WO2005048203A1 - Verfahren zum einschreiben von daten und applikationen in identifikationsmedien - Google Patents
Verfahren zum einschreiben von daten und applikationen in identifikationsmedien Download PDFInfo
- Publication number
- WO2005048203A1 WO2005048203A1 PCT/CH2004/000684 CH2004000684W WO2005048203A1 WO 2005048203 A1 WO2005048203 A1 WO 2005048203A1 CH 2004000684 W CH2004000684 W CH 2004000684W WO 2005048203 A1 WO2005048203 A1 WO 2005048203A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- file system
- rfs
- identification
- app
- data
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/067—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
- G06K19/07—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
- G06K19/073—Special arrangements for circuits, e.g. for protecting identification code in memory
- G06K19/07309—Means for preventing undesired reading or writing from or onto record carriers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/355—Personalisation of cards for use
- G06Q20/3552—Downloading or loading of personalisation data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/357—Cards having a plurality of specified features
- G06Q20/3576—Multiple memory zones on card
- G06Q20/35765—Access rights to memory zones
Definitions
- the invention relates to a method for writing a data organization or corresponding data associated with a data organization into identification media according to the preamble of claim 1 and an identification medium with a data organization according to the preamble of claim 22.
- identification media eg contactless identification media, chip Cards or prepaid cards etc. known from various manufacturers, which are used in a large number of applications in access control and security applications, for example for access to services and goods, access to protected areas and buildings, access to data systems, time management, etc.
- identification media correspond to different industry standards and have different storage organizations.
- a standard identification medium is known, for example, from WO 01/01258, which specifies a method for accessing a memory of identification media, at least one access key and an access right having to be defined for each application. These data stores have different storage sizes and several access keys in a key area as well as access rights for subareas. Applications must be written in accordance with this memory structure.
- WO 97/34265 a system with special, proprietary contactless identification media is known, the structure of which is hierarchical Authorization system corresponds so that several applications can be written into their data storage by different users and the hierarchical authorization system ensures that independent applications can be autonomously defined and exercised by independent users and that different independent applications cannot influence each other.
- the identification medium (and its data organization or file system) must correspond to the special data organization of the applications or the authorization system.
- special proprietary identification media are required for this, which are often significantly more expensive than standard identification media.
- the object of the present invention is therefore to overcome the previous limitations and disadvantages and to enable access to memories of different types of (standard) identification media in a uniform manner, so that the definition and execution of applications are simplified and their possible uses are expanded ,
- FIG. 3a shows a standard identification medium IM with an application area according to the prior art
- FIG. 3b an identification medium IM (FS) according to the invention with a file system FS and a file system key FSK
- FIG. 4 an identification medium with a standard area Std-Ar and a file system area FS-Ar
- FIG. 5 an identification medium IM (FS ) with an authorization system A
- FIG. 6 a determination of physical addresses pAd in the identification medium IM (FS) from virtual addresses vAd with reference to the reference file system RFS and the file system FS
- FIG. 7 a system (or a communication system) with a reference file system RFS and a host H, with corresponding assigned applications app (RFS), read / write stations WR (RFS) and identification media IM (FS)
- Fig. 8 a search and read function "Auto Read" AR.
- FIGS. 3a, 3b illustrates the method according to the invention for writing data into, or for writing to, identification media of various types IM-X, IM-Y via assigned read / write stations WR, the identification media for one Applications App freely accessible application area App-Ar with several access keys RKi and access rights ACi each for sub-areas Bi of the application area App-Ar, whereby a file system FS is written or initialized, which has a defined virtual, identification media-independent reference file system RFS corresponds (method step 1), with all access keys RKi through a file System key FSK are replaced (method step 2) and all access rights ACi of the sub-areas Bi are suspended (3) and then the file system FS is written into the identification media according to the identification media FS (IM-X), FS (IM-Y) (4) and a file system starting point FS-S (IM-X), FS-S (IM-Y) is defined in the identification media IM (FS) (5), which in the assigned write / corresponding file
- the reference file system RFS is preferably assigned rules ru (RFS) which determine the relationships between the different data of the reference file system.
- Essential elements of this new procedure are the universal, identification medium independent virtual reference file system RFS as well as the identification media dependent file system FS, which is written into the real data memory of the identification media IM (standard identification media) according to the universal virtual reference file system RFS becomes.
- the data memory of the standard identification medium is first emptied, then the file system FS is written in in an adapted manner, so that RFS applications App-RFS can then be written in and practiced unchanged.
- File System FS means: a system for the structure, organization and management of data in certain data stores.
- Reference File System RFS means: a virtual, abstract model of a file system (independent of real data storage) for the organization of data on a data carrier, so that this data can be defined and used by a user Execution of applications within the framework of a communication system are available.
- Writing data according to the method according to the invention means both overwriting physical memory addresses pAd that can be written to one or more times as well as writing data into unwritable physical memory addresses pAd that can be written to one or more times.
- a virtual reference file system RFS preferably with rules ru (RFS)
- RFS rules ru
- IM-X file system starting point
- FS-S FS-S
- FSK file system key
- the file system key FSK as well as the file system starting points FS-S (IM-X), FS-S (IM-Y) and the file systems FS (IM-X), FS (IM-Y) are of type X , Y of the identification media are written in and the access keys RKi, RKj are suspended or deleted, so that access to the entire file system area FS is possible with the key FSK.
- Apps (RFS) corresponding to the reference file system RFS can then be used, for example, from a host H via the read / write station WR (RFS) in process steps 6, 7, 8 as an app (RFS) -FS (IM-X), app ( RFS) -FS (IM-Y) are written and executed in the identification media.
- RFS read / write station WR
- IM-X app
- RFS -FS
- IM-Y app
- 1 also illustrates that the file system FS is implemented differently in accordance with the type X, Y of the identification media, ie optimally in terms of the type and storage structure of the Identification medium adapted.
- An application is accessed via the file system key FSK (in method step 20) and the file system starting point FS-S (method step 21) on the application (in method step 22).
- FIG. 2a-c illustrate, in addition to FIG. 1, how three different functions of the assigned read / write stations are distinguished in the method according to the invention: initializing a file system FS, writing an application and executing an application.
- the initialization of the identification media IM by an assigned read / write station WR (RFS) corresponds to method steps 1-5 (from FIG. 1).
- a prerequisite for this is a read / write station WR (RFS) -Ini with this function "Initialize" Ini, which knows the type of identification media IM-X, IM-Y and their access key RKi, and which the reference file system RFS and the file system Contains key FSK.
- the system owner can only use one initialization read / write station
- the "Write in” function of applications can be written to the corresponding read / write stations WR (RFS) on a hierarchy level below.
- Wpp introduced or initialized, e.g. by independent SSC users for their independent app applications.
- read / write stations WR with the write function usually also contain the corresponding function of executing an application.
- WApp and RApp in the read / write stations WR can also be carried out using suitable authorization means AM or authorization media AIM, i.e. can be implemented and modified using suitable hardware or software (code).
- the file system FS is preferably accessed via the file system starting point FS-S.
- the file system starting point FS-S (IM-X), FS-S (IM-Y) can be determined by the assigned read / write stations WR (RFS) by recognizing the type (X, Y) of the identification medium, for example in the context of the Communication through the evaluation (analysis) of the Unique Identification Number UID, and thus defined (process Step 6), if it is not yet known in the read / write station, for executing applications.
- App can be written into any initialized standard identification medium IM (FS) containing the file system FS without any adaptation.
- IM initialized standard identification medium
- a host H background system or a read / write station WR can thus also execute an application app (RFS) defined in this way on any initialized identification media IM (FS) without adaptation to the identification media.
- RFID application app
- FIG. 3a shows a standard identification medium IM, which is converted into an initialized identification medium IM (FS) according to the invention - according to FIG. 3b.
- the standard identification medium IM according to Fig.3a has a fixed manufacturer area Man with a unique identification number UID and possibly other manufacturer data, e.g. Storage size and other information - as well as a standard range Std-Ar.
- the standard area consists of an access key area RK-Ar with
- the initialized identification medium IM (FS) according to FIG. 3b, on the other hand, has a file system area FS-Ar with a file system key FSK and a larger file system area FS with a file system starting point FS than the standard application area Std-App-Ar -S, here with a file system head FS-H, and a file system application area FS-App-Ar with applications Appl - App3 by independent users SSC1 - SSC3.
- All access rights ACi of the standard identification medium IM are suspended or deleted here, so that access to the entire file system area FS and to all applications can take place directly via the file system key FSK.
- the previous access key area RK-Ar is also made available here for applications.
- the file system or the file system area FS is divided into a file system header (header) FS-H, which defines the organization of the file system area, and a file system application area FS-App-Ar.
- the application app (RFS) is accessed through process steps 20 - 22: via the file system key FSK to the file system start point FS-S or to the file system header FS-H and then to the application app.
- the file system header FS-H contains information IMI about the identification medium, such as manufacturer and storage size, if this e.g. are not available in the manufacturer area Man, and via the File System FS such as File System Version FSv, data organization, access rights aci and encryption functions cryp (according to the security requirements).
- the file system starting point FS-S is preferably located in the file system header FS-H.
- the file system key FSK can only be used to access the file system start point FS-S or the file system header FS-H - and not the application area FS- App-Ar. Then, for example, for an application and / or an independent user SSC, an assigned key FSK-App can also be introduced, which controls access to a corresponding application, in the example from FIG. 3b, for example to the application Appl (with method steps 22a from FS-H to FSK-App and 22b from FSK-App to Appl). As further information, after the file system FS has been written into the identification medium IM (FS), a control symbol (flag) fl can be set which indicates the initialization.
- IM identification medium
- Control conditions flc or initialization information fli can also be written in: control conditions flc, which, for example, specify a number of accesses to the file system or an expiry date, and initialization information fli, which indicate under what conditions, when, how, with which read / write station WR (RFS) -Ini and by whom an initialization of FS was carried out.
- control conditions flc which, for example, specify a number of accesses to the file system or an expiry date
- initialization information fli which indicate under what conditions, when, how, with which read / write station WR (RFS) -Ini and by whom an initialization of FS was carried out.
- the control condition flc or the initialization information fli also allow, for example, flexible use of the application area FS-App-Ar.
- the file system FS initialization
- the entire application area FS-App-Ar is described, but only a partial area for use (for writing) can be released by a first user SSC1, which the user needs and for which he paid.
- This first user or a second independent user SSC2 can then receive the release of a second partial area for the expansion of an existing or for a new application by post-registration (post-initialization).
- identification media IM with differently sized memory areas and correspondingly differently sized file system areas FS-Ar
- An identification medium IM with a large storage area can thus be sold to the users SSC as an identification medium with a small storage area.
- the manufacturer or seller of identification media IM thus benefits from the "economies of scale" for identification media IM with a large storage area, while the user SSC, compared to identification media with a small storage area, has no additional cost for an identification medium with a large storage area, but only partially released application area FS -App-Ar, must pay.
- the size of the approved application area FS-App-Ar can be part of the Information to be IMI.
- the control condition flc or the initialization information fli can also be used to define whether post-registration is possible or within what period and under what conditions this is possible.
- a further security condition can be introduced in that the users SSCi can only access the file system head FS-H for writing and executing applications Appi only for reading or only partially, e.g. for the single writing of an application- and user-specific access right aci that the users cannot change or influence the organization of the File System FS, whereby this is only determined by the system owner (at the top hierarchical level).
- the file system access rights aci have the same function, but are flexibly organized as a great advantage.
- the rules ru (RFS) of the reference file system determine the structure and data structure as well as access rights aci to the file system and the applications, or they determine the appropriate keys (stamps).
- the definition of applications via a reference file system RFS or rules ru allows a virtual, identification medium-independent rights management (Rights Management) RM in the read / write device WR (RFS) based on the comparison with standard identification media the virtual addresses vAd of the reference file system RFS. Because in the read / write devices WR (RFS) only virtual addresses vAd or corresponding virtual lists Li (Fig. 6) and no lists with physical addresses pAd of rights (keys) are managed and managed, when changing an application to the Adaptation of the rights management RM to be dispensed with, ie no updated lists with new physical addresses pAd have to be written into the read / write station WR (RFS).
- RFS rules ru
- the rules ru (RFS) of the reference file system can be used to ensure that applications Appl, App2 independent of independent users SSCI, SSC2, which cannot influence each other, initialized autonomously and independently of one another Standard identification media can be registered and exercised, ie independent applications by independent users can be used independently of each other, without any agreement, and only determined by the Rules ru (RFS) of the reference file system, freely designed, changed and written into any initialized identification media IM (FS) and can also be exercised. This is not possible with known standard identification media - it requires coordination or agreement between different users regarding access rights.
- the standard identification media required to write in the file system FS can be (centrally) from a top hierarchical level, e.g. the control of the use of initialization read / write stations WR (RFS) -Ini is the responsibility of SSCi users or are also sold exclusively. However, it is also possible for a user SSCi to specify a certain type of standard identification media for writing in the file system FS.
- RFS initialization read / write stations WR
- FIG. 3b shows, as a further advantageous embodiment of the invention, the introduction of an application starting point App-S for the application App3 with the method steps 22c, 22d.
- an application start point App-S (with the initialization and definition of a file system start point FS-S or by writing in a file system header FS-H) implicitly defined as a virtual address or explicitly as a physical address).
- an application can then be registered and executed (and also found).
- access via the file system starting point FS-S or also via another location of a file system header FS-H leads here to an application starting point App3-S for the application A ⁇ p3 with which Process steps 20, 21, 22c, 22d.
- FIG. 4 shows an identification medium IM + IM (FS), which has both a standard area Std-Ar with access keys RKi and access rights ACi for sub-areas Bi and with standard applications app (Std) of a known type, and also a file system area FS-Ar , which contains the applications app (RFS) corresponding to the reference file system.
- FS identification medium
- Std standard area Std-Ar with access keys RKi and access rights ACi for sub-areas Bi and with standard applications app (Std) of a known type
- FFS-Ar which contains the applications app (RFS) corresponding to the reference file system.
- This means that such combined identification media IM + IM (FS) can be used both for previous standard applications Ap ⁇ (Std) and for new applications App (RFS) according to the invention, each at corresponding read / write stations WR (Std) or WR (RFS).
- new applications app can be introduced in stages, as desired and at any time, with corresponding assigned read / write stations and identification media.
- one and the same application can be used in an identification medium both in the previous manner and during a transition period As an app (Std) in the standard area Std-Ar as well as in the form corresponding to the reference file system RFS as an app (RFS) in the file system area FS-Ar.
- the application can be executed by a previous standard read / write station WR (Std) as well as by a new reference file system read / write station WR (RFS).
- An existing standard system can thus be gradually replaced by a new RFS system. This is also shown in Fig. 7.
- Such combined identification media IM + IM (FS) can also be converted into fully initialized identification media IM (FS) by initializing the standard area.
- appropriately designed rules ru (RFS) of the reference file system can ensure mutual independence from independent applications by independent users.
- a hierarchical authorization system A with rules ru (A) can also be introduced, as shown for example in FIG. 5.
- the combined rules ru (RFS, A) which correspond to the reference file system RFS and the authorization system A, can be used to ensure that different independent applications can be implemented independently by different independent users and that they cannot influence each other.
- a hierarchical authorization system A discloses WO 97/34265 with the introduction of various organizational levels, the top organizational level being assigned to the system owner and with which a stamp (which corresponds to the organizational levels 1, 2, 3, 4 the access rights aci specified) is introduced on the identification media according to the desired applications.
- the reference file system can be superordinate and the authorization system A can only be implemented in the context of the applications that are being written in: RFS (A) as this corresponds to the example shown in FIG. 5.
- RFS the reference file system RFS could e.g. subordinate to two different authorization systems: RFS (AI, A2), e.g. an older and a newer authorization system.
- RFS RFS
- authorization system A could also be superior to reference file system RFS: A (RFS) by e.g. the file system key FSK or the file system header FS-H would be dependent on A, e.g.
- file system key FSK or parts of the file system header FS-H, such as the control conditions flc or the initialization information fli, to organizational levels of the system owner or a user SSC.
- Hierarchical systems could also be realized with the help of file system keys FSK.
- access to an application takes place via a stamp, which defines the access rights aci to the organizational levels 1, 2, 3, 4 assigned to the application.
- Access to the file system area FS or the application area FS-App-Ar of the identification medium is determined here according to the specifications and rules ru (A) of the hierarchical authorization system A.
- FIG. 6 illustrates how the physical address pAd (IM) is determined and found in an identification medium IM (FS), starting from the virtual address vAd (FS (IM)) in the identification medium with reference to the file system FS (IM) and by means of the physical address of a reference point, preferably with the physical address pAd (FS-S (LM)) of the starting point FS-S as the reference address in the identification medium.
- IM physical address pAd
- This searched physical address can be an address pAd (IM) in the file system header FS-H or an address pAd (IM) -App in the application area FS-App-Ar.
- the functions f and g are preferably carried out in a read / write station WR (RFS) as f (WR (RFS)), g (WR (RFS)), with the logic intelligence, for example a microprocessor uP, in the read / write station WR lies.
- the functions f and g can also be used in a host H as f (WR (RFS), H), g (WR (RFS), H) or f (H (RFS)), g (H (RFS) ) are executed, in the latter case there must be an online connection between WR and H.
- the identification medium normally serves as storage for the data of the applications.
- the function g in the identification medium it is also possible to partially carry out the function g in the identification medium if it contains a corresponding computer intelligence (a microprocessor uP), corresponding to a function g (WR (RFS), IM (FS)).
- a microprocessor uP corresponding to a function g (WR (RFS), IM (FS)).
- functions f and g are carried out for the file system key FSK, the file system start point FS-S and / or a file system header FS-H.
- the functions f and g only capture the entire file system FS including the application area FS-App-Ar when an application is written and executed.
- An application (the data structure and the meaning of the individual addresses) is defined as an app (RFS) based on the virtual addresses v Ad (RFS) of the reference file system. It is no longer necessary to adapt an application to the physical or virtual addresses of identification media or to the file system FS (IM-X), FS (IM-Y), because this is automatically done by initializing (writing) one Identification medium IM with a file system FS (IM) and with the registration of an application in the corresponding identification medium.
- RFS virtual addresses v Ad
- Fig. 6 further shows that the addresses of application starting points App-S in a file system head FS-H or in a selected read / write station WR (RFS), i.e. can be written here in a list Li with preferably virtual addresses vAd.
- RFS read / write station WR
- Fig. 7 shows a communication system or a system with a defined, virtual identification media-independent reference file system RFS, with initialized identification media IM (FS), with assigned read / write stations WR (RFS) and with applications app (RFS), which the Reference File System RFS and its rules ru (RFS) correspond.
- RFS virtual identification media-independent reference file system
- RFID initialized identification media IM
- RFID read / write stations WR
- RFID applications app
- Independent applications Appl, App2, App3 by independent users SSCI, SSC2, SSC3 are also shown here, for example, with more than one Reference file system, here RFS1 and RFS2, each with rules ru (RFSl), ru (RFS2) and with assigned keys FSK1, FSK2 are available. These could also be different RFSv versions of a reference file system, for example an old and a new version.
- the applications Appl, App2, AppT of the user SSCI and SSC2 correspond to the reference file system RFS1 and the application App3 of the user SSC3 to the reference file system RFS2.
- These different applications can be executed via corresponding assigned read / write stations WR (RFS app) with corresponding assigned identification media IM (FS) which contain the applications.
- Two types of initialized identification media IM-X (FS) and IM-Y (FS) are shown, which in principle can contain any combination of applications of corresponding reference file systems.
- Identification media IM also restrict them to a certain type. For example, in such a way that types of different users are initialized, i.e. a type T1 by user SSCI and a type T2 by user SSC2, i.e. that type-specific information is defined with the initialization.
- a function type can e.g. also consist of counting cards which define a number of usage processes, the operating time or an expiry date etc., preferably depending on a control character fl, a control condition flc and / or an initialization information fli, i.e. as T (fl, flc, fli).
- An identification medium IM-X-T (FS) is shown here as an example, which is limited to a certain type, here as the type of user SSCI, and which is only accessible to this user.
- the applications can be accessed via a host H or also through authorization media AM or authorization identification media AIM via appropriate write / - Reading stations can be written into or executed with the desired identification media.
- the communication system of FIG. 7 can also contain standard applications App (Std) with assigned standard read / write stations WR (Std).
- Std standard applications App
- Std standard read / write stations WR
- An example of a combined identification medium IM + IM (FS) is shown here, which contains both a standard area Std-Ar with standard applications app (Std) and a file system area FS-Ar with applications app (RFS).
- IM + IM IM
- FIG. 8 illustrates, as an advantageous development of the invention, an automatic search and read function "Auto Read” AR, with which data (information) from identification media of various types are searched for, read out and referenced by means of a freely configurable data format generator DFG as part of the reference file system RFS an answer can be put together.
- This is done in 3 steps: 1. Searching for the desired information or data according to defined search criteria Q. 2. Reading the data and any RFS conversion.
- a search and read function Auto Read AR is defined according to the Reference File System RFS, with which a search command AR (Q) according to search criteria Q for reading out certain searched data from identification media (IM-X (FS), IM-Y) (FS)) can be created via a read / write station WR (RFS) and, in response, these searched data AR (IM (FS) (data)) are read from the identification media and in the Read / write station to a data record AR (RFS) (data) are processed, which corresponds to the search command AR (Q).
- RFS Reference File System
- This processing into a data record AR (RFS) (data) can preferably be carried out by means of a data format generator DFG.
- the data format generator DFG can form part of the microprocessor uP of the read / write station WR or be integrated into it, or it can form a separate component.
- the searched data AR (IM (FS) (data)) from the identification media can also contain data from the manufacturer area Man and the response data record
- AR (RFS) can also contain data WR (data) of the read / write station.
- the searched data IM (FS) (data) can comprise several applications (Appl (FS), A ⁇ p2 (FS)).
- Data of the read / write station WR and parameters such as search criteria Q which define the auto read function AR can be contained in an information database IDB.
- the search criteria Q can be freely configured as part of the RFS or an application app (RFS). However, they can also be stored pre-configured in the WR read / write station (RFS) in an IDB information database and called up using the Auto Read function AR.
- the searched data AR (IM (FS) (data)) in the identification media can contain data from various applications (Appl, App2, App3), from the file system area FS-Ar (e.g. access rights aci, control characters fl) and from the manufacturer area Man (e.g. UID).
- the entire response data record AR (RFS) (data) can also include data WR (data) from the WR.
- RFS response data records AR (RFS) (data) can be generated which correspond to the AppM (data).
- RFS response data records AR
- the AppM application is integrated as a search command AR (Q, AppM) in the communication system with reference file system RFS, without the AppM application having to be rewritten in a host. This enables a gradual migration from such previous proprietary systems (M) to an RFS communication system.
- the automatic search and read function Auto Read AR is a special application app (RFS) according to the Reference File System RFS.
- RFS App (RFS) application corresponding to the RFS
- T, Tl, T2 Ti types from IM (FS)
- H background system host A authorization system ru rules of RFS or A aci access rights of RFS or A fl control characters, indicator flc control conditions fli initialization information cryp encryption
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Business, Economics & Management (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Debugging And Monitoring (AREA)
Abstract
Description
Claims
Priority Applications (7)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2006538632A JP4881742B2 (ja) | 2003-11-12 | 2004-11-11 | 識別メディアへデータ及びアプリケーションを書き込む方法 |
US10/578,217 US8554795B2 (en) | 2003-11-12 | 2004-11-11 | Method for writing data and applications into identification media |
CN2004800331954A CN1879131B (zh) | 2003-11-12 | 2004-11-11 | 在识别载体读入数据和应用程序的方法 |
KR1020067011288A KR101118494B1 (ko) | 2003-11-12 | 2004-11-11 | 데이터 및 애플리케이션을 식별 매체에 기록하는 방법 |
CA2545292A CA2545292C (en) | 2003-11-12 | 2004-11-11 | A method for writing data and applications into identification media |
EP04797241A EP1685542A1 (de) | 2003-11-12 | 2004-11-11 | Verfahren zum einschreiben von daten und applikationen in identifikationsmedien |
BRPI0416486-5A BRPI0416486A (pt) | 2003-11-12 | 2004-11-11 | método para registrar dados e aplicações em meios de identificação |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CH1946/03 | 2003-11-12 | ||
CH01946/03A CH716409B1 (de) | 2003-11-12 | 2003-11-12 | Verfahren zum Einschreiben einer Datenorganisation in Identifikationsmedien und zum Einschreiben und Ausführen von Applikationen in der Datenorganisation. |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2005048203A1 true WO2005048203A1 (de) | 2005-05-26 |
Family
ID=34578645
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CH2004/000684 WO2005048203A1 (de) | 2003-11-12 | 2004-11-11 | Verfahren zum einschreiben von daten und applikationen in identifikationsmedien |
Country Status (10)
Country | Link |
---|---|
US (1) | US8554795B2 (de) |
EP (1) | EP1685542A1 (de) |
JP (1) | JP4881742B2 (de) |
KR (1) | KR101118494B1 (de) |
CN (1) | CN1879131B (de) |
BR (1) | BRPI0416486A (de) |
CA (1) | CA2545292C (de) |
CH (1) | CH716409B1 (de) |
RU (1) | RU2364961C2 (de) |
WO (1) | WO2005048203A1 (de) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102005056274A1 (de) * | 2005-11-14 | 2007-06-14 | Automaten-Seitz Vertrieb & Kundendienst Gesellschaft mit beschränkter Haftung | Verfahren zum Betrieb eines Chipkartensystems, Chipkarte und Chipkartensystem |
EP2302551A1 (de) * | 2009-09-25 | 2011-03-30 | Incard SA | Verfahren zum Schützen von Anwendungen auf einer IC Karte |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2928754B1 (fr) * | 2008-03-13 | 2012-05-18 | Sagem Securite | Carte a circuit integre ayant un programme d'exploitation modifiable et procede de modification correspondant |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0218176A2 (de) * | 1985-10-07 | 1987-04-15 | Kabushiki Kaisha Toshiba | Tragbares elektronisches Gerät |
FR2667171A1 (fr) * | 1990-09-25 | 1992-03-27 | Gemplus Card Int | Support portable a micro-circuit facilement programmable et procede de programmation de ce micro-circuit. |
US5293577A (en) * | 1990-07-20 | 1994-03-08 | Siemens Nixdorf Informationssysteme Ag | Method and apparatus for preventing inadmissible deviations from the runtime protocol of an application in a data exchange system |
US5452431A (en) * | 1991-10-30 | 1995-09-19 | U.S. Philips Corporation | Microcircuit for a chip card comprising a protected programmable memory |
US5682027A (en) * | 1992-10-26 | 1997-10-28 | Intellect Australia Pty Ltd. | System and method for performing transactions and a portable intelligent device therefore |
WO1999038131A1 (en) * | 1998-01-22 | 1999-07-29 | Mondex International Limited | Codelets |
US6308317B1 (en) * | 1996-10-25 | 2001-10-23 | Schlumberger Technologies, Inc. | Using a high level programming language with a microcontroller |
Family Cites Families (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5446904A (en) * | 1991-05-17 | 1995-08-29 | Zenith Data Systems Corporation | Suspend/resume capability for a protected mode microprocessor |
US6698654B1 (en) * | 1995-05-09 | 2004-03-02 | Smartmove (Nz) Ltd. | Method of interfacing with data storage card |
DE19536548A1 (de) * | 1995-09-29 | 1997-04-03 | Ibm | Vorrichtung und Verfahren zur vereinfachten Erzeugung von Werkzeugen zur Initialisierung und Personalisierung von und zur Kommunikation mit einer Chipkarte |
BR9702167A (pt) * | 1996-03-11 | 1999-12-28 | Kaba Schiessysteme Ag | Meio de indentificação com um portador de dados eletrônicos passivo |
US5889941A (en) * | 1996-04-15 | 1999-03-30 | Ubiq Inc. | System and apparatus for smart card personalization |
US6202155B1 (en) * | 1996-11-22 | 2001-03-13 | Ubiq Incorporated | Virtual card personalization system |
WO1998025239A1 (en) * | 1996-12-03 | 1998-06-11 | Strategic Analysis, Inc. | Method and apparatus for formatting smart cards and card readers |
US5969318A (en) * | 1997-11-24 | 1999-10-19 | Mackenthun; Holger | Gateway apparatus for designing and issuing multiple application cards |
US6199762B1 (en) * | 1998-05-06 | 2001-03-13 | American Express Travel Related Services Co., Inc. | Methods and apparatus for dynamic smartcard synchronization and personalization |
US6402028B1 (en) * | 1999-04-06 | 2002-06-11 | Visa International Service Association | Integrated production of smart cards |
EP1065598A1 (de) * | 1999-06-24 | 2001-01-03 | Siemens Aktiengesellschaft | Verfahren zum Zugriff auf einen Speicher und Speichereinrichtung hierfür |
US7172128B2 (en) * | 2001-02-26 | 2007-02-06 | Legic Identsystems Ag | Method for operating non-contact identification media |
US20030037237A1 (en) * | 2001-04-09 | 2003-02-20 | Jean-Paul Abgrall | Systems and methods for computer device authentication |
CA2470806A1 (en) * | 2001-12-17 | 2003-06-26 | Legic Identsystems Ag | Method for the initialisation of an application in terminals |
US20040024729A1 (en) * | 2002-07-30 | 2004-02-05 | Worley John S. | Method and system for storing sparse data in memory and accessing stored sparse data |
US20040122774A1 (en) * | 2002-08-02 | 2004-06-24 | Martin Studd | Method and system for executing applications on a mobile device |
US6874076B2 (en) * | 2002-09-30 | 2005-03-29 | International Business Machines Corporation | Method, system, and computer program product for migrating data from one real page to another |
WO2004075477A1 (en) * | 2003-02-21 | 2004-09-02 | Telecom Italia S.P.A. | Method and system for managing network access device using a smart card |
-
2003
- 2003-11-12 CH CH01946/03A patent/CH716409B1/de not_active IP Right Cessation
-
2004
- 2004-11-11 EP EP04797241A patent/EP1685542A1/de not_active Ceased
- 2004-11-11 CA CA2545292A patent/CA2545292C/en not_active Expired - Fee Related
- 2004-11-11 JP JP2006538632A patent/JP4881742B2/ja not_active Expired - Fee Related
- 2004-11-11 WO PCT/CH2004/000684 patent/WO2005048203A1/de active Application Filing
- 2004-11-11 BR BRPI0416486-5A patent/BRPI0416486A/pt not_active IP Right Cessation
- 2004-11-11 KR KR1020067011288A patent/KR101118494B1/ko active IP Right Grant
- 2004-11-11 RU RU2006120225/09A patent/RU2364961C2/ru not_active IP Right Cessation
- 2004-11-11 CN CN2004800331954A patent/CN1879131B/zh not_active Expired - Fee Related
- 2004-11-11 US US10/578,217 patent/US8554795B2/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0218176A2 (de) * | 1985-10-07 | 1987-04-15 | Kabushiki Kaisha Toshiba | Tragbares elektronisches Gerät |
US4827512A (en) * | 1985-10-07 | 1989-05-02 | Kabushiki Kaisha Toshiba | Programmable portable electronic device |
US5293577A (en) * | 1990-07-20 | 1994-03-08 | Siemens Nixdorf Informationssysteme Ag | Method and apparatus for preventing inadmissible deviations from the runtime protocol of an application in a data exchange system |
FR2667171A1 (fr) * | 1990-09-25 | 1992-03-27 | Gemplus Card Int | Support portable a micro-circuit facilement programmable et procede de programmation de ce micro-circuit. |
US5452431A (en) * | 1991-10-30 | 1995-09-19 | U.S. Philips Corporation | Microcircuit for a chip card comprising a protected programmable memory |
US5682027A (en) * | 1992-10-26 | 1997-10-28 | Intellect Australia Pty Ltd. | System and method for performing transactions and a portable intelligent device therefore |
US6308317B1 (en) * | 1996-10-25 | 2001-10-23 | Schlumberger Technologies, Inc. | Using a high level programming language with a microcontroller |
WO1999038131A1 (en) * | 1998-01-22 | 1999-07-29 | Mondex International Limited | Codelets |
Non-Patent Citations (1)
Title |
---|
See also references of EP1685542A1 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102005056274A1 (de) * | 2005-11-14 | 2007-06-14 | Automaten-Seitz Vertrieb & Kundendienst Gesellschaft mit beschränkter Haftung | Verfahren zum Betrieb eines Chipkartensystems, Chipkarte und Chipkartensystem |
EP2302551A1 (de) * | 2009-09-25 | 2011-03-30 | Incard SA | Verfahren zum Schützen von Anwendungen auf einer IC Karte |
Also Published As
Publication number | Publication date |
---|---|
RU2006120225A (ru) | 2007-12-27 |
KR101118494B1 (ko) | 2012-03-16 |
CA2545292A1 (en) | 2005-05-26 |
JP2007531926A (ja) | 2007-11-08 |
CN1879131B (zh) | 2013-11-20 |
US8554795B2 (en) | 2013-10-08 |
CH716409B1 (de) | 2021-01-29 |
BRPI0416486A (pt) | 2007-03-27 |
JP4881742B2 (ja) | 2012-02-22 |
CA2545292C (en) | 2014-04-01 |
CN1879131A (zh) | 2006-12-13 |
EP1685542A1 (de) | 2006-08-02 |
RU2364961C2 (ru) | 2009-08-20 |
US20070112770A1 (en) | 2007-05-17 |
KR20060125793A (ko) | 2006-12-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE69835879T2 (de) | Multifunktionschipkarte mit delegierungsmerkmal | |
DE69823649T2 (de) | Multi-anwendungs ic-kartensystem | |
DE69522998T2 (de) | Gesicherte anwendungskarte zur aufteilung von anwendungsdaten und prozeduren zwischen mehreren mikroprozessoren | |
DE69320900T3 (de) | IC-Karte mit hierarchischer Dateienstruktur | |
DE69400549T2 (de) | IC-Karten-Übertragungssystem | |
DE69127560T2 (de) | Gegenseitiges Erkennungssystem | |
DE69205425T2 (de) | Gesichertes verfahren zum laden von mehrfachen anwendungen in einer mikroprozessor-speicherkarte. | |
DE3811378C2 (de) | ||
DE69807210T2 (de) | Gesichertes mehrzweckkartensystem und -verfahren | |
DE19536548A1 (de) | Vorrichtung und Verfahren zur vereinfachten Erzeugung von Werkzeugen zur Initialisierung und Personalisierung von und zur Kommunikation mit einer Chipkarte | |
DE68915186T2 (de) | Tragbarer elektronischer Apparat. | |
EP0766211A2 (de) | Multifunktionale Chipkarte | |
DE10393859B4 (de) | Entkoppelter Hardwarekonfigurationsmanager | |
DE102006029690A1 (de) | Beibehaltung einer Identifikation einer elektronischen Steuereinheit bei Umprogrammierungsereignissen | |
DE19522527A1 (de) | Verfahren zur Vereinfachung der Kommunikation mit Chipkarten | |
DE69431379T2 (de) | Dateiverwaltungssystem mit flexibler Dateigrösse | |
DE69701965T2 (de) | Verfahren zur modifizierung des befehlsatzes in einer smartkarte | |
EP0811204B1 (de) | Verarbeitung langer nachrichten in einer chipkarte | |
EP0224639B1 (de) | Verfahren zum Kontrollieren eines Speicherzugriffs auf einer Chipkarte und Anordnung zur Durchführung des Verfahrens | |
DE69932412T2 (de) | Chipkartenkonfiguration | |
DE10324337B4 (de) | Rechnersystem und zugehöriges Verfahren zum Durchführen eines Sicherheitsprogramms | |
DE69933142T2 (de) | Chipkarte und verfahren zur verwaltung eines flüchtigen speichers auf derselben | |
DE69610438T2 (de) | Verfahren und system zur datenübertragung | |
DE60224937T2 (de) | Verfahren und anordnung zum verknüpfen von verwandelten appletdateien | |
DE69316779T2 (de) | Tragbares elektronisches Gerät |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 200480033195.4 Country of ref document: CN |
|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2545292 Country of ref document: CA |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1624/CHENP/2006 Country of ref document: IN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2004797241 Country of ref document: EP Ref document number: PA/a/2006/005280 Country of ref document: MX |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2006538632 Country of ref document: JP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1020067011288 Country of ref document: KR |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2006120225 Country of ref document: RU |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2007112770 Country of ref document: US Ref document number: 10578217 Country of ref document: US |
|
WWP | Wipo information: published in national office |
Ref document number: 2004797241 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 1020067011288 Country of ref document: KR |
|
ENP | Entry into the national phase |
Ref document number: PI0416486 Country of ref document: BR |
|
WWP | Wipo information: published in national office |
Ref document number: 10578217 Country of ref document: US |