The data communication between a reading device and a chip card application on a chip card takes place with the help of so-called APDUs (“application protocol data unit”) according to ISO/IEC 7816-4. An APDU is a standardized data unit for an application protocol command. It can be assigned to the application layer of the OSI reference model.
The OSI reference model (“open systems interconnection reference model”) is a layer model of the International Organization for Standardization (ISO). It has been developed as a general basis for designing communication protocols for the data communication via any network and between any desired systems. For this purpose the abstract tasks of the data communication are functionally divided into seven layers. For each layer there is a description of the layer's tasks. A communication protocol in each case has to fulfill only the tasks of one layer. For this there are no specific directions as to the solution of the particular task.
According to the basic idea of the OSI reference model a data communication is carried out between two systems in such a way that a communication protocol of a layer uses the services of communication protocols of the layer located directly therebelow and in turn provides its services to the communication protocols of the next higher layer. This allows a layer to abstract from the details processed by the layers therebelow.
The seven layers of the OSI reference model in the following are briefly sketched with reference to FIG. 4.
The application layer is the top-most layer of the seven layers. Applications of a system are considered to lie above the application layer. The application layer itself includes communication protocols which provide a multiplicity of functionalities to the system's applications, for example for the data transmission to other systems, for emailing and the like. Communication protocols of the application layer are e.g. HTTP, FTP, SSH and SMTP. As mentioned above, APDUs, too, are commands which belong to this layer.
The presentation layer is located below the application layer and includes protocols which transform a system-dependent representation of data into a system-independent form. In this way the syntactically correct data exchange between different systems is ensured.
The session layer is located below the presentation layer and provides for the process communication between two systems. In this layer there are provided services for the organized and synchronized data exchange, which permit for example breakdowns of a data communication session and similar problems to be solved.
These three upper layers thus provide application-oriented services, which permit the applications of a system to carry out the data communication with applications of a different system. The following four lower layers of the OSI reference model, however, are transport-oriented layers. They provide services which permit establishing a data communication connection between the two systems and the data transmission between the systems.
The tasks of the transport layer comprise the segmentation and the avoidance of jams during the data transmission. It is the bottom layer in the OSI reference model which provides a complete end-to-end communication between sender and receiver of a data transmission. Thus, it is possible for the layers thereabove to be provided with services for the data communication which hide the properties of the current communication network. The transport layer comprises e.g. communication protocols such as TCP (“transmission control protocol”) and UDP (“user datagram protocol”).
The communication protocols of the network layer located below the transport layer include services for the switching of connections and the forwarding of data packets from one computer to the next along a path from the sender to the receiver (point-to-point connection). The routing, i.e. the path search for data packets to be sent from one computer to the next, is also a task of the network layer. Important protocols of this layer are the various versions of the IP (“Internet protocol”), IPv4, IPv6.
It is task of the data link layer located below the network layer to ensure a largely error-free data transmission and to control access to the transmission medium. For this purpose serves e.g. the division of a bitstream to be transmitted into blocks, the addition of checksums and the like. Acknowledgement mechanisms indicate e.g. a loss of data blocks and permit a retransmission of the same.
The physical layer as the bottom-most layer of the OSI reference model provides mechanical, electrical and further functional aids to activate and deactivate physical connections and to transmit bits as information units.
Similar to the OSI reference model which was created for structuring general network communication protocols, there exists the TCP/IP reference model for structuring the special communication protocols used in the Internet protocol family. About 500 communication protocols which constitute a base for the data communication in the Internet are summarized in the Internet protocol family. Often, and also in connection with the present invention, the Internet protocol family is referred to as TCP/IP protocol family.
The TCP/IP reference model is built-up hierarchically like the OSI reference model. It roughly represents an equivalent of the OSI reference model for the limited quantity of the communication protocols of the TCP/IP protocol family and possesses only four layers, which in FIG. 4 are compared to the roughly corresponding layers of the OSI reference model. The tasks of the protocols in the particular layers of the TCP/IP reference model correspond to the accordingly compared tasks of the OSI reference model described hereinabove.
The application layer as the top-most layer of the TCP/IP reference model approximately corresponds to the three upper layers of the OSI reference model. The transport layer of the TCP/IP reference model located therebelow corresponds to the transport layer of the OSI reference model. Likewise, the Internet layer of the TCP/IP reference model again located therebelow corresponds to the network layer of the OSI reference model. The bottom-most link layer of the TCP/IP reference model comprises the data link layer and the physical layer of the OSI reference model.
The TCP/IP reference model thus is more coarsely structured than the OSI reference model. Here, the description of the tasks of a communication protocol of a TCP/IP reference model's layer is not determined as exact as in the OSI reference model. The link layer is specified in the TCP/IP reference model, but according to common interpretation does not contain any protocols of the TCP/IP protocol family. It is rather provided as a placeholder for various data transmission techniques which fulfill the tasks which were described hereinabove with reference to the data link layer and the physical layer of the OSI reference model. There also are communication protocols of the TCP/IP protocol family which cannot be unequivocally assigned to a layer, because they fulfill partial tasks of a plurality of layers at the same time. Within the framework of the TCP/IP reference model it is allowed that a protocol of a layer uses services of protocols of all layers located therebelow.
In the TCP/IP reference model a TCP/IP protocol stack refers to an amount of communication protocols from the TCP/IP protocol family together with a suitable protocol from the link layer, the protocol stack comprising at least one suitable protocol from each layer of the TCP/IP reference model. Therefore, a data communication between two systems via the Internet is possible, when each of the two systems is provided with a TCP/IP protocol stack and a connection to the Internet can be physically established. Normally, the software which provides the particular communication protocols of a TCP/IP protocol stack on a system is part of the operating system of the particular system.
There are known chip cards with Internet functionality which comprise a TCP/IP protocol stack. Thus it is possible to directly access Internet-specific applications of such a chip card, for example a web server application, from a computer in the Internet using communication protocols from the TCP/IP protocol family. Such a data communication exclusively takes place using communication protocols of the TCP/IP protocol family, i.e. in particular without the use of APDUs. Such chip cards may be used for example as security elements in e-banking transactions for the protection against phishing attacks. But conventional chip card applications of such a chip card which are based on a data communication by means of APDUs are to be supported still further.
Normally, the data for such a chip card, which processes APDUs as well as further data such as e.g. commands of a communication protocol from the application layer according to the TCP/IP reference model for special Internet functionalities, are transmitted via a joint data communication interface, for example a USB interface. So as to permit the commands to be forwarded to the assigned processing applications on the chip card, APDUs and the Internet protocol commands transmitted by means of a TCP/IP data stream have to be identified as such and forwarded to the proper place. It is the only way to ensure that APDUs reach the corresponding chip card applications and for example HTTP commands a web server application on the chip card.
WO 2006/032993 A2 describes a chip card for insertion into a mobile telephone terminal. The chip card takes over, among other things, the tasks of a SIM mobile telephone card and additionally comprises a TCP/IP protocol stack. Commands for the data communication with SIM functionalities have the form of APDUs. APDUs arriving at a data communication interface of the chip card are separated from other commands, e.g. HTTP commands, by a module set up therefor. The functionality which carries out the separation of APDUs from the remaining data traffic in the module is assigned to the link layer of the TCP/IP reference model, i.e. to the bottom-most layer.
In the case of chip cards which have a USB interface, APDUs are treated via a special USB device class (USB-ICCD). The USB device class defines how the systems communicate with each other via the USB interface. In this case APDUs are also separated from the remaining arriving data traffic in the link layer by means of a special functionality of this device class.
A separation of the APDUs from the remaining arriving data traffic in the link layer or generally by means of communication protocols specifically adapted thereto normally require an intervention in the particularly involved communication protocol, i.e. an intervention in the operating system of the system. Therefore, with respect to this separation functionality existing systems cannot or only with difficulties be converted or adapted.