1. Field of the Invention
The present invention relates to the post-initialization of a chip card, the chip card having a processor, a non-volatile memory and an operating system with operating commands which are utilizable in a user operating mode. A key for a cryptographic algorithm is written onto the chip card and, after conclusion of the initialization, the chip card is switched at least once to a post-initialization status, which is differentiated from the operating mode.
2. Description of the Related Art
The production of a chip card up to the point where it may be provided to a user is described in: Rankl/Effing: Handbuch der Chipkarten Manual of Chip Cards!, Karl Hanser Verlag, 1996. After a module with the semiconductor chip is embedded into the card, all global data are written onto the chip card during the course of an initialization. These data are, for one thing, all data of an application which do not change from card to card and, for another, all of the person-independent data, which are also the same in every card. The initialization is the last production step in which all cards may be handled equally. For this reason, the initialization is performed on high-speed machines functioning in parallel. The individual-card related data of the application and the data related to specific persons are not loaded onto the chip card until the following production step, the personalization.
The production-technological reason for the differentiation into global, general data and individual or person-related data lies especially in the minimization of processing costs. Machines for personalization which are capable of writing individual data onto every chip card while maintaining the required security precautions are highly expensive because of the technology, and they have a low throughput rate of approximately 700 pieces per hour.
However, the separation of the production steps into initialization and personalization of a chip card is also of special significance from the standpoint of security technology. The illegal acquisition of personal data is made more difficult as a result of this separation.
If it should occur that, after the conclusion of the initialization, additional applications are to be written onto a small number of chip cards, then a post-initialization of the chip cards is required. A procedure for the subsequent writing of applications onto chip cards is known from EP-A2-0 361 491. In this process, the memory areas of the chip card which may be written to are provided with a control flag by means of a cryptographic function. This control flag is generated when a partial area of the memory of a chip card is defined as usable. The definition of partial areas of the memory as usable for specific applications takes place during initialization. In order to make it possible to write applications after the conclusion of initialization, memory areas in addition to the applications written at the time of initialization are defined and provided with a control flag, thus indicating the usability of these memory areas. These additional memory areas remain unused initially. During the later process for secondary loading of an additional application, these control flags allow recognition of whether a specific memory area may be utilized for the additional application to be written.
A disadvantage of the process described is that it is necessary to recognize at the time of the initialization which and how many additional applications are to be written onto a chip card at some time after the conclusion of the initialization. Since the memory area on the chip card is very limited, it would not be cost-effective to define usable memory areas with control flags during the process of initialization if they would not be written with additional applications at a later time. On the other hand, it would be a defect which could not be corrected if an inadequate memory area with control flags were created during the initialization.
A further procedure which is used to write additional applications onto the chip card is the secondary expansion of the personalization commands. As a result of this, especially additional personalization commands which are useful for the generation of file structures and file contents on the chip card are written as an additional program code into the memory of the chip card. With the help of these additional personalization commands, it is then possible to post-initialize the chip card. By the writing of the additional program code, the quantity of data to be stored on the chip card is increased. This has the disadvantage that only a very limited memory area is available on the chip card.
A further disadvantage of the known procedure is that the personalization commands for post-initialization to be written to the chip card can only be used in the specific personalization mode as provided by the manufacturer, which is dependent on the given operating system.