This invention relates to the secure function within an intelligent portable object of a communication interface without simultaneous contact with a contact or galvanic communication interface.
It also relates to the secure function of an application, the data of which pass through the interface without simultaneous contact with a distinct application, the data of which pass through the galvanic interface.
Fully simultaneous information on variations in status is aimed at here.
The invention also applies to an intelligent object comprising at least two interfaces of the same type or of a different type.
Known techniques and their terminology will be discussed beforehand.
One should draw a distinction here between intelligent portable objects on the one hand and electronic data transmission terminals on the other hand.
Intelligent portable objects include, for example, chip cards, electronic tickets, so-called “dongle” plugs or other modules such as those of proximity communication (e.g.: NFC) or semi-proximity (e.g.: BlueTooth). These objects are subject to standards which impose structures and functioning on them.
In particular, the objects in question here comply with standards explained in detail below:                ISO7816.3 concerning the galvanic communication interface, particularly sections 5.2 (activation) and paragraphs 532 (cold initialisation known as “RST”—refer to FIG. 2), 533 and 534 (clock pause known as “CLK”; description of modes requiring tolerance of this interruption);        
In some examples, the object therefore complies with the standards:                ISO.IEC14443 concerning the contactless communication interface, particularly section 611 (response time known as “FDT”); and        3GPPTS11.11 concerning the objects known as “SIM” or similar, to be inserted in a terminal, particularly section 43 (galvanic communication interface).        
It should be noted now that in some examples, the contactless interface includes an antenna: integrated in a module of this object; and/or; integrated in card body of this object; and/or; Integrated in the terminal to be secured and connected by a galvanic terminal board.
Therefore, the intelligent portable objects involved here are structurally with contact and contactless; they are known as “CombiCards” or dual interface objects. In other words, these objects simultaneously possess:                means and steps of remote communication via a contactless interface, with one or several electronic data transmission terminals and/or other distant portable objects; in addition to        means and steps of communication by galvanic connection or with contact via a galvanic or ohmic interface known as “with contacts”. It should already be noted that the contactless interface is in part at least internal to the object.        
It should be underlined however that all the objects mentioned comply with standard ISO7816.3.
Concerning the contactless communication protocol used by the object, this involves, according to examples: ISO.IEC14443 (RF); communication specifications such as proximity communication like ECMA340 known as “NFC” or semi-proximity such as “BlueTooth” and other broadband communications known as “WiFi”.
Among the current objects suitable for complying with the standard ISO7816.3 and a “contactless” standard, we should mention those which have chips: Hitachi AE45X (Renesas); Infineon SLE 66CLX320P; Philips P5CT072; STMicroElectronics ST19XR34.
In view of the antinomic constraints imparted, objects with a double module have been proposed
More particularly, a card is known having on the one hand a first contact interface with its dedicated chip, and on the other hand a second contactless interface with a chip which is different from the contact chip, but which is dedicated too.
The invention does not concern “Twin” or “Hybrid” objects. As a matter of fact, they do not allow data exchange between contact and contactless chips. Nor a fully simultaneous functioning.
Now the transmission terminals involved in the invention will be discussed. These terminals are for example cell telephones (e.g.: GSM, 3GPP; UMTS; CDMA; etc.) portable personal assistants (e.g.: PDA), decoding boxes and computers. They are secured by at least one portable intelligent object.
It should be noted that the terminals mentioned here are not restrictively secured by an object with the physical format “SIM”. Some designs of these terminals are cable (means and steps) of own wireless communication.
This communication complies for example with the standards GSM, 3GPP, UMTS, CDMA or similar. It is for the sake of simplicity that in the examples, the terminal and object comply with standard 3GPPTS11.11, particularly section 412 with regard to the physical format “SIM”.
Specific features mentioned hereinafter and relating to prior art documents are incorporated into the description.
Document FR2776788 relates to multiple application memory cards which can be connected to the terminals dedicated to one application contained in the card. A configuration classified table is produced in the card.
This table is used as an access for recording, for each application, the first byte address of the message (ATR—TOTAL SOLID) and in a memory the address of other bytes message. The configuration table is addressed by the circular indexing, on each “Reset” (MaZ) signal transmitted by the terminal and thus supplies messages (ATR) to the terminal, for them to be analysed. Indexing is maintained until the terminal identifies a message corresponding to the application which it is dedicated to.
One aim of the invention is the functioning of a contact interface simultaneously with a contactless interface, in all statuses and according to all the transitions useful for cohabitation (it is said in this case that it is “in full use simultaneously”) and indeed data exchange, between a contact application and a contactless application.
The invention also applies to an intelligent object comprising at least two interfaces. In particular, at least two contact interfaces or two contactless interfaces or a mixture of the two. For example, an interface according to one of the versions of ISO7816 and an interface for an object of the MMC (Multimedia Card), NFC or USB type.
To date, only a single one of these interfaces may be fully used at once. The fact that an interface is used inhibits or disturbs the functioning of the other in different ways.
First of all, it should be specified that the term “transaction” here denotes the transmission of at least one command from the terminal to the object, within the context of an application (e.g.: payment, identity, telephony or access).
For example, whilst a transaction of this type is in progress, via the contactless interface, the execution procedure of an application according to standard ISO7816.3 via the contact interface and therefore via the secure terminal using the portable object, makes provision in particular for supplying this object with electric current and providing it with a clock and activation of resetting of the contact interface. This terminates the contactless application.
The various different problems encountered as expounded initially in outline form and subsequently in description of process of embodiment in greater detail, particularly with regard to the statuses and transitions aimed at.
One problem encountered is that the chip is currently reinitialised owing to mandatory activation of resetting (MaZ) of the contact interface.
The aim of this is to ensure that a transaction in progress via the contactless interface continues to progress normally in this case. In other words, one seeks to allow maintenance of a contactless transaction in progress, during setting into operation of the contact interface.
Another problem encountered aims at two transitions which are currently impossible.
Following one of these transitions which are currently impossible, the object is in the process of processing an application in favour of the contactless interface and—the object—is called upon by the terminal via the contact interface so that this contactless application is processed simultaneously with another contact application which must begin in favour of the terminal.
This is the case for example for a terminal forming a cell telephone (the contact application securing a telephone conversation) and in which the contactless application aims at an access—transport, premises, etc.—:
It is not possible at present to initiate a transaction (e.g.: a telephone conversation) to be secured by the object via the contact interface, whilst an application, such as access authorisation, is already in progress via the contactless interface.
In general, up to now, the contactless application is abruptly aborted, since the beginning of an application in favour of the terminal via the contact interface results in resetting of the chip and often the loss of data useful for the contactless application.
Symmetrically, the other transition which is currently impossible is aimed at. According to the latter, when the object is suddenly called upon for an application via the contactless interface, whilst an application via the contact interface is already in progress for another application, the contact application ceases.
In the example of the secure cell terminal, if the contact application ceases at present—particularly if this terminal is halted—whilst the contactless application is in progress, the latter is abruptly aborted (reset and loss of data.)
This problem therefore lies in the simultaneous management (full use) of two concurrent applications: one contact application and one contactless application.
Currently, in these cases, the disappearance of either the resources of the contact interface, or a request or asynchronous contactless template, disturbs the application in progress or is disregarded.
Another problem encountered involves a state of superficial sleep, according to which the power supply derived from the contact interface of the object is limited (standards), whereas resources derived from both interfaces—contact interface and contactless interface—are required by the object simultaneously.
The transitions to and from this status are also involved.
It should be noted here that a sleep state is, in common practice, relative to the active statuses. Therefore in the case of a cell telephony terminal, it is not infrequent that the object is in a sleep state for 95% of the period of use of this terminal.
Up to now, in a state of superficial sleep, the only resources available are a reduced electric power supply, in addition to an external clock signal derived from the contact interface.
These limited resources do not allow processing of an application derived from the contactless interface.
This is justified to date, for example by constraints of partitioning within the same object, between the highly secured contact applications (bank, telephone, etc.) and the contactless applications.
It would therefore be appropriate to be able to have external resources available simultaneously in this case, particularly in terms of electric power. An advantage in this case would be to allow a contactless application to operate without consuming resources (power) derived from the contact interface when the standards imposed on this contact interface require this.
A problem similar to the one of the above involves disappearance of the source of the external contact clock, causing a state of deep sleep, whereas an application managed by the contactless interface has begun.
This is the case for example if the clock signal provided by the contact interface terminal disappears. This is common in practice, with the knowledge that a state of deep sleep, i.e. without external clock, is often of longer duration than that of superficial sleep mentioned above.
To date, the standards require in this case in particular that the terminal connected to the contact interface ceases to supply the clock which would be necessary for the contactless application. With many objects, it is further not possible to use the internal clock supplied by the chip independently from that of the interfaces.
Thus, for some objects, the chip requires an external reference in order to use an internal clock: this external reference is not available at present.
It would therefore be appropriate to be able to allow a contactless application to function or at least to complete itself correctly, without consuming any resources (power and/or clock) derived from the contact interface beyond those which the standards imposed on this contact interface require.
Another problem encountered involves an object possessing two interfaces or more (contact, contactless, USB, etc. . . . ) and intended for simultaneous use of at least two of these interfaces.
This problem is related to the fact that an application executed in the object is not in a position to determine which are the active interfaces and what state the latter are in (i.e.: how many and which of the interfaces provides the power supply and/or clock).
Consequently, an onboard application in the object is not currently capable of making the decisions necessary as a function of the status of the interfaces.
In such a way that this application cannot function correctly (for example, cancellation of a transaction commenced on an interface which has deactivated prematurely). This is the case in the event of separation.
For example, a present, in an object with multiple interfaces, its interfaces may be activated or deactivated, whilst an onboard application in the object is continuously executed without being interrupted.
The deactivation of one or indeed several interfaces does not mean that the object is out of operation as a result: the object is actually only out of operation when all the interfaces are deactivated.
The invention aims to compensate for these disadvantages in particular.