WO2006010913A1 - Remote smartcard application management - Google Patents

Remote smartcard application management Download PDF

Info

Publication number
WO2006010913A1
WO2006010913A1 PCT/GB2005/002907 GB2005002907W WO2006010913A1 WO 2006010913 A1 WO2006010913 A1 WO 2006010913A1 GB 2005002907 W GB2005002907 W GB 2005002907W WO 2006010913 A1 WO2006010913 A1 WO 2006010913A1
Authority
WO
WIPO (PCT)
Prior art keywords
file system
file
commands
accessing
content
Prior art date
Application number
PCT/GB2005/002907
Other languages
French (fr)
Inventor
Barry Sim Hochfield
Michael Peters
Original Assignee
Ecebs Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ecebs Limited filed Critical Ecebs Limited
Publication of WO2006010913A1 publication Critical patent/WO2006010913A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/355Personalisation of cards for use
    • G06Q20/3552Downloading or loading of personalisation data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/357Cards having a plurality of specified features

Definitions

  • the present invention relates to systems utilising programmable devices such as so-called 'smartcards', including systems which use such devices for financial transactions.
  • the system described in the earlier application referred to above is a component- based architecture framework which interacts with ISO 7816 compliant smartcard applications.
  • This architecture allows both new applications and existing applications to interact with information stored on a smartcard without any knowledge of how or where that information is sourced.
  • the system uses a set of security policies and conditions to determine the access rights to the files and objects stored on the cards and modifies the behaviour of the system accordingly.
  • the file system, structure and content, the commands for accessing the file system and the security conditions associated with the files in the file system can all be described uniquely by means of a file formatted in extensible Markup Language ('XML 1 ), a web standard for self-describing messages.
  • 'XML 1 extensible Markup Language
  • a programmable device carrying a file system and operating software enabling the on-device file system to interface with at least one off-device file and/or application; the structure and content of the file system, the commands to be used for accessing the file system and any security conditions associated therewith being defined by at least one file formatted in a web (internet) standard language for self -describing messages; the device including means for running a script derived from the said at least one file to modify structure and content of the file system, or the commands to be used for accessing the file system or any security conditions associated therewith
  • an interface device comprising means for upgrading the on-device file system by loading to the programmable device a script derived from at least one file formatted in a web (internet) standard language for self - describing messages so as to modify definitions of the structure and content of the on-device file system, or the commands to be used for accessing the file system or any security conditions associated therewith, and
  • a secure software distribution means between the software tool and the interface device to provide secure distribution of the file formatted in web (internet) standard language for self-describing messages or any script or file derived therefrom; • the software tool including at least one input form accessible on-line over a computer network or the internet to allow the holder of a programmable device to input data to be used to modify definitions of the structure and content of the on-device file system, or the commands to be used for accessing the file system or any security conditions associated therewith.
  • the invention provides a degree of self-management of the card and terminal applications by the cardholders themselves.
  • the invention proposes that fragments of XML templates are accessed by the cardholder via web forms available at one or more websites available on the internet or other similar computer network.
  • the form comprises a file or a portion of a file formatted in web (internet) standard language for self-describing messages, for example an XML document or template.
  • the cardholder logs into a web site using the smartcard previously issued to them under a scheme of the kind described in described in International Patent Application No WO03/049056 to verify or authenticate their identity and selects a form to complete.
  • This form could be chosen with a view, for example, to registering with a medical specialist or to applying for school meals.
  • Undertaking an operation of this kind requires a change to the data stored on the cardholder's card and to the security policies to be enforced by it.
  • the right to access certain data might be enforced by a remote authentication from a third party using the key assigned to a professional role holder or service provider, eg. a medical specialist or a benefits officer.
  • a professional role holder or service provider eg. a medical specialist or a benefits officer.
  • the resulting XML document with the specific data added by the card holder through the medium of the web form, then goes through the rest of the application generation process described in International Patent Application No WO03/049056, fetching the appropriate key-material and preparing a secure script to download to the card holder's card when the card holder next interacts with one of the scheme's interface devices.
  • the system may then also distribute the terminal or interface component of the XML to a predefined terminal base relevant to the specific service to be provided by the professional role holder, for example, a message might also be sent to a selected medical specialist's terminal to interoperate with that terminal so that it will provide the newly required service to the card holder as requested when the web form was completed.

Abstract

A software tool is provided in a smartcard scheme for creating or modifying a file formatted in a web (internet) standard language for self-describing messages (XML) and defining the structure and content of a file system, the commands to be used for accessing the file system and any security conditions associated therewith. The software tool includes at least one input form accessible on-line over a computer network or the Internet to allow the holder of a smartcard issued under the scheme to input data to be used to modify definitions of the structure and content of the on-card file system, or the commands to be used for accessing the file system or any security conditions associated therewith. A secure software distribution means between the software tool and an interface device permits provide secure distribution of the file formatted in web (Internet) standard language for self­describing messages or any script or file derived therefrom. The interface device upgrades the on-card file system by loading to the smartcard a script derived from the XML file so as to modify definitions of the structure and content of the on-device file system, or the commands to be used for accessing the file system or related security conditions.

Description

Remote Smartcard Application Management
The present invention relates to systems utilising programmable devices such as so-called 'smartcards', including systems which use such devices for financial transactions.
One such system is described in our published International Patent Application WO03/049056 entitled 'Smartcard System'. That system utilises files formatted in a web (internet) standard language for self-describing messages as the on-card file system and the card is also provided with means for running a script derived from the XML file - a script engine - so as to allow the file structure and commands to be modified.
The system described in the earlier application referred to above is a component- based architecture framework which interacts with ISO 7816 compliant smartcard applications. This architecture allows both new applications and existing applications to interact with information stored on a smartcard without any knowledge of how or where that information is sourced. The system uses a set of security policies and conditions to determine the access rights to the files and objects stored on the cards and modifies the behaviour of the system accordingly.
The file system, structure and content, the commands for accessing the file system and the security conditions associated with the files in the file system can all be described uniquely by means of a file formatted in extensible Markup Language ('XML1), a web standard for self-describing messages.
In the basic system described above, it was intended that the file system and security environment conditions would be created, future card applications built and modifications to existing applications made in a centralised 'backroom' using an appropriate configurator tool to generate the necessary Application Protocol Data Unit ('APDU') commands.
For complex multi-function smartcard schemes where the nature of the services the card facilitates could change frequently after the card is issued, the existing systems would burden the scheme operators and card issuers with centralised processes involving the recalling of cards so that software on the cards themselves or in terminals can be modified at pre designated terminals. This is somewhat inconvenient for cardholders, card issuers and scheme operators.
In accordance with the invention, there is provided a system, and a method for use in a system, comprising
• a programmable device carrying a file system and operating software enabling the on-device file system to interface with at least one off-device file and/or application; the structure and content of the file system, the commands to be used for accessing the file system and any security conditions associated therewith being defined by at least one file formatted in a web (internet) standard language for self -describing messages; the device including means for running a script derived from the said at least one file to modify structure and content of the file system, or the commands to be used for accessing the file system or any security conditions associated therewith
• an interface device comprising means for upgrading the on-device file system by loading to the programmable device a script derived from at least one file formatted in a web (internet) standard language for self - describing messages so as to modify definitions of the structure and content of the on-device file system, or the commands to be used for accessing the file system or any security conditions associated therewith, and
• a software tool for creating or modifying a file formatted in a web (internet) standard language for self -describing messages and defining the structure and content of a file system, the commands to be used for accessing the file system and any security conditions associated therewith, and
• a secure software distribution means between the software tool and the interface device to provide secure distribution of the file formatted in web (internet) standard language for self-describing messages or any script or file derived therefrom; • the software tool including at least one input form accessible on-line over a computer network or the internet to allow the holder of a programmable device to input data to be used to modify definitions of the structure and content of the on-device file system, or the commands to be used for accessing the file system or any security conditions associated therewith.
Thus, the invention provides a degree of self-management of the card and terminal applications by the cardholders themselves.
An embodiment of the invention will now be described in detail, by way of example.
Based on the technology described in International Patent Application No
WO03/049056, in which the card and terminal application behaviour is modelled in an XML document, the invention proposes that fragments of XML templates are accessed by the cardholder via web forms available at one or more websites available on the internet or other similar computer network. Thus, the form comprises a file or a portion of a file formatted in web (internet) standard language for self-describing messages, for example an XML document or template.
When the card software is to be modified, the cardholder logs into a web site using the smartcard previously issued to them under a scheme of the kind described in described in International Patent Application No WO03/049056 to verify or authenticate their identity and selects a form to complete. This form could be chosen with a view, for example, to registering with a medical specialist or to applying for school meals.
Undertaking an operation of this kind requires a change to the data stored on the cardholder's card and to the security policies to be enforced by it. For example, the right to access certain data might be enforced by a remote authentication from a third party using the key assigned to a professional role holder or service provider, eg. a medical specialist or a benefits officer. By completing the web form and selecting the name of the professional role holder, fragments of previously prepared XML documents are accessed by the card holder and specific data added. The resulting XML document, with the specific data added by the card holder through the medium of the web form, then goes through the rest of the application generation process described in International Patent Application No WO03/049056, fetching the appropriate key-material and preparing a secure script to download to the card holder's card when the card holder next interacts with one of the scheme's interface devices.
The system may then also distribute the terminal or interface component of the XML to a predefined terminal base relevant to the specific service to be provided by the professional role holder, for example, a message might also be sent to a selected medical specialist's terminal to interoperate with that terminal so that it will provide the newly required service to the card holder as requested when the web form was completed.

Claims

1. A smartcard system comprising a programmable device carrying a file system and operating software enabling the on-device file system to interface with at least one off-device file and/or application; the structure and content of the file system, the commands to be used for accessing the file system and any security conditions associated therewith being defined by at least one file formatted in a web (internet) standard language for self-describing messages; the device including means for running a script derived from the said at least one file to modify structure and content of the file system, or the commands to be used for accessing the file system or any security conditions associated therewith; an interface device comprising means for upgrading the on-device file system by loading to the programmable device a script derived from at least one file formatted in a web (internet) standard language for self- describing messages so as to modify definitions of the structure and content of the on-device file system, or the commands to be used for accessing the file system or any security conditions associated therewith; a software tool for creating or modifying a file formatted in a web (internet) standard language for self-describing messages and defining the structure and content of a file system, the commands to be used for accessing the file system and any security conditions associated therewith; and a secure software distribution means between the software tool and the interface device to provide secure distribution of the file formatted in web
(internet) standard language for self-describing messages or any script or file derived therefrom; the software tool including at least one input form accessible on-line over a computer network or the internet to allow the holder of a programmable device to input data to be used to modify definitions of the structure and content of the on-device file system, or the commands to be used for accessing the file system or any security conditions associated therewith.
2. A system according to any preceding claim wherein the at least one input form accessible on-line is an XML document or template.
3. A method of modifying the structure or content of the on-device file system or the commands used for accessing that file system or any security conditions associated therewith, in a smartcard system comprising a programmable device carrying a file system and operating software enabling the on-device file system to interface with at least one off-device file and/or application; the structure and content of the file system, the commands to be used for accessing the file system and any security conditions associated therewith being defined by at least one file formatted in a web (internet) standard language for self-describing messages; the device being provided with means for running a script derived from the said at least one file to modify structure and content of the file system, or the commands to be used for accessing the file system or any security conditions associated therewith, the method comprising:
providing a software tool for creating or modifying a file formatted in a web (internet) standard language for self-describing messages and defining the structure and content of a file system, the commands to be used for accessing the file system and any security conditions associated therewith; the software tool including at least one input form accessible on-line over a computer network or the internet to allow the holder of a programmable device to input data to be used to modify definitions of the structure and content of the on-device file system, or the commands to be used for accessing the file system or any security conditions associated therewith;
providing a secure software distribution means between the software tool and an interface device to provide secure distribution of the file formatted in web (internet) standard language for self-describing messages or any script or file derived therefrom; and loading to the programmable device by means of the interface device a script derived from at least one file formatted in a web (internet) standard language for self-describing messages so as to modify definitions of the structure and content of the on-device file system, or the commands to be used for accessing the file system or any security conditions associated therewith.
4. A method of modifying the structure or content of the off-device file system or the commands used for accessing that file system or any security conditions associated therewith in an interface device of a smartcard system comprising a programmable device carrying a file system and operating software enabling the on-device file system to interface with at least one off-device file and/or application; the structure and content of the file system, the commands to be used for accessing the file system and any security conditions associated therewith being defined by at least one file formatted in a web (internet) standard language for self-describing messages; the device being provided with means for running a script derived from the said at least one file to modify structure and content of the file system, or the commands to be used for accessing the file system or any security conditions associated therewith; the method comprising:
providing a software tool for creating or modifying a file formatted in a web (internet) standard language for self-describing messages and defining the structure and content of a file system, the commands to be used for accessing the file system and any security conditions associated therewith; the software tool including at least one input form accessible on-line over a computer network or the internet to allow the holder of a programmable device to input data to be used to modify definitions of the structure and content of the on-device file system, or the commands to be used for accessing the file system or any security conditions associated therewith; and providing a secure software distribution means between the software tool and the interface device to provide secure distribution of the file formatted in web (internet) standard language for self-describing messages or any script or file derived therefrom.
5. A method according to claim 3 or 4 wherein the at least one input form accessible on-line is in provided as an XML document or template.
PCT/GB2005/002907 2004-07-26 2005-07-26 Remote smartcard application management WO2006010913A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB0416618.7 2004-07-26
GB0416618A GB0416618D0 (en) 2004-07-26 2004-07-26 Remote smartcard application management

Publications (1)

Publication Number Publication Date
WO2006010913A1 true WO2006010913A1 (en) 2006-02-02

Family

ID=32922800

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2005/002907 WO2006010913A1 (en) 2004-07-26 2005-07-26 Remote smartcard application management

Country Status (2)

Country Link
GB (1) GB0416618D0 (en)
WO (1) WO2006010913A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999040549A1 (en) * 1998-02-03 1999-08-12 Mondex International Limited System and method for controlling access to computer code in an ic card
WO2003049056A2 (en) * 2001-12-07 2003-06-12 Ecebs Limited Smartcard system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999040549A1 (en) * 1998-02-03 1999-08-12 Mondex International Limited System and method for controlling access to computer code in an ic card
WO2003049056A2 (en) * 2001-12-07 2003-06-12 Ecebs Limited Smartcard system

Also Published As

Publication number Publication date
GB0416618D0 (en) 2004-08-25

Similar Documents

Publication Publication Date Title
US10298568B1 (en) System integrating an identity selector and user-portable device and method of use in a user-centric identity management system
JP4348190B2 (en) Smart card system
US11093652B2 (en) Web-based method and system for applying a legally enforceable signature on an electronic document
DE60122612T2 (en) Authentication device and user authentication system and method
AU2002215781A1 (en) Method and system for the approval of an electronic document over a network
US7540416B2 (en) Smart card authentication system with multiple card and server support
WO2012130461A2 (en) Updating a data storage medium application
CN101931530B (en) Generation method, authentication method and device for dynamic password and network system
KR20000028688A (en) Simplified use of smart cards
CN111553678A (en) Two-dimensional code payment method and system based on mobile phone business card
WO2006010913A1 (en) Remote smartcard application management
CN112367339B (en) System security login management method and device
CN111343170B (en) Electronic signing method and system
JP4156388B2 (en) AP addition / AP personalization method, implementation apparatus thereof, and processing program thereof
JP2003187194A (en) Terminal equipment, personal information processor and expiration information file generator
Katehakis et al. Interoperability infrastructure services to enable secure, cross-border, operational eHealth services in Europe
Hühnlein et al. How to use iso/iec 24727-3 with arbitrary smart cards
KR101020059B1 (en) Method for Adjusting Memory of Working Element File in ICC
Gusarenko MODELING, OPTIMIZATION AND INFORMATION TECHNOLOGY
KR100971120B1 (en) Method for Adjusting Memory of Working Element File in Smart Card
Bühler et al. Security versus usability–user-friendly qualified signatures based on German ID cards
Paulus et al. The Czech Social Security Smart Card
CN112016920A (en) Integrated service platform, income certificate management method, device and medium
Kandus et al. Further Development of a Smart-card Based Health Care Information System in Slovenia
Sušelj et al. Slovene Smart-card and IP Based Health-Care Information System Infrastructure

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase