. The key generation unit then generates two sets of keys, called test and production key sets, for example, where both key sets are different in value but identical in function.

Each key set comprises a master key, communication authentication key and one read and one read/write application (base) key for each application file. The application files are defined prior to operating the SmartSMan™ software. The generated keys are then stored on the dongle device (or crypto-box), as previously mentioned, with each key being stored in the dongle' s secure memory area in predefined locations as fixed size binary values. The SmartSMan™ software has "knowledge" of these locations and can determine where each key is located. In addition, the application keys are stored in reference with the application file code.

As mentioned previously the smart card to be used in various applications are divided into blocks of applications which in themselves are files and access keys are developed for each file. Depending on the application that the readers and smart cards are to be used in, a decision is made at step 126 as to what type of access key is required. In other words one key may be used to denote a read only status and a further key may be used to denote a read and write function on the smart card. Once that decision has been made the base keys are duplicated one for each access key that is used, at step 128, and then at step 130 the access key is loaded into each sector or each file on the smart card device. The smart card is now ready for use and has therein stored , the base keys and one access key, either being key A or key B.

A typical application is where an owner of smart card needs to gain entry to a tollway. The driver will become within range of a reader which will look for an access key that is read only on the owner's smart card and check the one or more base keys that have been programmed to allow entry to the tollway. Only when all of these are valid will the driver be able to gain access to the tollway. The amount applicable for that stretch of the tollway is then deducted from the user's smart card and stored as a transaction in the memory module 14 of the reader.

If in the situation, the reader device was stolen, they will not be able to add any money to a particular card as this would require a write function which is not enabled on the reader. To increase the value of a ticket or the value on the smart card the thief would need to go to a central office which has a particular write function. Thus, this acts as a deterrent to such theft as it is difficult to obtain any value from the reader itself.

Another application is where the reader may be configured to have a key B for reading and writing to smart cards, for example in a banking system. Various banks may have readers located at particular locations and a user may replenish or update their monetary value on their cards by putting their smart card within range of the reader and perhaps using the appropriate keypad entry, enter their PIN numbers, if necessary, together with the amount they want updated or replenished on the smart card.

It will also be appreciated that various modifications and alterations may be made to the preferred embodiments above, without departing from the scope and spirit of the present invention.

Claims

Claims
1. A method of providing a user with a user-programmable IC card and an IC card reader so as to enable said user to define at least one application for said card and reader in a system whereby said card reader is adapted to read information from said smart card when said smart card is in the vicinity of said reader, said method comprising the steps of: storing a master key and at least one application key in a storage device; loading said master key in said reader; loading said at least one application key in said reader; loading one or more access keys onto said IC card; duplicating said at least one application key onto said IC card using said storage device; such that said card reader operates on recognition of said one or more access keys.
2. A method as claimed in claim 1, wherein the types of access keys include one to enable a card with a read function and another to enable a card with a read and write function.
3. A method as claimed in claims 1 or 2, wherein the method includes the loading of said master key and said at least one application key by said user.
4. A method as claimed in claim 3, wherein the master key and one or more application keys are loaded into said reader using an approved algorithm.
5. A method as claimed in any one of the preceding claims, wherein the IC card reader is contactless.
6. A method as claimed in any one of the preceding claims, wherein the method includes the step of generating, by said user, the master key and said at least one application key prior to loading these keys in said reader.
7. A method as claimed in any one of the preceding claims, wherein the access keys is generated as a result of the algorithm using said master key, application keys and a serial number of the IC card.
8. A system including an IC card reader and an IC card that is adapted to be read by said card reader when said IC card is within the vicinity of said card reader; wherein said card reader and said IC card are user programmable to enable the user to define at least one application for said card reader and said IC card; said card reader having storage means for loading and storing a master key and at least one application key; said system further including a storage device for storing said master key and said at least one application key prior to loading said master key and said at least one application key into said storage means of said card reader; wherein said storage device is used to duplicate said at least one application key onto the IC card; said IC card further having one or more access keys stored therein and generated by using said storage device so that in use the access key, one or more application keys and master key are used to provide secure communications between said IC card and said card reader.
9. A system as claimed in claim 8, wherein the master key and at least one application key are loaded into said storage means of said card reader using an approved algorithm.
10. A system as claimed in claims 8 or 9, wherein the storage device is a dongle attached to a processing means, such as a PC.
11. A system as claimed in any one of claims 8 to 10, wherein the access keys is generated as an output from the algorithm, which algorithm has input thereto the master key, one or more application keys and a serial number of the IC card.
12. A contactless card reader for use with one or more IC cards such that said reader is able to read information from said one or more IC cards when said one or more IC cards is within the vicinity of said card reader; said reader further having storage means for storing transaction data, including data representative of monetary value; wherein said storage means is removable from said card reader to enable the transaction data to be securely downloaded externally.
13. A computer readable medium having a program recorded thereon, where the program is to instruct a system to execute a procedure for providing a user with a user-programmable IC card and an IC card reader so as to enable said user to define at least one application for said card and reader in a system whereby said card reader is adapted to read information from said smart card when said smart card is in the vicinity of said reader, said procedure comprising the steps of: storing a master key and at least one application key in a storage device; loading said master key in said reader; loading said at least one application key in said reader; loading one or more access keys onto said IC card; duplicating said at least one application key onto said IC card using said storage device; such that said card reader operates on recognition of said one or more access keys.
PCT/AU2000/001577 1999-12-24 2000-12-21 Method and system for secure contactless card applications WO2001048688A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
AUPQ4873 1999-12-24
AUPQ487399A0 AUPQ487399A0 (en) 1999-12-24 1999-12-24 Method and system for secure contactless card applications

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
AU2330601A AU2330601A (en) 1999-12-24 2000-12-21 Method and system for secure contactless card applications

Publications (1)

Publication Number Publication Date
WO2001048688A1 true true WO2001048688A1 (en) 2001-07-05

Family

ID=3819012

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2000/001577 WO2001048688A1 (en) 1999-12-24 2000-12-21 Method and system for secure contactless card applications

Country Status (1)

Country Link
WO (1) WO2001048688A1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1630639A1 (en) * 2004-08-26 2006-03-01 Fujitsu Limited Wireless tags
WO2006087482A1 (en) * 2005-02-18 2006-08-24 Tv-Card Data medium and method for assisting in the development of software applications for a chip card of a digital television signal decoder
WO2009036191A2 (en) * 2007-09-12 2009-03-19 Devicefidelity, Inc. Wirelessly executing transactions with different enterprises
US8070057B2 (en) 2007-09-12 2011-12-06 Devicefidelity, Inc. Switching between internal and external antennas
CN103942892A (en) * 2014-01-23 2014-07-23 东方通信股份有限公司 EPP keyboard good in safety
US8915447B2 (en) 2007-09-12 2014-12-23 Devicefidelity, Inc. Amplifying radio frequency signals
US9304555B2 (en) 2007-09-12 2016-04-05 Devicefidelity, Inc. Magnetically coupling radio frequency antennas
US9311766B2 (en) 2007-09-12 2016-04-12 Devicefidelity, Inc. Wireless communicating radio frequency signals

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5506393A (en) * 1993-09-07 1996-04-09 Ziarno; Witold A. Donation kettle accepting credit card, debit card, and cash donations, and donation kettle network
EP0798673A1 (en) * 1996-03-29 1997-10-01 Koninklijke PTT Nederland N.V. Method of securely loading commands in a smart card
US5679945A (en) * 1995-03-31 1997-10-21 Cybermark, L.L.C. Intelligent card reader having emulation features
JPH1031626A (en) * 1996-07-17 1998-02-03 Nippon Telegr & Teleph Corp <Ntt> Ic card system
WO1999046682A1 (en) * 1998-03-10 1999-09-16 Robyn Alice Lindley Mobile intelligent memory (mim) unit with removable security key

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5506393A (en) * 1993-09-07 1996-04-09 Ziarno; Witold A. Donation kettle accepting credit card, debit card, and cash donations, and donation kettle network
US5679945A (en) * 1995-03-31 1997-10-21 Cybermark, L.L.C. Intelligent card reader having emulation features
EP0798673A1 (en) * 1996-03-29 1997-10-01 Koninklijke PTT Nederland N.V. Method of securely loading commands in a smart card
JPH1031626A (en) * 1996-07-17 1998-02-03 Nippon Telegr & Teleph Corp <Ntt> Ic card system
WO1999046682A1 (en) * 1998-03-10 1999-09-16 Robyn Alice Lindley Mobile intelligent memory (mim) unit with removable security key

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
DATABASE WPI Derwent World Patents Index; Class T01, AN 1998-165111/15 *

Cited By (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1630639A1 (en) * 2004-08-26 2006-03-01 Fujitsu Limited Wireless tags
WO2006087482A1 (en) * 2005-02-18 2006-08-24 Tv-Card Data medium and method for assisting in the development of software applications for a chip card of a digital television signal decoder
FR2882452A1 (en) * 2005-02-18 2006-08-25 Tv Card Soc Par Actions Simpli Support data and aid the process of developing software applications for a chip card of digital decoder of television signals
US8430325B2 (en) 2007-09-12 2013-04-30 Devicefidelity, Inc. Executing transactions secured user credentials
WO2009036264A1 (en) * 2007-09-12 2009-03-19 Devicefidelity, Inc. Wirelessly executing financial transactions
WO2009036141A1 (en) * 2007-09-12 2009-03-19 Devicefidelity, Inc Interfacing transaction cards with host devices
WO2009036191A3 (en) * 2007-09-12 2010-03-11 Devicefidelity, Inc. Wirelessly executing transactions with different enterprises
US7941197B2 (en) 2007-09-12 2011-05-10 Devicefidelity, Inc. Updating mobile devices with additional elements
US7942337B2 (en) 2007-09-12 2011-05-17 Devicefidelity, Inc. Wirelessly executing transactions with different enterprises
US8070057B2 (en) 2007-09-12 2011-12-06 Devicefidelity, Inc. Switching between internal and external antennas
US8109444B2 (en) 2007-09-12 2012-02-07 Devicefidelity, Inc. Selectively switching antennas of transaction cards
US8190221B2 (en) 2007-09-12 2012-05-29 Devicefidelity, Inc. Wirelessly accessing broadband services using intelligent covers
US8341083B1 (en) 2007-09-12 2012-12-25 Devicefidelity, Inc. Wirelessly executing financial transactions
CN101809633B (en) 2007-09-12 2013-03-20 设备保真度股份有限公司 Wirelessly executing transactions with different enterprises
WO2009036191A2 (en) * 2007-09-12 2009-03-19 Devicefidelity, Inc. Wirelessly executing transactions with different enterprises
US8776189B2 (en) 2007-09-12 2014-07-08 Devicefidelity, Inc. Wirelessly accessing broadband services using intelligent cards
US9384480B2 (en) * 2007-09-12 2016-07-05 Devicefidelity, Inc. Wirelessly executing financial transactions
US8915447B2 (en) 2007-09-12 2014-12-23 Devicefidelity, Inc. Amplifying radio frequency signals
US8925827B2 (en) 2007-09-12 2015-01-06 Devicefidelity, Inc. Amplifying radio frequency signals
US9016589B2 (en) 2007-09-12 2015-04-28 Devicefidelity, Inc. Selectively switching antennas of transaction cards
US9106647B2 (en) 2007-09-12 2015-08-11 Devicefidelity, Inc. Executing transactions secured user credentials
US9152911B2 (en) 2007-09-12 2015-10-06 Devicefidelity, Inc. Switching between internal and external antennas
US9195931B2 (en) 2007-09-12 2015-11-24 Devicefidelity, Inc. Switching between internal and external antennas
US9225718B2 (en) 2007-09-12 2015-12-29 Devicefidelity, Inc. Wirelessly accessing broadband services using intelligent cards
US9304555B2 (en) 2007-09-12 2016-04-05 Devicefidelity, Inc. Magnetically coupling radio frequency antennas
US9311766B2 (en) 2007-09-12 2016-04-12 Devicefidelity, Inc. Wireless communicating radio frequency signals
US9418362B2 (en) 2007-09-12 2016-08-16 Devicefidelity, Inc. Amplifying radio frequency signals
CN103942892A (en) * 2014-01-23 2014-07-23 东方通信股份有限公司 EPP keyboard good in safety

Similar Documents

Publication Publication Date Title
US4105156A (en) Identification system safeguarded against misuse
US5907832A (en) Method of debiting an electronic payment means
US6289324B1 (en) System for performing financial transactions using a smart card
US4211919A (en) Portable data carrier including a microprocessor
US5952639A (en) Depositing, withdrawal, balance check, exchange and transfer of electronic money in automatic cash handling machine
US4007355A (en) Data-transfer system
US6385645B1 (en) Data exchange system comprising portable data processing units
US4328414A (en) Multilevel security apparatus and method
US6578768B1 (en) Method and device for selecting a reconfigurable communications protocol between and IC card and a terminal
US4442345A (en) Apparatus for and method of recycling recording carriers, such as credit cards, including non-volatile erasable memories for identification data
US20090171682A1 (en) Contactless prepaid Product For Transit Fare Collection
US6402028B1 (en) Integrated production of smart cards
US5434395A (en) Method and device for effecting a transaction between a first and at least one second data carrier and carrier used for this purpose
US20040167821A1 (en) Methods and systems for coordinating a change in status of stored-value cards
US5227612A (en) Method and device for the management of transactions using microchip cards
US4868376A (en) Intelligent portable interactive personal data system
US3794813A (en) Verification system
US5923884A (en) System and method for loading applications onto a smart card
US5679945A (en) Intelligent card reader having emulation features
US6575372B1 (en) Secure multi-application IC card system having selective loading and deleting capability
US6944478B1 (en) Security module
US6338048B1 (en) Electronic transaction system
US5491827A (en) Secure application card for sharing application data and procedures among a plurality of microprocessors
US20030034389A1 (en) Method for spreading parameters in offline chip-card terminals as well as corresponding chip-card terminals and user chip-cards
US5854581A (en) Transaction processing system and transaction processing method

Legal Events

Date Code Title Description
AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase in:

Ref country code: JP