WO2011042330A1 - Method of communication between a reader and two smart cards - Google Patents

Method of communication between a reader and two smart cards Download PDF

Info

Publication number
WO2011042330A1
WO2011042330A1 PCT/EP2010/064294 EP2010064294W WO2011042330A1 WO 2011042330 A1 WO2011042330 A1 WO 2011042330A1 EP 2010064294 W EP2010064294 W EP 2010064294W WO 2011042330 A1 WO2011042330 A1 WO 2011042330A1
Authority
WO
WIPO (PCT)
Prior art keywords
smart card
reader
command
master
contactless
Prior art date
Application number
PCT/EP2010/064294
Other languages
French (fr)
Inventor
Alain Rhelimi
Serge Barbe
Original Assignee
Gemalto Sa
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gemalto Sa filed Critical Gemalto Sa
Publication of WO2011042330A1 publication Critical patent/WO2011042330A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0866Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means by active credit-cards adapted therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/0008General problems related to the reading of electronic memory record carriers, independent of its reading method, e.g. power transfer
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/0013Methods or arrangements for sensing record carriers, e.g. for reading patterns by galvanic contacts, e.g. card connectors for ISO-7816 compliant smart cards or memory cards, e.g. SD card readers
    • G06K7/0056Methods or arrangements for sensing record carriers, e.g. for reading patterns by galvanic contacts, e.g. card connectors for ISO-7816 compliant smart cards or memory cards, e.g. SD card readers housing of the card connector
    • G06K7/006Methods or arrangements for sensing record carriers, e.g. for reading patterns by galvanic contacts, e.g. card connectors for ISO-7816 compliant smart cards or memory cards, e.g. SD card readers housing of the card connector the housing being a portable casing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/0013Methods or arrangements for sensing record carriers, e.g. for reading patterns by galvanic contacts, e.g. card connectors for ISO-7816 compliant smart cards or memory cards, e.g. SD card readers
    • G06K7/0056Methods or arrangements for sensing record carriers, e.g. for reading patterns by galvanic contacts, e.g. card connectors for ISO-7816 compliant smart cards or memory cards, e.g. SD card readers housing of the card connector
    • G06K7/0073Methods or arrangements for sensing record carriers, e.g. for reading patterns by galvanic contacts, e.g. card connectors for ISO-7816 compliant smart cards or memory cards, e.g. SD card readers housing of the card connector having multiple insertion slots, the respective slots suited for the same or different card form factors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/357Cards having a plurality of specified features
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/363Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes with the personal data of a user
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0873Details of the card reader

Definitions

  • the invention relates to the execution of a secure transaction using a smart card, particularly the performance of a transaction with a smart card of a type widely used and standardised, such as a smart bank card.
  • a smart card reader has two communication interfaces designed to receive two respective smart cards, for example a smart bank card and the smart card of a merchant.
  • the communication interfaces have metal strips designed to make electrical contact with the surface contacts of the smart cards.
  • the reader plays the part of master and the smart cards play that of slaves.
  • the smart cards merely respond to a secure application of the reader that is querying them.
  • the secure application is for instance executed in the reader to make it possible to enter the amount of a transaction and carry out authentication and holder verifications on each card before the transaction is validated.
  • the reliability of such a reader can in practice turn out to be relatively limited, because communication with one of the cards can be interrupted in a hostile or aggressive environment. Also the communication interfaces of the reader are relatively sensitive to degradation when the reader is permanently in a public place. Further, updating the secure applications of the reader may be tricky. Also, the cost of a reader with a dedicated application can put users off purchasing such a piece of equipment.
  • the invention is aimed at solving one or more of these drawbacks.
  • the invention thus relates to a communication method between a master smart card and a slave smart card through a smart card reader, where the master smart card runs an application designed to carry out a secure transaction with the slave smart card.
  • the method comprises the following steps:
  • the said application of the master smart card transmits to the reader a command intended for the slave smart card
  • the reader transmits the command to the slave smart card
  • the slave smart card transmits to the reader a response to the command;
  • the reader transmits the response to the master smart card and signals that it is available for a new command;
  • the said application of the master smart card processes the said response; - the said smart cards are contactless smart cards, the smart card reader has a contactless communication interface (1 ), the said transmissions are carried out from and to the contactless communication interface.
  • the invention also relates to a contactless smart card, comprising:
  • the invention further relates to a contactless smart card reader comprising a contactless communication interface and a processing module that is capable, through the contactless communication interface, of receiving commands from a first smart card running a secure master application, indicating that it is available for receiving commands from the first smart card, transmitting a command received from the first smart card to a second smart card, receiving a response from the second smart card and transmitting the response received to the first smart card.
  • the reader comprises a display screen and a command interface for users
  • the processing module is capable of offering the running of a secure application of a contactless smart card on the display screen, determining the selection by the user of a secure application through the command interface, and indicating that it is available for receiving commands to the smart card with the selected secure application.
  • the invention further relates to a system comprising:
  • FIG. 1 is a schematic representation of a contactless smart card reader capable of applying the invention
  • FIG. 2 is a schematic representation of a master smart card
  • FIG. 3 is a schematic representation of a reader carrying out a contactless transaction with a master smart card and a slave smart card;
  • - figure 4 represents an example of exchange of messages between the reader and the smart cards
  • FIG. 5 and 6 represent a perspective view of a mode of embodiment of a reader associated with a master smart card and a slave smart card.
  • the invention is aimed at achieving communication between a contactless master smart card and a contactless slave smart card through a contactless smart card reader.
  • the master smart card runs an application for carrying out a secure transaction with the slave smart card.
  • the application transmits a command to the reader, which command is intended for the slave smart card.
  • the reader transmits the command to the slave smart card.
  • the slave smart card transmits to the reader a response to the command.
  • the reader transmits the response to the master smart card and signals that it is available for a new command.
  • the application of the master smart card processes the response to continue the transaction.
  • the contactless communication interface of the reader with the cards allows reliable communication in difficult environments, for example potentially soiled environments such as petrol pumps, highly humid environments or abrasive environments. That does away with the lack of reliability of communication of a contact type interface, where the deterioration of electrical contacts can lead to the impossibility to communicate. Also, the resistance of the reader in a hostile environment is increased.
  • the reader in the invention is thus insensitive to the vandalism to which the reading interfaces of contact type smart cards are exposed (blocking or destruction of the smart card insertion rail, for instance) for example when they are installed in parking meters. Besides, the invention makes it possible to have a reader with a reduced cost and reduced functions, since it need not necessarily have a secure application.
  • the cost of the reader may be spread over several reader users without risking security flaws, since the secure application is stored in a distinct master card that is dedicated to each user. New dedicated secure applications may further be distributed easily by supplying a master card to each user, e.g. through the post.
  • the reader no longer limits the number of secure applications that can be applied, since the reader may be used for as many secure applications as there are secure cards.
  • the invention further makes it possible to implement the secure transaction with no need for modifying the slave cards that are already in circulation, such as the bank smart cards that are currently so largely widespread.
  • NFC Near Field contactless communication
  • Such communication is based on the modulation of a magnetic field produced firstly by the coil of the smart card reader and in return on the modulation of the current induced by coupling in the coil of a card.
  • Modulation protocols for NFC transmission have particularly been defined in standards such as ISO 14443 and ISO 18092 as are the associated additional layers such as NFC Peer to Peer.
  • FIG. 1 is a schematic representation of a smart card reader 1 .
  • the smart card reader 1 comprises a display 1 1 with a liquid crystal screen and a keypad 12 forming interfaces for communication with a user.
  • the reader 1 further comprises a processing module 13 capable of managing the working of the display 1 1 and the keypad 12.
  • the display 1 1 may for example display choices to the user, instructions or transaction amounts.
  • the keypad 12 may for instance be used to enter a transaction amount, a personal identification number (PIN) or to select an option of reader 1 .
  • the reader 1 further comprises, in a manner known in itself, a contactless communication interface 14 adapted for communicating with smart cards.
  • the interface 14 is connected to the processing module 13.
  • the processing module 13 is capable, in a manner known in itself, of managing the non collision of the smart cards present in the communication field of its interface 14.
  • the processing module 13 comprises a so- called reflector application, the working of which is detailed below. That reflector application is generic and is used to route a command or a response from one smart card to another smart card.
  • Figure 2 is a schematic representation of the structure of the integrated circuit of a smart card 2.
  • the integrated circuit particularly comprises a processing module 21 , a RAM 22, a ROM 23, a rewritable non-volatile memory 24, a surface contact communication interface 25 and a contactless transmission interface 26. These different components are connected in a manner known in itself by appropriate circuits.
  • the master smart card 2 saves a software application that is designed to manage a secure transaction with another smart card, either in the ROM 23 or in the non-volatile memory 24. That secure application runs by means of a processing module 21 and the ROM 22.
  • the secure application carries out the functions usually carried out by a smart card reader to carry out a secure transaction.
  • the secure application operates as the master in relation to the slave smart card, and the application generates the commands and requests to be applied on the slave smart card to carry out the transaction.
  • the master smart card 2 may contain several different secure applications that may be used by the user of the reader 1 .
  • the secure applications may be of different types - bank transactions, access control etc.
  • the structure of the reader 1 may be greatly simplified.
  • a simple non-dedicated reader that transfers commands and responses between the smart cards may be used.
  • the reader may for example comprise a processing module made using wired logic and not designed to be updated.
  • more complex readers with secure applications may also be used to implement the invention.
  • the card 2 may be personalised with a secure application using any appropriate means, either in a personalisation centre or remotely using the so-called OTA process.
  • FIG. 3 is a schematic illustration of the reader 1 used to carry out a secure transaction between the master smart card 2 and the slave smart card 3.
  • the slave card 3 may be of any type that is already in service and that card may be used in the same way as part of the invention: the slave card 3 always receives commands, to which it merely responds.
  • One example of secure transaction will now be detailed.
  • the reader 1 initially carries out an anti-collision phase with the smart cards placed in its field of contactless communication.
  • the reader 1 can ask the user to select a master card from several cards present in its field of communication, through the screen 1 1 and the keypad 12.
  • the reader 1 may also select one secure application from a master smart card for carrying out a secure transaction when several secure applications are available.
  • step 101 the reader 1 first determines that a secure application of the smart card puce 2 is master in a transaction with the smart card 3. The reader 1 transmits a message to the smart card 2 to request a command.
  • step 102 the smart card 2 transmits a command to the reader 1 , which command is intended for the slave smart card 3.
  • step 103 the reader 1 transmits the command to the slave smart card 3.
  • step 104 the slave smart card 3 sends a response to the command from the reader 1 .
  • step 105 the reader 1 sends the response to the master smart card 2 and signals to it that it is available for a new command.
  • the secure application of the smart card 2 processes the response received and possibly sends a new command intended for the slave smart card 3 to the reader 1 , to allow the transaction to continue.
  • the reader 1 is capable of operating as a reflector to receive a command from the card 2 and send it on to the card 3. Further, the reader 1 is capable of receiving a response from the card 3 sending it on to the card 2. Besides, the reader 1 is capable of requesting a command from the card 2 or signalling to it that it is available for receiving a new command.
  • the card 2 is capable of generating commands intended for the slave card 3. The card 2 is also capable of interpreting the messages from the reader 1 asking for a command or indicating that it is available for such a command.
  • the reader 1 selects a card with each exchange and suspends all the others. During communication between the master card 2 and the slave card 3, the reader thus sequentially selects each of the two cards. Thus, reader 1 communicates simultaneously with only one of the cards.
  • the reader 1 can establish a communication tunnel with each card, the data exchanged being encrypted or otherwise, in a manner known in itself.
  • the smart cards 2 and 3 can communicate with the reader 1 through standardised communication protocols (such as ISO 14443, ISO 18092 or JIS X6319-4) or through a proprietary protocol. In respect of known standardised communication protocols, the invention may be implemented by defining new messages to ask for a new command from the master smart card or indicate that it is available for a new command.
  • Figures 5 and 6 represent a perspective view of a mode of embodiment of a reader 1 alongside smart cards 2 and 3.
  • the reader 1 advantageously comprises a slot for holding card 2 in place, enabling its holder to free their hands to manipulate the reader 1 and particularly the keypad 12.
  • the slot takes the form of a slide made in the lower part of the reader 1 .
  • the reader 1 can advantageously also include another slot to hold the card 3 in place.
  • the reader 1 can have a long-range connection to a server such as a payment server. That long-distance connection may be made through a GSM or GPRS link or through a link of the Bluetooth LAP type.
  • the reader 1 may for example be implemented in the form of a permanent public terminal that may be used by different users with their own master smart card comprising a secure application.
  • a terminal could for example be used in a market, where different merchants would each have their master smart card to carry out secure cash transactions with customers.
  • the invention could be implemented with all types of contactless smart card, a SIM card inserted in a mobile telephone with an NFC function could particularly emulate the functioning of a contactless smart card.
  • the reader 1 can allow one or more smart cards 2 or 3 to operate as the master for one of the devices, the screen 1 1 or the keypad 12 in the illustrated example.
  • the reader 1 can to that end comprise a reflector application responsible for retrieving a command from a smart card operating as the master, conveying the command to a peripheral device, collecting a response from the device and passing on the response to the smart card.

Landscapes

  • Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Artificial Intelligence (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Strategic Management (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Business, Economics & Management (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Finance (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)

Abstract

The invention relates to a method of communication between a contactless master smart card (2) and a contactless slave smart card (3) through a smart card reader with a contactless communication interface (1 ), where the master smart card (2) runs an application designed to perform a secure transaction with the slave smart card (2), where the method includes the steps below: - the said application of the master smart card (2) transmits to the reader a command intended for the slave smart card (3); - the reader transmits the command to the slave smart card; - the slave smart card transmits to the reader a response to the command; - the reader transmits the response to the master smart card and signals that it is available for a new command; - the said application of the master smart card (2) processes the said response.

Description

METHOD OF COMMUNICATION BETWEEN A READER AND TWO
SMART CARDS
The invention relates to the execution of a secure transaction using a smart card, particularly the performance of a transaction with a smart card of a type widely used and standardised, such as a smart bank card.
A secure transaction process between two smart cards and a smart card reader is known. For that purpose, a smart card reader has two communication interfaces designed to receive two respective smart cards, for example a smart bank card and the smart card of a merchant. The communication interfaces have metal strips designed to make electrical contact with the surface contacts of the smart cards.
During a transaction, the reader plays the part of master and the smart cards play that of slaves. In practice, the smart cards merely respond to a secure application of the reader that is querying them. The secure application is for instance executed in the reader to make it possible to enter the amount of a transaction and carry out authentication and holder verifications on each card before the transaction is validated.
The reliability of such a reader can in practice turn out to be relatively limited, because communication with one of the cards can be interrupted in a hostile or aggressive environment. Also the communication interfaces of the reader are relatively sensitive to degradation when the reader is permanently in a public place. Further, updating the secure applications of the reader may be tricky. Also, the cost of a reader with a dedicated application can put users off purchasing such a piece of equipment.
The invention is aimed at solving one or more of these drawbacks. The invention thus relates to a communication method between a master smart card and a slave smart card through a smart card reader, where the master smart card runs an application designed to carry out a secure transaction with the slave smart card. The method comprises the following steps:
- the said application of the master smart card transmits to the reader a command intended for the slave smart card;
- the reader transmits the command to the slave smart card;
- the slave smart card transmits to the reader a response to the command; - the reader transmits the response to the master smart card and signals that it is available for a new command;
- the said application of the master smart card processes the said response; - the said smart cards are contactless smart cards, the smart card reader has a contactless communication interface (1 ), the said transmissions are carried out from and to the contactless communication interface.
The invention also relates to a contactless smart card, comprising:
- a contactless communication interface;
- a memory that saves an application capable of determining, through the communication interface, that a reader is available for submitting a command intended for another smart card, submitting such a command to the reader and carrying out a secure transaction with the said other card;
- a processing module capable of running the saved application.
The invention further relates to a contactless smart card reader comprising a contactless communication interface and a processing module that is capable, through the contactless communication interface, of receiving commands from a first smart card running a secure master application, indicating that it is available for receiving commands from the first smart card, transmitting a command received from the first smart card to a second smart card, receiving a response from the second smart card and transmitting the response received to the first smart card.
In one variant, the reader comprises a display screen and a command interface for users, and the processing module is capable of offering the running of a secure application of a contactless smart card on the display screen, determining the selection by the user of a secure application through the command interface, and indicating that it is available for receiving commands to the smart card with the selected secure application.
The invention further relates to a system comprising:
- a smart card reader as described above;
- a smart card as described above;
- a contactless smart card capable of responding to commands sent by the reader.
Other characteristics and benefits of the invention will become clear in the description below, which is provided for information and not limitative in any way, by reference to the drawings attached, where:
- figure 1 is a schematic representation of a contactless smart card reader capable of applying the invention;
- figure 2 is a schematic representation of a master smart card;
- figure 3 is a schematic representation of a reader carrying out a contactless transaction with a master smart card and a slave smart card;
- figure 4 represents an example of exchange of messages between the reader and the smart cards;
- figures 5 and 6 represent a perspective view of a mode of embodiment of a reader associated with a master smart card and a slave smart card.
The invention is aimed at achieving communication between a contactless master smart card and a contactless slave smart card through a contactless smart card reader. The master smart card runs an application for carrying out a secure transaction with the slave smart card. The application transmits a command to the reader, which command is intended for the slave smart card. The reader transmits the command to the slave smart card. The slave smart card transmits to the reader a response to the command. The reader transmits the response to the master smart card and signals that it is available for a new command. The application of the master smart card processes the response to continue the transaction.
The contactless communication interface of the reader with the cards allows reliable communication in difficult environments, for example potentially soiled environments such as petrol pumps, highly humid environments or abrasive environments. That does away with the lack of reliability of communication of a contact type interface, where the deterioration of electrical contacts can lead to the impossibility to communicate. Also, the resistance of the reader in a hostile environment is increased. The reader in the invention is thus insensitive to the vandalism to which the reading interfaces of contact type smart cards are exposed (blocking or destruction of the smart card insertion rail, for instance) for example when they are installed in parking meters. Besides, the invention makes it possible to have a reader with a reduced cost and reduced functions, since it need not necessarily have a secure application. Also, the cost of the reader may be spread over several reader users without risking security flaws, since the secure application is stored in a distinct master card that is dedicated to each user. New dedicated secure applications may further be distributed easily by supplying a master card to each user, e.g. through the post. The reader no longer limits the number of secure applications that can be applied, since the reader may be used for as many secure applications as there are secure cards. The invention further makes it possible to implement the secure transaction with no need for modifying the slave cards that are already in circulation, such as the bank smart cards that are currently so largely widespread.
Near field contactless communication is generally known as NFC (Near Field Communication). Such communication is based on the modulation of a magnetic field produced firstly by the coil of the smart card reader and in return on the modulation of the current induced by coupling in the coil of a card. Modulation protocols for NFC transmission have particularly been defined in standards such as ISO 14443 and ISO 18092 as are the associated additional layers such as NFC Peer to Peer.
Figure 1 is a schematic representation of a smart card reader 1 . In a manner known in itself, the smart card reader 1 comprises a display 1 1 with a liquid crystal screen and a keypad 12 forming interfaces for communication with a user. The reader 1 further comprises a processing module 13 capable of managing the working of the display 1 1 and the keypad 12. The display 1 1 may for example display choices to the user, instructions or transaction amounts. The keypad 12 may for instance be used to enter a transaction amount, a personal identification number (PIN) or to select an option of reader 1 . The reader 1 further comprises, in a manner known in itself, a contactless communication interface 14 adapted for communicating with smart cards. The interface 14 is connected to the processing module 13. The processing module 13 is capable, in a manner known in itself, of managing the non collision of the smart cards present in the communication field of its interface 14. The processing module 13 comprises a so- called reflector application, the working of which is detailed below. That reflector application is generic and is used to route a command or a response from one smart card to another smart card. Figure 2 is a schematic representation of the structure of the integrated circuit of a smart card 2. The integrated circuit particularly comprises a processing module 21 , a RAM 22, a ROM 23, a rewritable non-volatile memory 24, a surface contact communication interface 25 and a contactless transmission interface 26. These different components are connected in a manner known in itself by appropriate circuits.
The master smart card 2 saves a software application that is designed to manage a secure transaction with another smart card, either in the ROM 23 or in the non-volatile memory 24. That secure application runs by means of a processing module 21 and the ROM 22.
The secure application carries out the functions usually carried out by a smart card reader to carry out a secure transaction. The secure application operates as the master in relation to the slave smart card, and the application generates the commands and requests to be applied on the slave smart card to carry out the transaction. The master smart card 2 may contain several different secure applications that may be used by the user of the reader 1 . The secure applications may be of different types - bank transactions, access control etc.
Due to the location of the secure application on the master smart card 2, the structure of the reader 1 may be greatly simplified. A simple non-dedicated reader that transfers commands and responses between the smart cards may be used. By using the secure application of the master smart card 2, a secure transaction may be carried out independently of the type of reader used. The reader may for example comprise a processing module made using wired logic and not designed to be updated. Of course, more complex readers with secure applications may also be used to implement the invention. The card 2 may be personalised with a secure application using any appropriate means, either in a personalisation centre or remotely using the so-called OTA process.
Figure 3 is a schematic illustration of the reader 1 used to carry out a secure transaction between the master smart card 2 and the slave smart card 3. The slave card 3 may be of any type that is already in service and that card may be used in the same way as part of the invention: the slave card 3 always receives commands, to which it merely responds. One example of secure transaction will now be detailed. The reader 1 initially carries out an anti-collision phase with the smart cards placed in its field of contactless communication. The reader 1 can ask the user to select a master card from several cards present in its field of communication, through the screen 1 1 and the keypad 12. The reader 1 may also select one secure application from a master smart card for carrying out a secure transaction when several secure applications are available.
One example of data routing between the reader 1 and the smart cards 2 and 3 is illustrated by reference to figure 4. In step 101 , the reader 1 first determines that a secure application of the smart card puce 2 is master in a transaction with the smart card 3. The reader 1 transmits a message to the smart card 2 to request a command.
In response, in step 102, the smart card 2 transmits a command to the reader 1 , which command is intended for the slave smart card 3.
In step 103, the reader 1 transmits the command to the slave smart card 3.
In step 104, the slave smart card 3 sends a response to the command from the reader 1 .
In step 105, the reader 1 sends the response to the master smart card 2 and signals to it that it is available for a new command. The secure application of the smart card 2 processes the response received and possibly sends a new command intended for the slave smart card 3 to the reader 1 , to allow the transaction to continue.
To implement the method, the reader 1 is capable of operating as a reflector to receive a command from the card 2 and send it on to the card 3. Further, the reader 1 is capable of receiving a response from the card 3 sending it on to the card 2. Besides, the reader 1 is capable of requesting a command from the card 2 or signalling to it that it is available for receiving a new command. The card 2 is capable of generating commands intended for the slave card 3. The card 2 is also capable of interpreting the messages from the reader 1 asking for a command or indicating that it is available for such a command.
The reader 1 selects a card with each exchange and suspends all the others. During communication between the master card 2 and the slave card 3, the reader thus sequentially selects each of the two cards. Thus, reader 1 communicates simultaneously with only one of the cards. The reader 1 can establish a communication tunnel with each card, the data exchanged being encrypted or otherwise, in a manner known in itself.
The smart cards 2 and 3 can communicate with the reader 1 through standardised communication protocols (such as ISO 14443, ISO 18092 or JIS X6319-4) or through a proprietary protocol. In respect of known standardised communication protocols, the invention may be implemented by defining new messages to ask for a new command from the master smart card or indicate that it is available for a new command. Figures 5 and 6 represent a perspective view of a mode of embodiment of a reader 1 alongside smart cards 2 and 3. The reader 1 advantageously comprises a slot for holding card 2 in place, enabling its holder to free their hands to manipulate the reader 1 and particularly the keypad 12. The slot takes the form of a slide made in the lower part of the reader 1 . The reader 1 can advantageously also include another slot to hold the card 3 in place.
The reader 1 can have a long-range connection to a server such as a payment server. That long-distance connection may be made through a GSM or GPRS link or through a link of the Bluetooth LAP type.
The reader 1 may for example be implemented in the form of a permanent public terminal that may be used by different users with their own master smart card comprising a secure application. Such a terminal could for example be used in a market, where different merchants would each have their master smart card to carry out secure cash transactions with customers.
The invention could be implemented with all types of contactless smart card, a SIM card inserted in a mobile telephone with an NFC function could particularly emulate the functioning of a contactless smart card.
Advantageously, the reader 1 can allow one or more smart cards 2 or 3 to operate as the master for one of the devices, the screen 1 1 or the keypad 12 in the illustrated example. The reader 1 can to that end comprise a reflector application responsible for retrieving a command from a smart card operating as the master, conveying the command to a peripheral device, collecting a response from the device and passing on the response to the smart card.

Claims

A communication method between a master smart card (2) and a slave smart card (3) through a smart card reader, where the master smart card (2) runs an application designed to carry out a secure transaction with the slave smart card (2) and where the method includes the following steps:
- the said application of the master smart card (2) transmits to the reader a command intended for the slave smart card (3);
- the reader transmits the command to the slave smart card;
- the slave smart card transmits to the reader a response to the command;
- the reader transmits the response to the master smart card and signals that it is available for a new command;
- the said application of the master smart card (2) processes the said response;
- the said smart cards are contactless smart cards, the smart card reader has a contactless communication interface (1 ) and the said transmissions are made from and to the contactless communication interface.
2. A contactless smart card (3) characterised in that it comprises:
- a contactless communication interface (26);
- a memory (22,23) to save an application capable of identifying the availability of a reader (1 ) through the communication interface in order to submit a command intended for another smart card, submitting such a command to the reader and carrying out a secure transaction with the said other card (3);
- a processing module (21 ) capable of running the saved application.
3. A contactless smart card reader (1 ) characterised in that it comprises a contactless communication interface and a processing module (13) capable of receiving, through the contactless communication interface, commands from a first smart card (2) executing a master secure application, indicating that it is available for receiving commands from the first smart card, transmitting a command received from the first smart card to a second smart card (3), receiving a response from the second smart card and transmitting the response received to the first smart card (2).
4. A reader according to claim 3, comprising a display screen and a command interface for a user, where the processing module is capable of offering on the display screen the running of a secure application of a contactless smart card, determining the selection by the user of a secure application through the command interface and indicating that it is available for receiving commands to the smart card with the selected secure application.
5. A system comprising:
- a smart card reader (1 ) according to claim 3 or 4;
- a smart card (2) according to claim 2;
- a contactless smart card (3) capable of responding to the commands transmitted by the reader (1 ).
PCT/EP2010/064294 2009-10-05 2010-09-28 Method of communication between a reader and two smart cards WO2011042330A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP09305943A EP2306414A1 (en) 2009-10-05 2009-10-05 Communication method between a reader and two chip cards
EP09305943.4 2009-10-05

Publications (1)

Publication Number Publication Date
WO2011042330A1 true WO2011042330A1 (en) 2011-04-14

Family

ID=41650427

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2010/064294 WO2011042330A1 (en) 2009-10-05 2010-09-28 Method of communication between a reader and two smart cards

Country Status (2)

Country Link
EP (1) EP2306414A1 (en)
WO (1) WO2011042330A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3104297B1 (en) * 2015-06-08 2019-12-18 IDEMIA France Slave smartcard used as a memory extension for a master smartcard

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0355372A1 (en) * 1988-07-20 1990-02-28 SPA Syspatronic AG Data carrier controlled terminal for a data exchange system
US5036461A (en) * 1990-05-16 1991-07-30 Elliott John C Two-way authentication system between user's smart card and issuer-specific plug-in application modules in multi-issued transaction device
EP1571607A2 (en) * 1994-01-10 2005-09-07 France Telecom Transactions system comprising terminals and memory cards and corresponding memory cards

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0355372A1 (en) * 1988-07-20 1990-02-28 SPA Syspatronic AG Data carrier controlled terminal for a data exchange system
US5036461A (en) * 1990-05-16 1991-07-30 Elliott John C Two-way authentication system between user's smart card and issuer-specific plug-in application modules in multi-issued transaction device
EP1571607A2 (en) * 1994-01-10 2005-09-07 France Telecom Transactions system comprising terminals and memory cards and corresponding memory cards

Also Published As

Publication number Publication date
EP2306414A1 (en) 2011-04-06

Similar Documents

Publication Publication Date Title
KR100768154B1 (en) Wireless communication device providing a contactless interface for a smart card reader
US8116678B2 (en) Methods, systems and computer program products for interacting with ISO 14443-4 and MIFARE® applications on the same wireless smart device during a common transaction
RU2427917C2 (en) Device, system and method to reduce time of interaction in contactless transaction
CA2837491C (en) System and method of loading a transaction card and processing repayment on a mobile device
US8600899B1 (en) Vending data communications systems
US20080235132A1 (en) Transactional Device With Anticipated Pretreatment
KR101582682B1 (en) Smart card telephone comprising such a card and method for executing a command in such a card
KR101663168B1 (en) Method for generating multi card, method for using multi card and multi card system
EP1199684A2 (en) A method of, and retail transaction station for, associating a customer transaction account with a customer identifier
CN103946880A (en) Fuel dispensing environment utilizing mobile payment
EP2823448A1 (en) Systems, methods, and computer readable media for conducting an electronic transaction via a backend server system
EP2774099A1 (en) Methods, systems, and computer readable media for provisioning and utilizing an aggregated soft card on a mobile device
KR101594175B1 (en) Smartcard telephone comprising such a card and method for executing a command in such a card
US20220207530A1 (en) Dynamic application selection based on contextual data
US8066193B2 (en) Smartcard, telephone comprising such a card and method for executing a command in such a card
CN104641388A (en) Nfc transaction processing systems and methods
EP2582062A1 (en) System, method and readable media for mobile distribution and transaction applied in near field communication (nfc) service
WO2011042330A1 (en) Method of communication between a reader and two smart cards
CN105512882A (en) HCE-based payment method and apparatus
CN114519580A (en) Payment request method, payment method, terminal and storage medium for near field communication
JP2004252738A (en) Settlement processor and settlement processing system
CN115942290A (en) NFC communication method, device, system and storage medium
CN102479405A (en) Portable storage device as well as use method and system thereof
CN109003064A (en) Payment system
KR20060012389A (en) Mobile station with off-card module interface device and method for interfacing between mobie server and ic card using the mobile station

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10760664

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10760664

Country of ref document: EP

Kind code of ref document: A1