Portable data carrying devices having non-volatile storage configured to store secure data are known. An international standard has been developed relating to devices of this type having a size and configuration substantially similar of that of conventional credit cards. In addition to non-volatile storage, cards of this type may also be provided with a processing facility and in this configuration they have become generally known as "smart cards".
Data stored on smart cards may be used to represent many entities and cards of this type have become particularly popular for the storage of money tokens, where data held on the cards represents negotiable money as a replacement for negotiable notes and coinage. Money transactions using the card may be effected by the use of suitable terminal equipment, for example located beside a conventional cash register. A transaction involves reducing a data value on the card, and increasing a data value at a remote location, via the terminal. Cards may hold data values representing a finite amount of money. Transactions may also involve incrementing a money token on the card, while reducing a money token at a remote location, thereby increasing the amount of money represented on the card.
An IC card including a processor, a first memory for storing a system programme and a second memory for storing an application programme is disclosed in European patent publication No 0356257. A third memory is provided for storing data process by the processor and an input.backslash.output unit is provided for effecting input and output operations of programmes and data Device includes a programmes stop section for stopping the programme being executed on the processor at a specified address and a data output section for supplying the input.backslash.output unit with either one of a content of a register in the processor and the content of an area of an address of at least one of the first, second or third memories and the programme running on the processor is stopped.
Equipment may also be provided to transfer money directly from one card to another. Money transactions involve reducing a data count on one card while effecting a similar data increment on a cooperating card. Thus, in this way, the data held on both cards subsequent to a transaction taking place is consistent with a particular sum of money being transferred from one to the other.
A variety of financial transactions may therefore be effected by the use of smart cards, and over a variety of terminal equipment from a diverse range of shopping outlets and financial service providers. It is essential that an extremely high level of security is provided during such transactions, in order to avoid the possibility of electronic counterfeiting or other mischief.
A high security IC card is disclosed in European patent publication No 0636998. The IC card has a read only memory for storing an operation command and re-loadable memory for storing a plurality of control commands. A selecting unit selects control commands stored in the read only memory and one of the control commands stored in the re-loadable memory. The control unit for driving the IC card in accordance with the selected control commands is provided and the card provides high security such that it is capable of holding confidentiality of various commands. The card can be realised in a form which is adaptable to various application systems used for the IC card without re-writing the date in the read only memory and can provide high general versatility.
This requirement for high security places a limitation on the functionality of a smart card. In order for approval of its use by a financial institutions or a governing authority, the operations of the smart card must be shown to conform to a number of established highly secure protocols. Smart card functionality is therefore restricted at the time of manufacture in order to gain acceptance for its widespread use in the sensitive area of financial transactions. Thus, in known smart card systems, it is necessary to anticipate the precise functional requirements of a particular smart card before manufacture and distribution can commence.
These functional requirements include the definition of highly secure protocols. It has been shown that, given sufficient organisation of computing resources on a world wide scale, it is possible to crack at least one of the currently established highly secure protocols. With the exponential trend in the availability of computing power, it becomes increasingly difficult to define a particular set of secure protocols which will remain unbreakable over a period of time. Thus, it has become accepted that at one time or another, an established security protocol may be broken, particularly because future technological trends are impossible to predict with certainty, even over a period of a few years.
Given these difficulties, existing smart cards leave open the possibility that an entire financial transaction structure may be undermined by a single unforeseeable change in the amount of computing power available to a determined individual.
In order to reduce the likelihood of this occurring, secure protocols are continuously reviewed and developed. By having the freedom to update and change secure protocols whenever necessary, financial institutions and other security conscious agencies can stay one step ahead of those trying to steal their information, or at least minimise the amount of damage which may be done when such an event has been discovered.
With existing highly secure smart cards, it is dangerous to transfer new instructions to the card after the card has been manufactured. This is because the instructions defines the full functionality of the card, and it may be impossible to prevent illegal instructions from being transferred to a smart card, which may then be used in an unauthorised manner to gain access to money or information for which the user of the card has no right of access. Thus, when a bank requires a change in the security protocol operating with an existing smart card, it is necessary to throw away the existing card and replace it with a completely new one.
Smart cards may contain a very useful computational resource, which may be used for other applications in addition to purely financial transactions. Such applications may include the use of cards for recreational purposes such as the playing of games. Systems have been developed in which cards are used within a game playing device arranged to derive games from the card while allowing users' scores to be retained securely within the card. Furthermore, given a level of processing facility within the card, as is known within established smart cards, it is possible for third party instructions to be executed by the card thereby significantly enhancing the card's functionality.
Thus, it would be possible to manufacture cards that are suitable for new applications developed in the future given that the entire functionality of a particular application would be embodied within newly created third party instructions. The card would provide a new computing platform allowing developers to produce new applications without requiring modification to fixed smart card instructions. However, receiving third party executable instructions, possibly during an interactive operation, is not possible within existing smart cards which are used for financial or other secure transactions, given the requirement for a highly secure protocol.