This invention relates to integrated circuit (IC) cards, such as smart cards, and methods for using IC cards for modifying data values held by the cards. This invention may also be extended to other types of IC devices with limited memory and processing capabilities, such as smart diskettes, electronic wallets, PC cards, and the like.
Today, there is increasing use of xe2x80x9csmart cardsxe2x80x9d in place of, or in addition to, conventional magnetic stripe cards. A xe2x80x9csmart cardxe2x80x9d is a thin card about the size of a credit card, with a built-in processor that enables the card to create data in response to external stimuli. The processor is a single-wafer integrated circuit (IC) which is mounted on an otherwise plastic card. For this reason, smart cards are often referred to as one class of xe2x80x9cintegrated circuit cardsxe2x80x9d or xe2x80x9cIC cardsxe2x80x9d.
As smart card technology becomes more pervasive, it paves the way for conducting a variety of new transactions, such as electronic money, which are not available with conventional mag-stripe cards. Smart cards also open up the arena for conducting certain new xe2x80x9cofflinexe2x80x9d transactions, which do not involve validating a card with a central authority. These offline electronic transactions are typically performed without the human intervention, such as from a sales clerk.
Smart cards are equipped with authentication capabilities used to establish the identity of an entity with which it is communicating. An identity can be an individual human being, a business, a piece of computing hardware, software code, a network node, an organizational role, or an accreditation agent. Smart cards also have authorization capabilities to control access to resources stored on the cards or elsewhere.
Smart cards typically store data as exact or specific values. For example, the age of a user is stored as a number of years, the salary of a user is stored as a dollar value, and credit of a user is stored as loyalty point precise counts. For many computations that are performed by identities outside of the smart card, these exact values are not necessary. Yet, because this is the only data that the smart card stores, it must be provided to the requesting identity. For example, to sell cigarettes to a cardholder, a merchant need only know that the cardholder is over 18 years of age. It is unnecessary for the merchant to know the exact age of the cardholder. In many instances where specific data values are not explicitly required by an identity, rendering such specific values can be undesirable. For example, an individual may wish to protect aspects of their privacy. Yet, having to provide specific data values to some requesting identities unnecessarily compromises their privacy. On the other side of the equation, requesting identities may not want to take possession of specific data values if they do not need them for their purposes. Possessing more information than is necessary could create liability for a particular identity. For example, an identity may require certain salary information for purposes of computing cardholder benefits. The benefits might be correlated with a variety of salary ranges rather than specific salary values. If a cardholder is only able to provide their specific salary value to a requesting identity, then the identity must, necessarily, come into possession of it in order to compute the benefits. Once in possession of the specific salary value, it becomes subject to compromise which, in turn, could create liability for the identity.
Accordingly, it would be desirable to provide a way of masking or modulating data relative to particular identities in accordance with the identities"" data needs.
This invention concerns an integrated circuit (IC) device, such as smart cards, electronic wallets, PC cards, and the like, and various methods for modifying data values held by the device.
The IC device has a memory and a processor. The IC device maintains an identity authentication table in the memory to hold an arbitrary number of identities. The identity authentication table correlates identities with authentication protocols, so that different protocols can be used to authenticate associated identities. The identity authentication table also correlates counts with the identities. Individual counts specify a number of uses that the IC device can assume a corresponding identity has been authenticated so that without requiring the IC device to authenticate the identity for each use.
The IC device also maintains an authentication vector in memory. The authentication vector tracks identities in the identity authentication table that are currently authenticated by the IC device.
The IC device further maintains authorization tables in the memory and in association with particular files used in transactions. Each authorization table defines authorization for a particular transaction as a Boolean expression of the identities listed in the identity authentication table.
The IC device further maintains a mask library in the memory that contains a plurality of masks. The masks are used to modify specific data values relative to different contexts. One exemplary context is associated with a particular identity that requests the data. Another exemplary context is associated with a particular transaction for which the data is required.
The IC device also maintains one or more mask association table in the memory. The tables are used to correlate the masks with information that is associated to data usage. Exemplary information can include various identities or transactions that require the data.
When the IC device receives an identity, it first looks to see if the identity is listed in the identity authentication table. If so, the IC device uses the corresponding protocol to authenticate the identity. If authentication proves successful, the IC device indicates in the authentication vector that this identity is currently authenticated.
When the IC device receives a request for a particular transaction, the IC device evaluates what identities need to be authenticated to satisfy the Boolean expression and gain authorization to perform the particular transaction using the authorization table. The IC device checks the authentication vector to determine if the identities needed to satisfy the Boolean expression are currently authenticated, and if so, authorizes the transaction.
When a transaction is authorized, the IC device determines whether a data mask is available for the transaction. If there is a data mask that applies, then the IC device uses the data mask to generalize specific data values into general representations of the data. The generalized representations are then returned to the requesting identity.