WO2004111926A1 - Dielectric separation between inputs/outputs of a smart card - Google Patents

Dielectric separation between inputs/outputs of a smart card Download PDF

Info

Publication number
WO2004111926A1
WO2004111926A1 PCT/IB2004/001933 IB2004001933W WO2004111926A1 WO 2004111926 A1 WO2004111926 A1 WO 2004111926A1 IB 2004001933 W IB2004001933 W IB 2004001933W WO 2004111926 A1 WO2004111926 A1 WO 2004111926A1
Authority
WO
WIPO (PCT)
Prior art keywords
card
contacts
smart card
environment
portable object
Prior art date
Application number
PCT/IB2004/001933
Other languages
French (fr)
Inventor
Olivier Joffray
Serge Barbe
Michel Thill
Original Assignee
Axalto Sa
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from EP03291407A external-priority patent/EP1486911A1/en
Priority claimed from EP03291406A external-priority patent/EP1486908A1/en
Application filed by Axalto Sa filed Critical Axalto Sa
Publication of WO2004111926A1 publication Critical patent/WO2004111926A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/0719Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips at least one of the integrated circuit chips comprising an arrangement for application selection, e.g. an acceleration sensor or a set of radio buttons
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/077Constructional details, e.g. mounting of circuits in the carrier
    • G06K19/07743External electrical contacts

Definitions

  • the present invention concerns the domain of portable object and more particularly of smart card comprising at least two inputs/outputs (I/O).
  • This invention is applicable to any application where a smart card plays the role of a smart and secure gateway between two areas, one considered as trustable, the other not as described in a patent application filed by the present applicant the same day as the present application and whose title is "Smart and secure gateway for performing secure operations", hereafter called the Patent.
  • Cards with integrated circuit also called smart cards are small plastic devices that contain one or more embedded integrated circuits.
  • a card with integrated circuit can be for example a memory card or a microprocessor card called also microprocessor chip card.
  • a smart card is accessed with a card reader that has an aperture or slot or else into which the smart card is inserted.
  • the smart card reader covers every device used to receive or to be connected with a smart card and work with it (read, write, delete, and/or every possible operation).
  • the smart card reader can be part or linked with a computer, a pin pad or else...
  • the present invention covers smart cards but also every portable object provided with integrated circuit allowing to work or dialog with at least one portable object accepting device, and in embodiments described hereafter, portable object with at least one integrated circuit designed to offer security functions such as authentication, validation, encryption/decryption, secure storage, ....
  • the portable object accepting device may have the form of a housing provided with an aperture or slot to receive the portable object but also any form allowing the portable object to be connected to the portable object accepting device.
  • the active part of the smart card 1 is constituted of a chip in the thickness of the card connected to a module 2.
  • the module comprises a set of contact zones or pads called connectors 3 (also called contacts) on the surface of the card.
  • the module comprises 8 connectors called C1 to C8.
  • I/O1 is the mean to exchange data with the insecure environment.
  • I/O2 is the mean to exchange data with the secure environment.
  • the smart card positioned in the middle of the two environments, can filter the data when sent from an environment to another, or can send or receive some data to and from both environments.
  • the secure environment is dedicated for displaying secure information, and presenting user validation order (e.g. PIN presentation, signature operation validation by key pressing).
  • the smart card as a gateway constitutes a closed, secured and controlled environment with at least two inputs/outputs, one is dedicated to send and receive data to and from an insecure environment, another is dedicated to send and receive data to and from a secure environment (point of sale pin pad, ATM, private pin pad, secure network) in order to perform operations which require a security control such as validating a transaction, checking a signature, encrypting or decrypting ...
  • the smart card constitutes a secured and controlled environment with at least two inputs/outputs (I/O1 and I/O2).
  • One input/output I/O (or I/Os), the insecure I/O(s) is(are) dedicated to support the exchanges with an insecure or uncontrolled environment (ie an environment on which the user cannot rely without restriction such as a PC or a POS device).
  • the other I/O(s), the secure I/O(s), is(are) connected to environment(s) on which the user relies (eg a personal PIN pad). All the information needed to perform the secure operation from the user is transmitted to the portable object through the secure input/output.
  • a goal of the present invention is to avoid the possible modification of the portable object-accepting device intended to bypass the gateway function of the portable object.
  • figure 1 is a diagrammatic representation of a smart card inserted in a reader in dotted lines according to the prior art
  • figure 2 is a diagrammatic representation of a non-limiting mode of realisation of a smart card designed to implement the method according to the invention
  • figure 3 is a schematic view of an example of realisation of an electronic unit integrated in a portable object such as a smart card designed to implement the method according to the invention ;
  • FIG 4 is a diagrammatic representation of another non-limiting mode of realisation of a smart card designed to implement the method according to the invention
  • figure 5 is a diagrammatic representation of a practical example of a use of the smart card according to the present invention
  • figure 6 is a diagrammatic representation of another practical example of use of the smart card according to the present invention.
  • a portable object may be a smart card with an integrated electronic unit: the electronic unit comprises at least a microprocessor CPU with two-way connection via an internal bus to a non volatile memory of type ROM, EEPROM, Flash, FeRam or else storing at least a program to be executed, a volatile memory of type RAM and input/output means to communicate with the exterior.
  • the unit may comprise additional components not shown, connected to the internal bus.
  • This type of unit is generally manufactured as a monolithic integrated electronic circuit, or chip, which once physically protected by any known means can be assembled on the integrated circuit card or similar for use in various fields, such as the bank and/or electronic payment cards, mobile radio telephony, pay television, health and transport.
  • the smart card 1 is constituted of said chip in the thickness of the card connected to a module.
  • the module comprises a set of flat connectors on the surface of the card allowing said chip to be connected and work with a card-accepting device.
  • the problem described here above is solved by providing a dielectric separation between the connectors (also called contact) aimed at being linked to the two environments secure and insecure, environment 1 and environment 2, such that it is not possible to modify a portable object-accepting device 4 (in figure 2, a smart card reader) in order to access both environments without wireless communication means.
  • a dielectric separation between the connectors also called contact
  • a portable object-accepting device 4 in figure 2, a smart card reader
  • the invention concerns a portable object as a gateway comprising at least storage means and at least two electrical contacts corresponding to the I/Os linked to two different card readers and being connected to said storage means characterized in that at least two of said contacts are dielectrically separated.
  • the electrical contacts are no more contiguous, are no more part of the same surface of contacts 3, the surface of the module.
  • the electrical contacts are no more included within the surface defined by the standard and in particular ISO 7816.
  • Each electrical contact corresponds to the input/output in connection with a first environment, for example the secure environment on one hand and on other hand in connection with a second environment, for example the unsecured environment in such a way that a reader can not access to both inputs/outputs: the electrical connectors of the portable object corresponding to each input/output are dielectrically separated in such a way that an object accepting device can not access to both inputs/outputs.
  • the reader has a very general meaning : a reader is any type of device able to have an interaction with the smart card through the assigned I/O.
  • Invisible electric wires 5 coated in the smart card plastic body ensure the electric connection between the smart card microchip 2 and the contacts 3 placed at the opposite of the card.
  • the portable object is a smart card with an integrated electronic unit 6 : the electronic unit 6 comprises at least a microprocessor CPU 7 with two-way connection via an internal bus 8 to storage means, for example a non volatile memory 9 of type ROM, EEPROM, Flash, FeRam or else storing at least a program to be executed, a volatile memory 11 of type RAM and input/output means 13 to communicate with the exterior.
  • the unit 6 may comprise additional components not shown, connected to the internal bus.
  • This type of unit is generally manufactured as a monolithic integrated electronic circuit, or chip, which once physically protected by any known means can be assembled on the integrated circuit card or similar for use in various fields, such as the bank and/or electronic payment cards, mobile radio telephony, pay television, health and transport.
  • the smart card is constituted of said chip in the thickness of the card connected to a module 2.
  • the module 2 comprises a set of flat connectors 3 on the surface of the card allowing said chip to be connected and work with a card-accepting device.
  • the invention consists in providing a visual separation and differentiation between the contacts for the user as shown in figure 2.
  • One electrical contact is part of the module linked to the chip and the other is separated and placed at the opposite side of the card with other isolated contacts, linked to the chip with invisible electric wire coated in the smart card plastic body.
  • the user sees with obviousness the concept of gateway and trusts in the system.
  • the solution is used for purchase on Internet
  • the user is in charge of the terminal used for interfacing the smart card with the secure environment. He has to be sure that the terminal is not modified. So it is important that the user trusts its tools.
  • the invention consists also in improving this separation in differentiating the form (figure 2) or in determining the position (figure 4) of the contacts in such a way that when the card is inserted in one direction in the reader, the electrical contacts of the card and the reader match, but when inserted in the other direction in the same reader, it does not work. Hence, the card cannot be inserted in a reader in a wrong way.
  • the contacts aimed to be connected to the first environment are part of the chip and the contacts aimed to be connected to the second environment are rounded isolated surface side by side and linked to the chip with invisible electric wire coated in the smart card plastic body.
  • the contacts are visually separated and have different forms.
  • the contacts have a determined position on the card.
  • the contacts aimed to be connected to the first environment and the contacts aimed to be connected to the second environment are positioned on the same longitudinal axis X 1 which is not the central longitudinal axis.
  • the contacts for the first environment match with the ones of the reader, which is not the case for the other contacts.
  • the contacts aimed to be connected to the second environment are positioned in such a way that they cannot match with the connectors of the reader aimed to work in the first environment.
  • a user has a smart card. He uses it to buy goods or services on the Internet from home using its PC, or to perform electronic signature.
  • the card is directly connected to a USB (Universal Serial Bus) PC host through a card accepting device 19 only made of electronic wires. It is compatible with USB standard, and recognized by the PC.
  • the smart card application requires a PIN to be presented for payment or electronic signature.
  • a second set of connectors 20 is dedicated for the connection with the PIN pad 21 equipped with the adequate keyboard and display.
  • the PC is an insecure environment because a virus could perform unwanted actions that the user does not see, including addressing a smart card.
  • the user wants to perform a transaction over the Internet, here purchasing goods or services. He connects its computer to the merchant site. Having chosen the goods or services he wants, the user checks out the Internet site for payment. Having verified the list of its purchases, the user is invited to introduce his payment card on his reader. The user introduces his card the USB side first. A communication channel is established between the card and the PC through the card insecure 1/01. The Internet site verifies the card as it can access it transparently. The reading of a data in the card (e.g. application reference) allows detecting that the card requires a personal PIN pad to complete a payment over the Internet. A message asking the user to connect the personal PIN pad is displayed.
  • a data in the card e.g. application reference
  • the user connects the card to its personal PIN pad.
  • This second communication channel flows through the secure card I/O2.
  • the PC powers the personal PIN pad through the card that relays VCC and GND connectors to the PIN pad side (wires are coated in the card plastic body).
  • the insecure I/O1 is dedicated for USB communication.
  • the secure IO2 is compatible with the PIN pads specific protocols.
  • the card searches for the personal PIN pads over IO2.
  • the PC enters in a payment session, and receives the essential transaction data (price, goods/services list, article references, banking establishment name... ) from the Internet site. They are displayed on its screen, asking the user to confirm the payment session.
  • the essential transaction data price, goods/services list, article references, banking establishment name...
  • the user confirms or cancels the transaction by pressing a key on its personal PIN pad.
  • the key press is relayed to the PC by the smart card that receives it from the secure I/O2 and sends it through the insecure 1/01. This allows verifying the personal PIN pad works correctly.
  • the card sends the data required to continue the transaction to the host (a random to establish a session key, cryptographic keys references, authentication data... ).
  • the card needs the owner PIN to be presented. It waits it from the secure 1/02 in order to prevent the tapping of the insecure I/O1 that is connected to the insecure environment.
  • the card, the PIN pad and the PC enter in a PIN entering session.
  • the card stores its value in its memory, and sends a '*' (star character) to the PC.
  • the entire PIN entering session is handled using the same principle.
  • the user validates, or cancels, the PIN by pressing a dedicated key.
  • the card verifies the PIN if it was validated. Assuming the PIN value is correct, the card continues the transaction. Otherwise, it cancels the transaction.
  • a document if a document has to be sent signed, it is prepared in a trustable environment, and sent to the security gateway that sign it (and may encrypt it). Then it can be provided to a connected PC for sending via e-mail, or any other mean.
  • the basic cryptographic functions embedded in the gateway ensure at least the signing and the encryption/decryption of the data, but should be drawn to all cryptographic functions such as authentication, privacy, non-repudiation, replay prevention, data tagging...
  • the trustable environment might be constituted by a trustable PC or a network of PC or else. The most important is to forbid any access to such a network except through the security gateway.
  • a document with a signature to verify follows the path 20, while a document to sign follows the path 30.
  • a “secured area” is not as secured as a smart card, but one can assume it is a trustable working environment.
  • Level 0 any standard PC, possibly connected to the Internet, which as not been prepared for a particular security task (e.g. desktop or laptop PC)
  • Level 1 a PC, or network of PCs, specifically designed and or prepared to perform some tasks requiring an adequate security level. Such computers are not connected to the outside word using usual means, and may not have any floppy, CD or DVD reader/player (i.e. inputs and outputs should be totally under control). It also should be placed in a secure office in order to control its access (i.e. physical access control) • Level 2: a smart card or equivalent, which represents here the highest level of security, as this consideration is taken into account from the beginning to the end of its life cycle. This also includes software and hardware development, personalization consideration, security lock, ...
  • a security level 0 environment cannot be used for signing or verifying a document. This is an insecure environment
  • a security level 1 environment is not secure enough for signing or verifying a document.
  • the cryptographic keys required to perform the signature are a too sensitive data.
  • level 1 should be enough to edit, display or print the document to sign and to verify. This is a trustable environment.
  • a security level 2 environment is specifically designed to handle sensitive data such as cryptographic keys. It is designed, loaded, upgraded and personalized in a secure environment. It is subject to security policy from its conception to its end of life. This is a secure environment.
  • the smart card ensures a security gateway function between the insecure and the trustable security environment.
  • An adequate protocol e.g. ber tlv
  • ber tlv allows detecting protected data (using cryptographic means). If the data the smart card receives is not sealed, it is rejected. Assuming the smart card and the electronic device do not have enough memory to store a complete document, the data is sent to the security level 1 environment where it is temporarily stored (specific transition area). When all the data are received, ' and if the cryptographic verifications are successful, the smart card displays the result of a hashing calculation on the electronic device display. In the mean time, the PC placed in the security level 1 environment performs the same calculation and display the result. The user compare the two displayed hashing calculation results.
  • the secured PC moves the data from the temporary storage location to the working location in order to use the data.
  • the data is to be signed, it is sent to the smart card through the electronic device (from level 1 security environment).

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention concerns a portable object comprising at least storage means and at least two contacts being connected to said storage means, at least two of said contacts being dielectrically separated.

Description

DIELECTRIC SEPARATION BETWEEN INPUTS/OUTPUTS OF A SMART CARD
The present invention concerns the domain of portable object and more particularly of smart card comprising at least two inputs/outputs (I/O).
This invention is applicable to any application where a smart card plays the role of a smart and secure gateway between two areas, one considered as trustable, the other not as described in a patent application filed by the present applicant the same day as the present application and whose title is "Smart and secure gateway for performing secure operations", hereafter called the Patent.
TECHNICAL FIELD
Cards with integrated circuit also called smart cards are small plastic devices that contain one or more embedded integrated circuits. A card with integrated circuit can be for example a memory card or a microprocessor card called also microprocessor chip card. A smart card is accessed with a card reader that has an aperture or slot or else into which the smart card is inserted. The smart card reader covers every device used to receive or to be connected with a smart card and work with it (read, write, delete, and/or every possible operation). The smart card reader can be part or linked with a computer, a pin pad or else... The present invention covers smart cards but also every portable object provided with integrated circuit allowing to work or dialog with at least one portable object accepting device, and in embodiments described hereafter, portable object with at least one integrated circuit designed to offer security functions such as authentication, validation, encryption/decryption, secure storage, .... The portable object accepting device may have the form of a housing provided with an aperture or slot to receive the portable object but also any form allowing the portable object to be connected to the portable object accepting device.
In more details, as shown in figure 1 , the active part of the smart card 1 is constituted of a chip in the thickness of the card connected to a module 2. The module comprises a set of contact zones or pads called connectors 3 (also called contacts) on the surface of the card. In the examples described here below, the module comprises 8 connectors called C1 to C8.
As shown in the Patent, to realize a gateway using a smart card, a good solution is to use two I/Os at the same time: 1/01 and I/O2:
1. I/O1 is the mean to exchange data with the insecure environment.
2. I/O2 is the mean to exchange data with the secure environment.
The smart card, positioned in the middle of the two environments, can filter the data when sent from an environment to another, or can send or receive some data to and from both environments. The secure environment is dedicated for displaying secure information, and presenting user validation order (e.g. PIN presentation, signature operation validation by key pressing). The smart card as a gateway constitutes a closed, secured and controlled environment with at least two inputs/outputs, one is dedicated to send and receive data to and from an insecure environment, another is dedicated to send and receive data to and from a secure environment (point of sale pin pad, ATM, private pin pad, secure network) in order to perform operations which require a security control such as validating a transaction, checking a signature, encrypting or decrypting ...
The smart card constitutes a secured and controlled environment with at least two inputs/outputs (I/O1 and I/O2). One input/output I/O (or I/Os), the insecure I/O(s) is(are) dedicated to support the exchanges with an insecure or uncontrolled environment (ie an environment on which the user cannot rely without restriction such as a PC or a POS device). The other I/O(s), the secure I/O(s), is(are) connected to environment(s) on which the user relies (eg a personal PIN pad). All the information needed to perform the secure operation from the user is transmitted to the portable object through the secure input/output.
As shown by figure 1 , when a smart card 1 is in a smart card accepting device 4, the eight electric connectors C1 to C8, making the reader 4 and the smart card 1 in relation, are not anymore visible. Thus, one could imagine to bypass the gateway function provided by the smart card by modifying the internal electronic of the reader.
A goal of the present invention is to avoid the possible modification of the portable object-accepting device intended to bypass the gateway function of the portable object.
BRIEF DESCRIPTION OF THE DRAWINGS
Other purposes, features and advantages of the invention will appear on reading the description which follows of the implementation of the method according to the invention and of a mode of realisation of a portable object designed for this implementation, given as a non-limiting example, and referring to the attached drawings in which: - figure 1 is a diagrammatic representation of a smart card inserted in a reader in dotted lines according to the prior art ; figure 2 is a diagrammatic representation of a non-limiting mode of realisation of a smart card designed to implement the method according to the invention ; figure 3 is a schematic view of an example of realisation of an electronic unit integrated in a portable object such as a smart card designed to implement the method according to the invention ;
- figure 4 is a diagrammatic representation of another non-limiting mode of realisation of a smart card designed to implement the method according to the invention - figure 5 is a diagrammatic representation of a practical example of a use of the smart card according to the present invention ; figure 6 is a diagrammatic representation of another practical example of use of the smart card according to the present invention.
BEST WAY OF REALISING THE INVENTION According to a particular embodiment, a portable object may be a smart card with an integrated electronic unit: the electronic unit comprises at least a microprocessor CPU with two-way connection via an internal bus to a non volatile memory of type ROM, EEPROM, Flash, FeRam or else storing at least a program to be executed, a volatile memory of type RAM and input/output means to communicate with the exterior. The unit may comprise additional components not shown, connected to the internal bus. This type of unit is generally manufactured as a monolithic integrated electronic circuit, or chip, which once physically protected by any known means can be assembled on the integrated circuit card or similar for use in various fields, such as the bank and/or electronic payment cards, mobile radio telephony, pay television, health and transport.
As shown in figure 1 , the smart card 1 is constituted of said chip in the thickness of the card connected to a module. The module comprises a set of flat connectors on the surface of the card allowing said chip to be connected and work with a card-accepting device.
As shown in figure 2, the problem described here above is solved by providing a dielectric separation between the connectors (also called contact) aimed at being linked to the two environments secure and insecure, environment 1 and environment 2, such that it is not possible to modify a portable object-accepting device 4 (in figure 2, a smart card reader) in order to access both environments without wireless communication means.
More generally, the invention concerns a portable object as a gateway comprising at least storage means and at least two electrical contacts corresponding to the I/Os linked to two different card readers and being connected to said storage means characterized in that at least two of said contacts are dielectrically separated. The electrical contacts are no more contiguous, are no more part of the same surface of contacts 3, the surface of the module. The electrical contacts are no more included within the surface defined by the standard and in particular ISO 7816. Each electrical contact corresponds to the input/output in connection with a first environment, for example the secure environment on one hand and on other hand in connection with a second environment, for example the unsecured environment in such a way that a reader can not access to both inputs/outputs: the electrical connectors of the portable object corresponding to each input/output are dielectrically separated in such a way that an object accepting device can not access to both inputs/outputs.
The reader has a very general meaning : a reader is any type of device able to have an interaction with the smart card through the assigned I/O.
Invisible electric wires 5 coated in the smart card plastic body ensure the electric connection between the smart card microchip 2 and the contacts 3 placed at the opposite of the card.
The evident dielectric separation makes an attack to the secure environment more difficult. With this separation of the contacts, and in fact of the inputs/outputs, it is necessary to modify two portable object-accepting devices (or one if said object accepting devices can dialog) for each input/output, which is a lot more complicated. If the separation was not evident, one could make some modification inside the card-accepting device by accessing directly to the two I/Os.
In a particular embodiment of the present invention, the portable object is a smart card with an integrated electronic unit 6 : the electronic unit 6 comprises at least a microprocessor CPU 7 with two-way connection via an internal bus 8 to storage means, for example a non volatile memory 9 of type ROM, EEPROM, Flash, FeRam or else storing at least a program to be executed, a volatile memory 11 of type RAM and input/output means 13 to communicate with the exterior. The unit 6 may comprise additional components not shown, connected to the internal bus. This type of unit is generally manufactured as a monolithic integrated electronic circuit, or chip, which once physically protected by any known means can be assembled on the integrated circuit card or similar for use in various fields, such as the bank and/or electronic payment cards, mobile radio telephony, pay television, health and transport.
As shown in figure 1 , the smart card is constituted of said chip in the thickness of the card connected to a module 2. The module 2 comprises a set of flat connectors 3 on the surface of the card allowing said chip to be connected and work with a card-accepting device.
In the first implementation example here below (figure 5), it would be necessary to implement some wireless communication solution in the Pin pad to communicate with the insecure environment in order to complete the attack.
Moreover, the invention consists in providing a visual separation and differentiation between the contacts for the user as shown in figure 2. One electrical contact is part of the module linked to the chip and the other is separated and placed at the opposite side of the card with other isolated contacts, linked to the chip with invisible electric wire coated in the smart card plastic body.
Hence, the user sees with obviousness the concept of gateway and trusts in the system. For example, when the solution is used for purchase on Internet, the user is in charge of the terminal used for interfacing the smart card with the secure environment. He has to be sure that the terminal is not modified. So it is important that the user trusts its tools.
The invention consists also in improving this separation in differentiating the form (figure 2) or in determining the position (figure 4) of the contacts in such a way that when the card is inserted in one direction in the reader, the electrical contacts of the card and the reader match, but when inserted in the other direction in the same reader, it does not work. Hence, the card cannot be inserted in a reader in a wrong way. As shown in figure 2, the contacts aimed to be connected to the first environment are part of the chip and the contacts aimed to be connected to the second environment are rounded isolated surface side by side and linked to the chip with invisible electric wire coated in the smart card plastic body. The contacts are visually separated and have different forms.
As illustrated by figure 4, the contacts have a determined position on the card. Here the contacts aimed to be connected to the first environment and the contacts aimed to be connected to the second environment are positioned on the same longitudinal axis X1 which is not the central longitudinal axis. In this way, when the card is inserted in a reader aimed to work in the first environment, the contacts for the first environment match with the ones of the reader, which is not the case for the other contacts. The contacts aimed to be connected to the second environment are positioned in such a way that they cannot match with the connectors of the reader aimed to work in the first environment.
Detailed description of practical examples
Example 1 as represented in figure 5
A user has a smart card. He uses it to buy goods or services on the Internet from home using its PC, or to perform electronic signature. The card is directly connected to a USB (Universal Serial Bus) PC host through a card accepting device 19 only made of electronic wires. It is compatible with USB standard, and recognized by the PC. The smart card application requires a PIN to be presented for payment or electronic signature. In order to avoid the user to type its PIN on the PC keyboard, a second set of connectors 20 is dedicated for the connection with the PIN pad 21 equipped with the adequate keyboard and display.
The PC is an insecure environment because a virus could perform unwanted actions that the user does not see, including addressing a smart card. The user wants to perform a transaction over the Internet, here purchasing goods or services. He connects its computer to the merchant site. Having chosen the goods or services he wants, the user checks out the Internet site for payment. Having verified the list of its purchases, the user is invited to introduce his payment card on his reader. The user introduces his card the USB side first. A communication channel is established between the card and the PC through the card insecure 1/01. The Internet site verifies the card as it can access it transparently. The reading of a data in the card (e.g. application reference) allows detecting that the card requires a personal PIN pad to complete a payment over the Internet. A message asking the user to connect the personal PIN pad is displayed.
The user connects the card to its personal PIN pad. This second communication channel flows through the secure card I/O2. The PC powers the personal PIN pad through the card that relays VCC and GND connectors to the PIN pad side (wires are coated in the card plastic body).
The insecure I/O1 is dedicated for USB communication. The secure IO2 is compatible with the PIN pads specific protocols. The card searches for the personal PIN pads over IO2.
The PC enters in a payment session, and receives the essential transaction data (price, goods/services list, article references, banking establishment name... ) from the Internet site. They are displayed on its screen, asking the user to confirm the payment session.
The user confirms or cancels the transaction by pressing a key on its personal PIN pad. The key press is relayed to the PC by the smart card that receives it from the secure I/O2 and sends it through the insecure 1/01. This allows verifying the personal PIN pad works correctly. In the mean time, the card sends the data required to continue the transaction to the host (a random to establish a session key, cryptographic keys references, authentication data... ). To complete the transaction, the card needs the owner PIN to be presented. It waits it from the secure 1/02 in order to prevent the tapping of the insecure I/O1 that is connected to the insecure environment.
Hence, the card, the PIN pad and the PC enter in a PIN entering session.
Each time the user press numeric key, the card stores its value in its memory, and sends a '*' (star character) to the PC. The entire PIN entering session is handled using the same principle. At the end, the user validates, or cancels, the PIN by pressing a dedicated key.
The card verifies the PIN if it was validated. Assuming the PIN value is correct, the card continues the transaction. Otherwise, it cancels the transaction.
According to another example of embodiment, if a document has to be sent signed, it is prepared in a trustable environment, and sent to the security gateway that sign it (and may encrypt it). Then it can be provided to a connected PC for sending via e-mail, or any other mean.
The basic cryptographic functions embedded in the gateway ensure at least the signing and the encryption/decryption of the data, but should be drawn to all cryptographic functions such as authentication, privacy, non-repudiation, replay prevention, data tagging...
Depending on the requirement, the trustable environment might be constituted by a trustable PC or a network of PC or else. The most important is to forbid any access to such a network except through the security gateway. According to another example of embodiment illustrated on figure 6, a document with a signature to verify follows the path 20, while a document to sign follows the path 30.
Assuming a smart card is a very secured environment, a standalone PC, or very controlled PC network, can be considered as a "secured area". A "secured area" is not as secured as a smart card, but one can assume it is a trustable working environment.
Consequently, we can define three different levels of security: • Level 0: any standard PC, possibly connected to the Internet, which as not been prepared for a particular security task (e.g. desktop or laptop PC)
• Level 1 : a PC, or network of PCs, specifically designed and or prepared to perform some tasks requiring an adequate security level. Such computers are not connected to the outside word using usual means, and may not have any floppy, CD or DVD reader/player (i.e. inputs and outputs should be totally under control). It also should be placed in a secure office in order to control its access (i.e. physical access control) • Level 2: a smart card or equivalent, which represents here the highest level of security, as this consideration is taken into account from the beginning to the end of its life cycle. This also includes software and hardware development, personalization consideration, security lock, ...
The important elements to remember are:
• A security level 0 environment cannot be used for signing or verifying a document. This is an insecure environment
• A security level 1 environment is not secure enough for signing or verifying a document. The cryptographic keys required to perform the signature are a too sensitive data. By the way, level 1 should be enough to edit, display or print the document to sign and to verify. This is a trustable environment.
• A security level 2 environment is specifically designed to handle sensitive data such as cryptographic keys. It is designed, loaded, upgraded and personalized in a secure environment. It is subject to security policy from its conception to its end of life. This is a secure environment.
The smart card ensures a security gateway function between the insecure and the trustable security environment. An adequate protocol (e.g. ber tlv) allows detecting protected data (using cryptographic means). If the data the smart card receives is not sealed, it is rejected. Assuming the smart card and the electronic device do not have enough memory to store a complete document, the data is sent to the security level 1 environment where it is temporarily stored (specific transition area). When all the data are received, ' and if the cryptographic verifications are successful, the smart card displays the result of a hashing calculation on the electronic device display. In the mean time, the PC placed in the security level 1 environment performs the same calculation and display the result. The user compare the two displayed hashing calculation results. If it is they are equal, then it validates its verification by pressing the button on the electronic device. Receiving the confirmation from the electronic device, the secured PC moves the data from the temporary storage location to the working location in order to use the data. In the other way, if the data is to be signed, it is sent to the smart card through the electronic device (from level 1 security environment). There are many other types of application of the present invention and for example there are applications where the smart card is provided with more than two inputs/outputs in order to receive information from different devices part of environments of different security levels.

Claims

1- Portable object comprising at least storage means and at least two electrical contacts being connected to said storage means, two of said electrical contacts corresponding to two different I/Os being dielectrically separated.
2- Portable object according to claim 1 , characterized in that the contacts are separated in such a way that an object accepting device can not access to both inputs/outputs.
3- Portable object according to one of claims 1 to 2, characterized in that it is a card with integrated circuit, the integrated circuit comprising said storage means connected to said contact through said integrated circuit.
4- Portable object according to one of the claims 1 to 3, characterized in that said contacts are visually separated.
5- Portable object according to one of the claims 1 to 4, characterized in that said contacts are differentiated in their forms on the object.
6- Portable object according to one of the claims 1 to 5, characterized in that said contacts are differentiated in their positions on the object.
7- Portable object according to claim 6, characterized in that the position of the contacts are such that, for a given object accepting device, when the portable object is inserted in said object accepting device in one direction, said contacts come into contact with the contacts provided in the object accepting device but not when inserted in the other direction.
8- Portable object according to one of the claims 1 to 7, characterized in that said contacts are on the same longitudinal axis which is different from the central longitudinal axis on the object.
9- Portable object according to one of the claims 1 to 8, characterized in that the contacts are positioned at the opposite longitudinal side of the object.
PCT/IB2004/001933 2003-06-12 2004-06-11 Dielectric separation between inputs/outputs of a smart card WO2004111926A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
EP03291406.1 2003-06-12
EP03291407A EP1486911A1 (en) 2003-06-12 2003-06-12 Dielectric separation between inputs/outputs of a smart card
EP03291406A EP1486908A1 (en) 2003-06-12 2003-06-12 Smart card with two I/O ports for linking secure and insecure environments
EP03291407.9 2003-06-12

Publications (1)

Publication Number Publication Date
WO2004111926A1 true WO2004111926A1 (en) 2004-12-23

Family

ID=33553847

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2004/001933 WO2004111926A1 (en) 2003-06-12 2004-06-11 Dielectric separation between inputs/outputs of a smart card

Country Status (1)

Country Link
WO (1) WO2004111926A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3992853A1 (en) * 2020-11-03 2022-05-04 Thales DIS France SA Method for managing a smart card

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4980802A (en) * 1988-05-09 1990-12-25 Bull Cp8 Flexible printed circuit
FR2783336A1 (en) * 1998-09-11 2000-03-17 Schlumberger Ind Sa Method of data transmission and smart card providing that transmission
WO2000042568A1 (en) * 1999-01-16 2000-07-20 Qdos Media Limited Smart card and reader/writer
WO2003010713A1 (en) * 2001-07-25 2003-02-06 France Telecom Multichip support package

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4980802A (en) * 1988-05-09 1990-12-25 Bull Cp8 Flexible printed circuit
FR2783336A1 (en) * 1998-09-11 2000-03-17 Schlumberger Ind Sa Method of data transmission and smart card providing that transmission
WO2000042568A1 (en) * 1999-01-16 2000-07-20 Qdos Media Limited Smart card and reader/writer
WO2003010713A1 (en) * 2001-07-25 2003-02-06 France Telecom Multichip support package

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3992853A1 (en) * 2020-11-03 2022-05-04 Thales DIS France SA Method for managing a smart card
WO2022096293A1 (en) * 2020-11-03 2022-05-12 Thales Dis France Sas Method for managing a smart card

Similar Documents

Publication Publication Date Title
US10275758B2 (en) System for secure payment over a wireless communication network
US9129199B2 (en) Portable E-wallet and universal card
US9177241B2 (en) Portable e-wallet and universal card
US9218598B2 (en) Portable e-wallet and universal card
US9218557B2 (en) Portable e-wallet and universal card
US20070131759A1 (en) Smartcard and magnetic stripe emulator with biometric authentication
US20080126260A1 (en) Point Of Sale Transaction Device With Magnetic Stripe Emulator And Biometric Authentication
US20140114861A1 (en) Hand-held self-provisioned pin ped communicator
JP5988583B2 (en) A portable object, including a display and an application, for performing electronic transactions
US20140195429A1 (en) Method for protecting cardholder data in a mobile device that performs secure payment transactions and which enables the mobile device to function as a secure payment terminal
EP2095343A1 (en) Point0f sale transaction device with magnetic stripe emulator and biometric authentication
EP2807600A1 (en) Portable e-wallet and universal card
US8347105B2 (en) Method and system for obtaining a PIN validation signal in a data processing unit
KR20140061474A (en) Improved device and method for smart card assisted digital content purchase and storage
Petri An introduction to smart cards
EP1486908A1 (en) Smart card with two I/O ports for linking secure and insecure environments
US20050049978A1 (en) Method for secure transaction of payments via a data network
US7886967B2 (en) Apparatus and method of entering an authorization code into a chip card terminal
WO2004111926A1 (en) Dielectric separation between inputs/outputs of a smart card
EP1486911A1 (en) Dielectric separation between inputs/outputs of a smart card
EP1486906A1 (en) Method for changing the behavior of a smart card
Corcoran Muscle Flexes Smart Cards into Linux
Mackinnon et al. Smart cards: A case study
Ferreira Smart card evolution

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase