Within the framework of the production of portable data carriers, such as e.g. chip cards, smart cards or the like, multiple operating data are written to the data carrier before issuing the data carriers to the respective end users. Thus for example when a data carrier is completed, the software-technical requirements are provided for its initialization, in which for a plurality of data carriers identical operating data, which are independent of the data carrier and independent of the person, are written to the data carrier (in the following the term “initialization” implies also the preparatory completion). In the subsequent personalization then person-individual operating data are written to the data carrier, e.g. individual identification features of the end user to whom the data carrier in question is to be issued.
Such operating data, which can comprise an operating system or at least parts of the operating system of the data carrier, can comprise several MBytes. Currently e.g. smart cards and chip cards are initialized and/or personalized via the common T=1 or T=0 communication protocol in accordance with ISO 7816 with the aid of ADPU communication units (“Application Data Protocol Units”). However, the transfer speed of the T=0/T=1 communication protocol is so low that an efficient initialization/personalization of a plurality of data carriers is impossible. Moreover, also a quasi-parallel initialization/personalization of data carriers is not supported by the T=0/T=1 communication protocol, since it is provided only for two-sided data communication between a portable data carrier and a writing/reading device.
Accordingly, it is the object of the present invention to enable an efficient writing of operating data during the production of a portable data carrier.
This object is achieved by a method for writing operating data to a portable data carrier, such a data carrier, a distribution station of a writing system and a writing system with the features of the independent claims.
According to the invention, in a method for writing operating data to a portable data carrier connected with a writing system within the framework of a production of the data carrier there is generated an individual addressing of the data carrier in question via which, upon writing of the operating data, the data carrier can be uniquely addressed writing-system-wide.
A corresponding writing system comprises a central station and at least one distribution station connected with the central station via a suitable communication network. With a distribution station in turn in each case several data carriers can be connected for writing operating data. The operating data to be written to a certain data carrier are transferred by the central station to that distribution station of the writing system with which the data carrier in question is connected, and are finally forwarded by the distribution station to the data carrier or written to it. In doing so, via the generated individual addressing the data carrier can be uniquely addressed system-wide by the central station and, if applicable, also by the corresponding distribution station. The individual addressing of a data carrier is thus uniquely attributed to the data carrier in question throughout the complete communication network formed by the writing system, independent of the size of the communication network, the number of communication devices connected with each other within the communication network or other such parameters. Since an individual addressing is unique (i.e. nonrecurring) system-wide, a simple design of the distribution stations is enabled, for, due to the addressings which are unique system-wide, said distribution stations do not need to carry out any address translating, re-addressing or similar address-arithmetic operations. Thereby also a writing of operating data to data carriers in larger (correspondingly secured) communication networks is enabled, e.g. in wide area networks extending over large geographic distances.
The process of generating a writing-system-wide unique individual addressing is designed in such a fashion that several data carriers connected simultaneously with a distribution station can be uniquely addressed system-wide by the writing system, i.e. in particular by the central station initiating the writing process, but preferably also by a distribution station, since the individual addressings respectively generated for the connected data carriers are pairwise different from each other and consequently no addressing conflicts can arise. Through the possibility of a system-wide unique individual addressing of each portable data carrier it is possible in particular to write similar or identical data to several portable data carriers (quasi-)simultaneously through concurrent processes, since these are distinguishable by the writing system at any time.
In this context a quasi-simultaneous writing of operating data in particular is to be understood as a multitasking method which enables a concurrent execution of individual parallel writing processes, in that the processes are activated alternately at such short intervals that the impression of simultaneousness is created. Moreover, a quasi-simultaneous writing can also be understood as a truly parallel writing of operating data, provided that the distribution station fulfills the corresponding requirements with regard to computer architecture.
In this way, through parallel writing of identical or similar operating data (i.e. initialization data or personalization data) to a plurality of identical or similar portable data carriers, the throughput of the initialization or personalization of portable data carriers can be increased, thus enabling an efficient production of data carriers. Furthermore, the space requirement of the initialization/personalization is reduced, since the simultaneous initialization/personalization of a plurality of data carriers requires space for only a small number of or for only one distribution station. Such a writing system can furthermore be extended almost as desired, since no addressing conflicts can occur.
The individual addressing here is preferably a multi-part addressing, providing several addresses for different layers of a used multi-layer communication protocol. Respectively one of these several addresses comprised by the individual addressing in total is suitable for the system-wide unique addressing of the data carrier via one of the protocol layers of the multi-layer communication protocol. According to the invention the individual addressing can be generated locally by the data carriers as well as centrally by a distribution station. Likewise it is possible that at least a part of the multi-part addressing is generated locally by a data carrier, preferably at least one of the several addresses for addressing the data carrier via the corresponding protocol layer of the used multi-layer communication protocol, and another part of the multi-part addressing is generated by the distribution station.
Correspondingly, both an inventive portable data carrier and an inventive distribution station comprise at least one memory, one interface device and one address generator which generates at least a part of an individual addressing by means of which the writing system, with which the data carrier is connected via its interface device, can uniquely address the data carrier system-wide and activate it.
For connecting a portable data carrier with a distribution station of the writing system a data carrier and a distribution station comprise respectively corresponding interface devices, wherein preferably several data carriers can be connected simultaneously via the interface device of a distribution station. Moreover, each data carrier or each distribution station preferably comprises a control device which controls the communication with the distribution station or with the data carriers and the generation, through the corresponding address generator, of an individual addressing or of the at least one part of the individual addressing to be generated by the data carrier or by the distribution station. Every address generator of a data carrier connected with a distribution station or of a distribution station correspondingly generates upon request by the corresponding control device the complete or at least a part of an individual addressing for the data carrier in question, which are pairwise different from all further individual addressings generated for further data carriers connected with the distribution station. The individual addressings or those parts of the individual addressings which are to be generated by a data carrier or a distribution station can be generated e.g. on the basis of random information or individual identifications of the data carriers which themselves are already pairwise different. A control device of a data carrier causes the associated address generator to generate a part of the individual addressing to be generated by the data carrier, e.g. when it registers the connecting of the data carrier with the writing system or with a distribution station of the writing system or receives a corresponding address request signal from the writing system. Likewise the control device of a distribution station causes its address generator to generate a part of the individual addressing to be generated by the distribution station, e.g. when the distribution station registers the connecting of one or several data carriers or receives a corresponding address request signal from the central station.
It is furthermore advantageous that not only pairwise different individual addressings are generated with regard to those data carriers which are respectively simultaneously connected with one or several distribution stations of the writing system, but also for as many as possible or even all of the portable data carriers which are ever initialized/personalized by the writing system in a time-shifted fashion, so that the individual addressings of all initialized/personalized data carriers are unique system-wide and consequently also remain permanently individual to the data carrier after the writing process.
It is furthermore advantageous in principle that the operating data are forwarded by the central station via the distribution stations to the data carriers in accordance with a uniform communication protocol, so as to permit the inventive writing-system-wide unique addressing consistently in this communication protocol. As such a consistent communication protocol the multi-layer TCP/IP protocol is particularly suitable. Therefore in each case a TCP/IP connection is established between the central station and the distribution stations, while, for the purpose of writing operating data, the distribution stations themselves preferably establish TCP/IP connections to all portable data carriers connected respectively via their interface devices. Correspondingly the individual addressings to be generated for the individual data carriers connected with the respective distribution station through a TCP/IP communication network in each case comprise at least a system-wide unique, data-carrier-individual IP address which is pairwise different at least with regard to all other data carriers connected with the writing system at this time.
The IP address can be generated entirely or partly both by the data carrier or the address generator of the data carrier and by a distribution station of the writing system or an address generator of said distribution station. In case the distribution station is equipped to generate IP addresses, it preferably generates an IP address centrally for each data carrier connected therewith. In case the IP addresses are generated in accordance with the IPv4 address convention, if applicable, an address translation takes place (NAT; “network address translation”), e.g. through the distribution station. However, in case the IP addresses are generated in accordance with the IPv6 address convention, an address translation is not necessary even if the writing system is embedded in a (possibly open) wide area network, since the IP addresses generated are then even globally unique.
Preferably as corresponding interface devices of the data carriers and a distribution station high-speed interfaces are used, in particular USB interfaces, which, as data link layer (protocol layer 2 of the ISO/OSI reference model), enable a network access for TCP/IP connections between a distribution station and the data carriers as network layer or transport layer (protocol layers 3 and 4 of the ISO/OSI reference model). A corresponding TCP/IP connection between the central station and a distribution station in contrast is preferably not based on USB connections, but is a conventional TCP/IP connection, e.g. based on an Ethernet (LAN) connection or the like. The IP data packets forming the operating data are then, via respectively consistent TCP/IP connections, sent by the central station to all distribution stations connected therewith, and forwarded by each distribution station to the data carriers respectively connected therewith, for writing to a memory provided for this purpose. Thus a system-wide uniform network data format is enabled, which consists of the IP addressing (protocol layer 3 of the ISO/OSI reference model) and the higher protocol layers based thereon.
The writing of data to the memory of the portable data carrier via a TCP/IP connection is supported by a control device of the data carrier and can take place via a USB high-speed interface at a high data rate (up to 12 MBit/s). With a corresponding USB interface device of the distribution station accordingly a plurality of data carriers can be connected, so that due to the combination of parallel connectivity and the high data rate of the USB interface operating data can be written quasi-simultaneously to a plurality of data carriers.
When a USB connection is used between a distribution station and a data carrier, it is in particular possible that a data carrier is connected with the distribution station via a network connection as an independent network device (and not as a passive, local USB device), so that operating data for initializing/personalizing the data carrier can be written to the data carriers in question via a suitable network operation. Such a network connection between the distribution station and a plurality of data carriers is supported e.g. by the USB standard within the framework of the Ethernet emulation module as a device class of its own (EEM/CDC) and is accordingly also supported by a control device of a data carrier. Via the USB connections between a distribution station and the data carriers thus Ethernet connections on the data link layer (protocol layer 2 of the ISO/OSI reference model) are emulated to the Internet or another suitable data communication network, via which the operating data can be written to the data carriers in question in accordance with the TCP/IP protocol. In this case an address generator of a data carrier or a distribution station, upon prompting by its control device, generates, in addition to the IP address, an individual MAC (Media Access Control) address for the data carrier in question, since the distribution station sends Ethernet packets and IP packets in accordance with different protocol layers to the MAC address and the IP address of the data carrier. The MAC address, insofar exactly like the IP address, represents a part of the individual addressing which can be generated by the data carrier or by its address generator, wherein the MAC address and the IP address can also be generated by different devices, e.g. the IP address by a distribution station and the MAC address by a data carrier.
Preferably the individual IP addresses or individual MAC addresses are chosen by an address generator from a corresponding IP address space or MAC address space respectively, said address space being predetermined for example by the associated control device in accordance with specifications by the central station. Whereas such a MAC address space is a range of MAC addresses allocated to the producer of the data carrier, from which he can allocate a MAC address to newly produced devices, the IP address space results from the used sub-network (e.g. in accordance with the IPv4 or IPv6 address convention).
A communication between the data carrier and the writing system before the generation of the individual addressings (i.e. before a TCP/IP data communication with logic addressing is possible) can take place on the level of the USB protocol via the USB connections to the distribution station in question. Since the USB interface devices (i.e. USB connections or USB ports) of the data carriers are distinguishable for a USB control (i.e. a USB controller) of the distribution station, the data carriers can also be activated individually via their USB connections even before an individual addressing is available. In this fashion the distribution station, if applicable, can send information about the predetermined address spaces to the data carrier or receive serial numbers of the data carriers. Likewise a distribution station can send a part of the individual addressing generated thereby via the USB connection to the data carrier (e.g. its IP address) or receive a part of the individual addressings generated by the data carrier (e.g. the MAC address) and allocate them to the data carrier via the distinguishable USB connections.
It is advantageous that an address generator chooses the respective IP addresses and MAC addresses from the corresponding address spaces, which are identical at least for all data carriers connected with the same distribution station, in a fashion that is as statistically equally distributed as possible, so that the IP addresses and MAC addresses allocated to the various data carriers preferably do not recur at all or do so only very rarely. This can be achieved for example in that an address generator generates the individual MAC address and/or IP address on the basis of a unique, preferably random or quasi-random identification of the data carrier, such as e.g. a preferably unique serial number or identification number of the data carrier, e.g. the ICCSN (Integrated Circuit Card Serial Number) of the data carrier. It is likewise possible to generate IP and/or MAC addresses on the basis of a random process which is e.g. provided by a random generator. This preferably optimal use of an available address space then in particular results in the address generator generating not only IP addresses and/or MAC addresses which are unique and individual with regard to the data carriers connected parallel with the distribution station at the time in question, but in the generation of even such IP addresses and/or MAC addresses which are unique and individual to (preferably) all data carriers (ever) written by the writing system. Accordingly it is advantageous that, even in the case of a restart of the data carrier (or of the distribution station), an address generator generates MAC addresses and/or IP addresses which were not used before, although the serial number of the data carrier has not changed. This can be achieved for example by additionally using a random number in the addressing.
Preferably the distribution station authenticates itself in each case vis-à-vis the data carrier or its control device before the data are written to the memory of the data carrier. In this fashion the control device of a data carrier enables a writing of e.g. security-relevant operating data within the framework of an initialization/personalization of the data carrier only provided that a trustworthy and/or authorized distribution station or a distribution station of a trustworthy and/or authorized writing system is/are given.
In preferred embodiments an individual addressing for the data carrier is generated only for a first operation mode of the data carrier, whereas in a second operation mode a fixed, predetermined address is used. The fixed address can be uniform for a group of data carriers. Consequently it is possible in particular during the personalization phase to use an individual addressing with the aid of the first operation mode and a uniform address in the second operation mode. An irreversible switching of the portable data carrier from the first to the second operation mode preferably can take place after the end of the personalization phase.
Although the inventive method is in principle suitable for writing any data to any portable data carriers or for initializing and/or personalizing any portable data carriers or, upon producing portable data carriers, writing other operating data to them, it is particularly preferred to initialize and/or personalize chip cards (USB chip cards) equipped with a USB interface through a writing system in accordance with the described method.