An integrated circuit card is often defined as an International Standards Organization, ISO, standard card with an embedded circuit chip. The IC card may have a microprocessor, in which case it is sometimes termed a smart card. An advantage of integrated circuit cards is that the data in the card is usually quite secure, i.e. the data cannot be easily read out or changed by an unauthorized user. The security is much greater than with magnetic cards or optical track cards The security, light weight of the card (the card is typically the size of a conventional credit card), ability to hold data and perform a variety of applications has made the cards increasingly; about 1 million new cards are put into service each day.
The smart card is often referred to as the invention about 25 years ago of a Frenchman, Roland Moreno, U.S. Pat. No. 3,971,916. An introductory text on smart cards and their applications may be found in Ayer, Kenneth R. and Schuler, Joseph F., Smart Card Primer, 1994, Minneapolis, Minnesota, The Schuler Consultancy.
Integrated circuit cards are usually the size of a conventional credit card, with six or eight small electrical contacts on one face. The newer type of card is of the "contactless" type, i.e the contacts are not electromechanical and there is no physical contact. There is a small loop or antenna inside the card, which makes electromagnetic or induction contact with a card reader or terminal. This type of card is shown for example in U.S. Pat. Nos. 4,874,934 and 5,206,495 presently owned by the same assignee as in this application. When the term "contacts" is used it includes both the electromechanical and electromagnetic contacts.
The mechanical and electrical specifications of the cards are standardized, and one set of standards is published by ANSI, American National Standards Institute, 11 East 42nd Street, New York, NY 10036 under the title "Identification cards-Integrated circuits cards with contacts" ISO 7816-1 and ISO 7816-2. Such cards are manufactured by and are commercially available from several companies, including applicant's assignee, Gemplus Card International, avenue du Pic de Bertagne, Parc d'Activites de la Plaine de Jouques, 13420, Gemenos, France.
Proposed higher numbered parts to ISO 7816 deal with electrical signals and transmission protocols, interindustry commands for interchange numbering systems and registration procedure for application identifiers, interindustry data elements, etc. Certain applications of the card, e.g. in mobile telephones, and in financial transactions have their own standards. Telecommunication standards are defined by GSN, and financial transaction cards have proposed standards in ISO 9992 and 10202. There are sets of European standards from the European Telecommunication Standards Institute ETSI and the European Committee for Banking Standards ECBS, as well as the Commite Europeene de Normalisation CEDN.
In most countries, the ISO physical and electrical card size standards are used. The application standards are semi-standardized, and may have variations among providers of the goods or services. E.g., one group of banks may have one standard or convention for use of bank cards, while another group of banks might have a slightly different one. But these modifications are add ons to the various standardized applications, whether mobile telephone on the GSM, or electronic purse on EMV, or pay TV, etc. Each standard, must be rigidly adhered to by all systems operators, all terminals, and cards used in these applications It becomes difficult to add value to these standardized protocols, as the agreed to protocols must not be changed.
The term "transaction" is defined to mean any type of interchange between the smart card and a remote processing system (computer system). The interchange could be on-line or off-line depending on the application and security architecture of the interchange The access point is the point of service for the smart card. This could be an intelligent device with a smart card reader and communication capabilities
The development of microprocessor based smart card operating systems to date has been driven and limited by smart card international standards and specifications (for example ISO-IEC 7618, ETSI TE9 and EMV). The specifications define the functions or commands that the operating system should have in order to support the application segment to which it caters (e.g. the ISO-IEC 7816-4 defines commands for a general purpose operating system, or the EMV specifications, which define commands for a payment card). These operating systems usually provide a subset of standardized commands as well as commands proprietary to the smart card supplier. These commands normally provide smart card administrative commands as well as commands that add value to the operating system Administrative commands are needed to help manage the smart card life cycle. Value added commands allow solution providers to innovate and build new applications using the smart card, e.g. the payment based MPCOS card is often used in identification based applications. Traditional smart card operating systems are conservative in nature. They are small, and the number of value added functions is few. This is due in part to the long cycle time needed to mask an operating system into the smart card ROM. To allow modifications to these operating systems, software hooks for filters are normally provided by the operating system. A filter is a small piece of software code that is loaded into the smart card nonvolatile memory in the early stage of its life cycle. The filter extends the functionality of the operating system as it allows new commands to be accepted by the operating system. These commands are intercepted by the operating system and passed to the filter code to be executed. The process of developing and loading the filter requires intimate knowledge of the operating system and chip internals. The information needed to perform this task is usually confidential in nature. A filter may also permit looking into the internals of the operating system, thus, the loading and execution process is usually protected by cryptographic means.
With the increased use of smart cards and standard applications (for example GSM, EMV), more and more card issuers are looking towards value added functions to be added to a standard operating system. The filter type of process becomes ineffective, as it is too cumbersome. Coupled to this, there is an increased demand for more and more complex smart card acceptor devices, e.g. GSM handphones, or point of sales terminals, which are expected to accept and interact with a set of standard applications as well as the value added application,. the latter being inserted by the card issuer or acceptor device owner.
An aspect of the present invention is to permit easy addition of added value programs to the standardized application with no change to the accepted standards, and minimal or no change to the readers and central offices operating on the standard.
In operation, a card is inserted into a reader, also called terminal, interface device, or access point. Remote from the reader is a computer system, which performs the accounting, tracking of the cards and use of the cards, the goods and services provided by the cards, and supervision of the transactions between the cards and the readers. In the GSM telephone system, the remote computer is a telephone switch, which handles the call in addition to the payments for the calls, which are tied to the IC-cards.
It might be helpful to have a specific example for the present invention.
A multifunction smart card is one that can be used in two different applications, e.g. a pre-paid telephone card to make calls from a public telephone booth equipped with a reader; and an electronic "purse", to pay for purchases from self-service vending machines, such as gasoline from a gasoline pump, or candy from a vending machine.
In addition to the application transaction, it is desirable to permit the system to give added value to the card user when goods or services are purchased. For example, frequent flier miles might be given for each dollar of gasoline purchased, or points could be given for the purchase of a certain number of candy bars. The points would then be redeemable for a prize, e.g., an extra candy.
At the present time, when added value is to be given to a transaction, that added value is calculated in the reader or in the remote system and then transferred to the card. This has a number of disadvantages First, there is a security risk in transferring data between the card and the reader, and between the reader and the central computer. Encryption is used, but it adds to the complexity and cost of the overall operation The reader must be updated to provide the added value, e.g. points, or frequent flyer miles, which awards may change from time to time, and which may vary from card user to card user, thus potentially presenting a very complex reader calculation or central office calculation As goods and services are dispensed from a stand-alone gas pump or vending machine, without a real time link to a central computer, the calculation and the updating of the added value is moved to the vending machine to administer.