This invention relates to a system and method for performing transactions and an intelligent device therefor and has particular, although not exclusive, utility in performing commercial transactions involving a plurality of service providers and a plurality of service users.
In this specification:
the term "transaction " is defined to mean any type of interchange involving data or information, which may or may not be specific to the performance of a commercial transaction; PA1 the terms "service provider" and "service user" are similarly not limited to the provision and use of services of only a commercial nature and relate to the identity of any two entities involved in an interchange of any nature, for which the invention may have utility; PA1 the term "coupler" is defined to mean any type of connecting, communicating and/or coupling medium or system, including wireless links provided via antennae or tranducers using ultra-sonic, optical including infra-red and ultra-violet, microwave or radio frequency transmission, or other coupling such as capacitive or magnetic coupling, and whether the antenna or other coupling be external to or integral with the intelligent device; PA1 the terms "connect", "connecting", "connected" or variations thereof will be understood to imply or refer to any type of connection, communication or coupling that may permit communication between two intelligent devices, be it logical or actual, direct or indirect such as by a wire or wireless link where commands, data or information can be transferred from one device to the other; PA1 the term "interface device" is defined to mean any type of intelligent device or inter- or intra- network or combination of these which can be connected via a coupler to communicate with another intelligent device for transferring commands or data or information from the interface device to the other intelligent device, and includes a terminal, modem, tranceiver, server or other, whether connected over a network remotely or directly to the other intelligent device; PA1 the term "nonvolatile memory" is defined to mean any type of memory or store where the data stored is not erased or deleted whenever main operation of the device or system in which the nonvolatile memory is provided, is terminated under normal circumstances, and includes battery backed up random access memory or any other type of otherwise normally volatile memory which is adapted or modified by some means to function as nonvolatile memory or pseudo nonvolatile memory; PA1 the term "memory" or "store" is defined to mean any type of memory or store for data, whether it be main memory or mass memory, solid state, magnetic or optical memory--such as random access memory (RAM), read only memory (ROM), hard disk, floppy disk, magnetic tape, CD ROM, laser disk, et al. PA1 (i) an intelligent device including a microcomputer having an input/output communication port, and microcomputer store including nonvolatile memory and random access memory; and PA1 (ii) an interface device associated with a memory for storing data and a coupler via which communications may be effected with said intelligent device; PA1 said store being arranged such that one part thereof has an operating system which can be run for performing basic functions of the device, said operating system being programmed in native code of said microcomputer; PA1 said random access memory being provided for use by said microcomputer when performing a function under the control of said operating system and for storing data received from or ready for transmission via said communication port; and PA1 said interface device including a program module within said memory comprising one or more instructions forming part of a prescribed instruction set discrete from said native code; PA1 wherein said operating system includes a program interpreter for interpreting and executing a said program module when the microcomputer is under the control of the operating system to perform a transaction in accordance with said instructions of said prescribed instructions set comprising the program module. PA1 said program module is programmed with one or more said instructions from said prescribed instruction set, particularly adapted to enable working with prescribed data files within said second part of said memory in accordance with said operating system after said intelligent device is connected to said coupler; PA1 and wherein said instructions have restricted control functions to limit access to said data files. PA1 a microcomputer having an input/output communication port, and store including nonvolatile memory and random access memory; PA1 wherein: PA1 (i) said store is arranged such that one part thereof has an operating system which can be run for performing basic functions of the device, said operating system being programmed in native code of said microcomputer; PA1 (ii) said random access memory is provided for use by said microcomputer when performing a function under the control of the operating system and for storing data received from or ready for transmission via said communication port; PA1 (iii) said store includes a program interpreter for interpreting and executing a program module transmitted thereto for performing a transaction; and PA1 (iv) said program module comprises one or more instructions forming part of a prescribed instruction set discrete from said native code. PA1 said program module is programmed with one or more said instructions from said prescribed instruction set, particularly adapted to enable working with prescribed data files within said second part of said memory in accordance with said operating system; and wherein said one or more instructions have restricted control functions to limit data file access. PA1 creating a program module comprising one or more instructions forming part of a prescribed instruction set discrete from the native code for the microcomputer of the intelligent device; PA1 storing said program module in the memory of the interface device; PA1 coupling the intelligent device to the interface device for establishing communications therewith; and PA1 invoking a program interpreter included in the store of the intelligent device to interpret and execute said instructions of said program module.
The invention has application with the use of intelligent devices which include a microprocessor for performing data processing. Such devices can be embodied in the form of terminals that can act as a satellite to a host, such as electronic funds trans transfer point of sale (EFTPOS) terminals, internet terminals, smartcard terminals (ie computer terminals provided with a smartcard reader), mobile phones, personal digital assistants, portable home automation and security controllers, portable home PABX controllers and integrated circuit cards (IC cards), as well as more conventional computer terminals including desktop personal computers (PCs), laptop and notebook PCs, and where the connection or coupling between the satellite or host may be either provided via a wire or wireless link.
Although the invention has broad utility, for the purposes of the present specification, regard will primarily be made to the embodiment of the invention in the IC card form, where it has particularly important application and implications. However it should not be construed that the invention is in any way limited to exclusive embodiment in this form and that it has equal application in any of the aforementioned forms.
In the case of IC cards, these, in their basic form, have the appearance of a standard credit card but incorporate within them various forms of integrated circuits to allow for on- board storage and processing of data via an input-output port.
The development of IC cards to date has been limited, whereby these cards function more as a means of storing data as opposed to running "application" programs as such. Thus, these cards act under the control of an external device, being physical half duplex devices which basically receive commands and respond to requests.
IC cards are basically divided into synchronous and asynchronous type cards. Synchronous cards are essentially a serial memory device which do not have commands as such. Most do not have read/write control attributes, and only some have access control. Hardware driver routines are needed to do the bit by bit accessing of these types of IC cards.
Asynchronous cards are more sophisticated, in the main comprising a single chip microcomputer which is entirely self-contained on the card. The microcomputer comprises a central processing unit, volatile and nonvolatile memory, and an IO port. The main program of the microcomputer is generally specific to partitioning, storing and retrieving data in the nonvolatile memory, usually with some kind of read/write control attributes that are optional and reasonably flexible.
The main program comprises an operating system which is provided with a command executor that acts on commands to create files, to read and write to files and handle passwords. Hence most of these cards have security features that control access to the card and/or specific data areas, and which allow for changing of passwords.
With the advent of internet communication and the ideal environment provided by it for the provision of services including electronic funds transfer, the invention also has application with the use of intelligent devices embodied in PCs such as laptop, notebook and desktop personal computers and indeed, any form of computer or computer operated device. In this respect, dedicated terminals for connecting to host computer systems, via a network, where such terminals have less general on board computer functionality and have dedicated network functionality, lend themselves especially well for embodiment of the present invention.
An important consideration with respect to the use of intelligent devices for performing transactions between a service user and a service provider is the ability to secure data storage within these devices as well as the ability to secure the transmission of this data to and from these devices.
Previously, secure data storage has been achieved by two basic methods. One has been to store the data in an encrypted form in the memory of the portable intelligent device, and the other has been to store the data as clear data in the device but introduce security measures to restrict access to this data, such as password type access restriction mechanisms.
In the case of a device communicating with a host system, the first method implies the need for a security module that contains cipher keys which are kept secret by the security features of the security module employed for both the portable device and the host system. Accordingly, data for storage would be encrypted by the security module using a specific cipher key (eg, the one related to the memory area that the data is to be stored in) and then passed over for storage in either the device or the host system, as applicable.
The second method requires that the data be stored inside a secure module, whereby access to the module is restricted.
The security of the second method, in particular, can be enhanced further by the use of a single chip microcomputer having no external data and address buses in the device. The use of a single chip microcomputer, as used in asynchronous IC cards, makes a good secure module and consequently IC cards of this type are particularly suited to the present invention.
In either method, and either with or without the use of single chip microcomputers, most of these types of devices are operated by programs consisting of native code for the microcomputer stored in the ROM thereof, which is generally mask programmed. Such a program executes at power on after reset and controls all accesses to the data storage area of the microcomputer. The program handles the serial communications and recognises and acts on a number of high level command frames from the serial communications. These command frames are for creating storage areas, opening a storage area for reading or writing, presenting a password for a storage area, unlocking a card after too many wrong passwords, and possibly encryption. In handling only specific commands in very specific ways, the device can provide secure data storage.
Present techniques for securing data transmission rely upon the use of secret cipher keys to encrypt the data. These keys have to be stored securely and used securely, otherwise the data transmission is not secure.
With the increased sophistication of these types of intelligent devices, and the expanded use of computer technology to provide for remote user and host transactions via point of sale devices, automatic teller machines, internet communications and the like, which already exist for performing financial transactions, there is a tremendous opportunity for the entire commercial and information transaction interface to change further in both the interests of the service provider and service user.
Although IC cards with single chip microcomputers provide a tremendous opportunity for enabling transactions to occur between service users and service providers with a high degree of security, there has been a reluctance to utilize these cards to their full capacity for the purposes of conducting transactions, particularly where confidential or sensitive data and information are required to be stored upon the card. This can be attributed, at least in part, to the lack of standardization in the command set of these cards, lack of security in presenting a password, and lack of flexibility in the use of these cards.