The present invention relates to a method enabling a smart card to exchange data with an apparatus which includes an oscillator which is referred to as a permanent oscillator and is intended to supply the smart card with a clock signal, referred to as a permanent clock signal, in a permanent mode of operation.
A smart card includes an integrated circuit which is disposed on its surface and is provided with terminals for electrically contacting terminals of a connector which is accommodated in the apparatus which is usually an apparatus intended to receive and/or transmit data, such as a portable radio telephone, or a computer connected to a network, or a television signal decoder. The integrated circuit generally contains data necessary for the operation of the apparatus, for example a code enabling identification of the user having inserted the smart card into the apparatus, and the functions that the apparatus is allowed to offer to the relevant user.
The interactions between the apparatus and the smart card are described in a standard ISO/IEC 7816-3:1997.
A so-called activation phase of the smart card takes place in two steps: in a first mode of operation, referred to as a transitory mode of operation, the system formed by the combination of the smart card and the apparatus is not yet operational. The apparatus must first detect the presence of the smart card and then set the integrated circuit disposed on its surface to its nominal operating conditions, that is to say inter alia to provide it with a power supply voltage or to initialize data paths so that the integrated circuit can communicate with the apparatus. In a second mode of operation, referred to as the permanent mode of operation, the integrated circuit is supplied with a voltage and receives a permanent clock signal of a frequency which is called the operating frequency, and the data paths are ready to transport information between the integrated circuit and the apparatus. In the course of the transitory mode of operation the integrated circuit must receive a transitory clock signal whose frequency may differ from the operating frequency. Use is preferably made of a signal having a so-called transitory frequency which is lower than the operating frequency, thus enabling a reduction of the energy consumption of the integrated circuit in the transitory mode. Such a choice is particularly advantageous in the case of applications where the energy source used to supply the integrated circuit with its supply voltage is formed by a battery as is usually the case for a portable apparatus. Thus, at the end of the transitory mode of operation, the system has to switch over the signal applied as the clock signal to the integrated circuit provided on the surface of the smart card. Such switching over is performed by a switching device which, in response to a relevant command, replaces the transitory clock signal, constituting the clock signal of the integrated circuit in the course of the transitory mode of operation, by the permanent clock signal which is intended to constitute the clock signal of the integrated circuit in the permanent mode of operation.
The standard ISO/IEC 7816-3:1997 concisely describes a deactivation sequence for the smart card. Such deactivation takes place upon conclusion of a data exchange between the apparatus and the integrated circuit provided on the surface of the smart card, i.e. after the permanent mode has reached an end. Deactivation of the smart card must also take place when the power supply for the apparatus is untimely interrupted before the end of the permanent mode of operation, either by the user himself or by accident.
The deactivation sequence described in the standard ISO/IEC 7816-3:1997 specifies, without more detail, that the clock signal applied to the integrated circuit by the apparatus must be placed on hold in a low state which is formed by a logic level 0. However, if the interruption of the power supply for the apparatus is untimely, it may occur that the exchange of data between the apparatus and the integrated circuit has not yet been completed when the above-described deactivation takes place. This means that the integrated circuit still requires some clock pulses, for example in order to complete read/write operations taking place in a non-volatile memory included in the integrated circuit.
A pure and simple disappearance of the clock signal, such as described in the standard ISO/IEC 7816-3: 1997 thus involves the risk of inducing a loss of information, leading to incorrect information stored in the integrated circuit. This is not acceptable, particularly when taking into account the fact that the information stored in the integrated circuit of a smart card generally serves to protect and/or invoice financial transactions or communications.
It is an object of the present invention to remedy the described drawbacks by proposing a deactivation method enabling the integrated circuit disposed on the surface of the smart card to complete all read/write operations taking place at the instant of occurrence of an interruption of the power supply for the apparatus.
A method of the kind set forth in the opening paragraph according to the invention is characterized in that it includes the following steps:
detection, in the course of the permanent mode of operation, of an impending disappearance of the permanent clock signal before such a disappearance effectively takes place,
substitution of an auxiliary clock signal for the permanent clock signal.
According to this method, the permanent clock signal is replaced, before its effective disappearance, by an auxiliary clock signal. The integrated circuit disposed on the surface of the smart card thus receives, after the disappearance of the permanent clock signal, a number of clock pulses which suffices to complete all read/write operations taking place.
According to an alternative version of the invention, the auxiliary clock signal is formed by the transitory clock signal, so that it is not necessary to take recourse to a supplementary oscillator.
In a further version of the invention, the described method includes, inserted before the step for substituting the auxiliary clock signal for the permanent clock signal, a step for synchronizing these signals.
Such synchronization enables the prevention of untimely arrival of an active clock edge at the integrated circuit provided on the surface of the smart card. Such an untimely edge would occur if an active edge of the transitory clock signal were to appear before an active edge of the permanent clock signal, after the substitution of the transitory clock signal for the permanent clock signal has taken place but so early that said active front of the transitory clock signal cannot be taken into account by the integrated circuit, notably because of the existence of excessively long critical paths within said integrated circuit.
A further version of the described method according to the invention is characterized in that said detection consists of a comparison of the value of a supply voltage for the apparatus with a predetermined value.
Another version of the described method according to the invention is characterized in that the detection consists of a comparison of the value of the amplitude of the permanent clock signal with a predetermined value.
The invention also relates to an apparatus for carrying out said method, which apparatus includes:
a connector which is to be electrically connected to an integrated circuit present on the surface of said smart card and has at least one terminal which is referred to as a clock terminal and is intended to apply a clock signal to said integrated circuit,
a microcontroller which is intended to exchange data with said integrated circuit,
an oscillator which is referred to as a permanent oscillator and is intended to generate a permanent clock signal, and
a switching device which is intended to direct the permanent clock signal to the clock terminal in a permanent mode of operation,
which apparatus is characterized in that it also includes:
detection means for detecting an impending disappearance of the permanent clock signal, and
control means which enable, in the course of the permanent mode of operation, an auxiliary clock signal to be directed to the clock terminal upon detection of an impending disappearance of the permanent clock signal.
In such an apparatus the auxiliary clock signal is directed to the clock terminal of the connector as soon as an impending disappearance of the permanent clock signal is detected.
An attractive embodiment of the apparatus according to the invention also includes an interface module via which the smart card is intended to exchange data with the microcontroller, said interface module including an oscillator which is referred to as a transitory oscillator and is intended to supply the clock terminal with a transitory clock signal in a transitory mode of operation, said transitory clock signal constituting the auxiliary clock signal.
Because the interface module is realized in integrated form, and hence is powered by a voltage which is much lower than the voltage required by the apparatus for generating the permanent clock signal, the transitory clock signal will persist much longer than the permanent clock signal after the interruption of the power supply of the apparatus. This delay is sufficient to supply the integrated circuit with a number of clock pulses which suffices for completing all pending read/write operations.