Smartcards are increasingly used and proposed to be used in many different applications. By smartcard is meant a device including processing capacity intended for use in association with terminals or similar infrastructure. The smartcards may operate by direct electrical contact or via a wireless mechanism.
Advances in technology, and in particular the amount of processing power and memory resident on reasonably priced smartcards, have seen proposals advanced for multi application smartcards. Such a smartcard is one where there is not only a single software application, for example a credit card application, but a variety of other applications on the same card. These may in principle include access applications, telephone applications, airline applications, rental car applications, loyalty schemes, and many others. A particular advantage of having many applications resident on a smartcard is that the user can minimise the number of separate cards which need to be carried. It also allows the issuer of the cards to derive revenue from having applications from third parties resident on the card, and to defray the capital cost of issuing the cards. For example, an airline may issue a smartcard as part of a loyalty scheme, and receive revenue by allowing a financial services institution to place a credit card application on the card.
Multi application smartcards are a means by which applications can be loaded which have functionality well beyond the traditionally foreseen smartcard applications, as it is possible for quite small applications to be economically provided on the card.
For example, U.S. Pat. Nos. 5,530,232 and 5,578,808 to Taylor disclose multi application smartcard systems.
Another aspect of multi application systems is the requirement for terminals to appropriately interact with the various applications. Hence, if an application is to be loaded onto a card, then there needs to be a mechanism to provide the corresponding terminals with an interacting application.
Multi application smartcard schemes present a number of specific problems, particularly where various parties have applications on the card which may contain confidential information, encryption keys or details which they do not wish disclosed to the other applications resident on the card. It is necessary for the application provider in these cases to trust the arrangements between it and the issuer, both commercially and technically, so that unauthorised information is not disclosed. Another issue for the card owner and application providers is to ensure that applications on the card do not interfere with each other, for example by overwriting memory in use by another application. A further issue for the issuer is that in many cases they will wish to ensure that inappropriate or competing applications are not loaded onto the card. For example, a financial institution issuing a smartcard is unlikely to desire that the applications of other financial services providers be loaded onto the smartcard.
U.S. Pat. No. 5,544,246 to Mandelbaum et al describes a particular type of smartcard operating system which allows different service providers' applications to coexist on a smartcard. Essentially, this proposes a UNIX type solution, where each user has control over a particular sub-directory in the card operating environment. The issuer, or super user, has only limited ability to access the sub-directories associated with other application providers. A particular problem with this arrangement is that it leaves control of which applications are loaded to the card issuer. This means that the card issuer needs to be directly involved with each application which is loaded on the card. It does not provide a mechanism for loading applications onto cards owned by different issuers. A further issue is that the application providers are entirely reliant on the security and integrity of the card issuer.
It is an object of the present invention to provide a system, which is independent of the card or terminal operating system and independent of the issuer, which can control loading and removal of applications, so as to facilitate an orderly and accessible market for parties wishing to load applications onto cards owned by one or more issuers.