Electronic transactions, such as credit card transactions, can be conducted using smart cards. A smart card is a device that includes an embedded integrated circuit chip that can be either a secure processing module (e.g., microprocessor, microcontroller or equivalent intelligence) with an internal or external memory or a memory chip alone. The smart card can be connected to a reader via direct physical contact or via a contactless (e.g., RF) interface. Smart cards come in many different form factors, including plastic cards, fobs, SIM cards used in mobile phones, and USB tokens. Smart cards can provide identification, authentication, data storage, and application processing, as well as serving as credit or ATM debit cards, phone or fuel cards, and high-security access-control cards for granting access to a building or computer.
Some smart cards and the corresponding reader terminals conform to international standards such as ISO 7816 and ISO 14443 that specify physical characteristics and various communication and security protocols. In the ISO 7816 standard, for example, communication between a reader (master) and a smart card (slave) takes place over a single bi-directional, half-duplex data line. Parameters such as protocol format, type of smart card, baud rate and other electrical parameters are read out of the smart card right after reset. This is known as the Answer to Reset, or ATR. Based on the information given in the ATR, the reader can adapt to the transmission format supported by the card. Similar messages are utilized in the early communication between ISO 14443 compliant terminals and smart cards.
When a smart card is inserted into the reader, all the contacts are disconnected from the reader, including ground. The reason for this is that the contacts in the terminal slide over the smart card contacts while the card is inserted. Applying power to the wrong pins could in theory damage the card or the reader. When the card is properly inserted, there is usually an electrical contact that breaks connection, indicating to the reader that the card is fully inserted. Once inserted, the reader initiates a power on and reset sequence. The interface is responsible for the timing of the sequence. A conventional ISO smart card startup process is illustrated in the timing diagram of FIG. 8. The most important parameters are the clock cycle count before and after reset is released. The interface enables the clock and keeps it running for a predetermined number of clock cycles (typically 40,000) before reset is released. After reset, the smart card must respond with its ATR message within a window of a predetermined number of clock cycles, (typically 40000). If an ATR is not received from the smart card within the window, all the contacts are disconnected from the reader, thereby effectively disconnecting the smart card from the terminal/reader.
The conventional startup and transaction process utilizing a single ATR message illustrated in FIG. 8 presents a problem when the smart card is a biometric smart card. This is because it is not possible to perform a biometric authentication procedure including, for example, reading of a user's fingerprint, preparation of a fingerprint template, and comparison of the prepared fingerprint template to a stored reference fingerprint template of an authorized user, within the allowed window of predetermined clock cycles. Therefore, conventional startup and transmission schemes utilizing a single ATR message do not permit a biometric authentication in ISO-compliant smart cards.