1. Field of the Disclosure
The present invention relates to an authorization system comprising a card and a reader) for a reader-card interaction, a method of assigning to each other the reader and the card for making operable the reader-card interaction, and a computer program product for use in the authorization system.
2. Related Art
From the applicant of this application known is an authorization system comprising at least one non-contact tag and a tag reader with a reader logic, e.g. a security module. The tag reader interacts wirelessly with the tags as soon as the tags are placed in the wireless communication range of the reader. To authenticate or to authorize the tag or the tag reader, or to operate a secure interaction between the tag reader and the tag, at least one secret is shared between the tag reader and the tag. Basically the secret consists of a tag secret stored in the tag (first secret) and a reader secret stored in the tag reader (second secret), whereby the first and the second secret correspond to each other. In the respective authentication and/or authorization process, it is checked whether the reader secret matches with the tag secret or vice versa. This checking is effected by a logic of the authorization system, in general by the reader logic. In the authorization system the secrets are used to implement different levels of security. A first level is implemented using a state of the art challenge-response method between the tag and the tag reader. A second level can be based on the coding or the encryption of the communication between the tag and the tag reader, e.g. using a DES algorithm. A third level is related to the access to the data or the applications stored in the tag or in the tag reader. This level is realized using a tag key or an application key stored in the tag, and a reader key stored or derived in the tag reader. According to WO 97/34265 A1 the first secret, e.g. a stamp, and the second secret, e.g. launch data, are subject to the rules of a hierarchical authorization system.
Because of the secret shared by the members of the authorization system, in particular the tag and the tag reader, the authorization system is a closed system. Interaction can only take place between the members sharing the matching secrets.
Other systems are known in which the reader secret is not directly stored in the tag reader but in a device interconnected to the tag reader, e.g. in a subscriber identity module (SIM) realized as a contact tag, and interconnected to the tag reader via electrical contacts. One drawback is the limited interaction rate (speed) because of the contact interface.
From the state of the art further closed authorization systems are known with different configurations of where and how to store the secrets.
WO 2008/034937 A1 discloses a communication system comprising an apparatus and an external device, e.g. a non-contact tag. The apparatus comprises a control unit configured to detect a radio frequency field and to co-operation with a secure module, e.g. a contact smart card, a SIM card or a chip. The secure module is permanently integrated, detachably attached or removably mounted into the apparatus. Depending on whether the apparatus acts as a tag reader (active mode) or as a tag (passive mode), the control unit controls the non-contact communication or passes the control over to the secure module.
EP 1 873 963 A1 relates to an authentication method for integrated circuit cards (IC cards) in an authentication system between a first IC card, e.g. a secure application module (SAM) of a terminal, and a second contact IC card interconnected through a terminal by means of corresponding secrets stored in the first and second IC card. In particular, at least one identification and/or authentication number is used to authenticate the first IC card from the second IC card.
US 2005/0103839 A1 discloses a closed authorization system with three devices: a terminal, a security module, e.g. an IC card, and an physically separated identification and authorization unit (IAL). In the IAL the information necessary for the identification of a user is stored in a memory. This information is comparable to a PIN entered by the user in a system realized without an IAL. The IAL is used to make obsolete the entering of a PIN. The interaction between the terminal and the IC card is either a contact or a non-contact interaction, the interaction between the IC card and the IAL is wireless.
WO 2006/117009 A1 discloses a method of managing a peripheral unit, e.g. a memory card, of a terminal in a communication network by a secure unit, e.g. a subscriber identity unit (SIM card). Implemented is an architecture in which the operation of the memory card is enabled only in the presence of the SIM card, which is capable of authenticating the memory card. Because of the trusted functionality of the SIM card, the memory card becomes a second trusted unit controlled by the SIM card. Not enabled is a modification of the secret stored in the secure unit independent from the second secret itself.
US 2008/0076475 A1 discloses a mobile system including a SIM card and a communication circuit. The communication circuit interacts with an external device, in particular a tag reader, through a first wireless interface, and with the SIM card through a second wireless interface. Provided are a system and a SIM card with a plurality of different communication interfaces or communication protocols. Not enabled is a modification of the secret stored in the tag reader.
In a closed-state of the art authorization system (hereafter referred to as standard authorization system or standard system), the secret, in particular the reader secret, is stored in the tag reader, either in a logic, in a memory or in a further tag logically connected to the tag reader, e.g. a subscriber identity module. If the reader secret has to be modified, then the logic, the memory, or the further tag has to be replaced. Such a change of hardware of the tag reader is cumbersome and may be difficult to realize. Furthermore, because of the trusted functionality of the reader secret, such changes may not be wanted at all. That is why the tag reader is often designed in a way that does not allow easy access or replacement of the hardware or hardware parts in which the reader secret is stored. Due to these drawbacks, the tag readers of a standard system cannot be easily modified or updated to interact with tags of another standard system.