Personal data carrier cards, which have an electronically readable data carrier in the form of a magnetic memory, a chip memory or an optical memory area, are used diversely as access-authorization cards, credit cards, debit cards (for example phone cards) or cards for health insurance finds. Furthermore, it has recently been repeatedly proposed to utilize the high storage capacity of optical memory cards (Optical Memory Card=OMC) or hybrid cards (Optical Memory Chip Card=OMCC) to store personal data in encoded form, in particular medical information, in a format you can take with you all the time--so-called smart cards.
The usability of such card systems depends on the existence and maintenance of a not inconsiderable infrastructure of reading/writing devices, which have to be maintained by the card users.
The cards are therefore in each case issued by the companies making the cards and the necessary infrastructure available in return for a user fee for a limited amount of use, the cards containing information on the authorized amount of use and losing their validity once the amount of use has been used up. In this case, the amount of use may be defined by a period of use, defined by an expiry date, or by an intensity of use, for example frequency of use, or a value of the card, which is stored in the card and is updated each time it is used (residual value).
The amount of use of the card is respectively extended by making available a new card, the old card becoming invalid.
This revalidation process is no longer economical, for reasons of cost alone, if the body of the card itself is of a technically complex design, for example in the form of an optical memory card, a chip card comprising a plurality of chips or in the form of hybrid optical memory chip cards. In addition, liquidation of the old card is ruled out if it serves for storing personal data, for example medical data, since the stored data are lost in the liquidation. Sending in the card for revalidation by the company making it available is likewise ruled out, since the card would not be available during the revalidation period and there are objections from the point of view of data protection rights.
There is therefore a need for a method of revalidating cards in an off-line process in which the card on the one hand remains with the user and on the other hand improper, unauthorized revalidation can be reliably ruled out.