1. Field
The invention relates to a method for loading an application requiring personalization into a portable storage medium, a method for updating an application stored in a portable storage medium, as well as a portable storage medium and a system.
2. Related Art
Portable storage media are used for keeping available applications for different areas of use. The portable storage medium has an application memory and a memory management unit, e.g. a memory controller, by which the application memory is managed. Selectively, the storage medium has a microprocessor, the task of the memory management being selectively carried out by the microprocessor. Examples of such portable storage media are smart cards equipped with a microprocessor and memory cards equipped with a memory controller. When using the portable storage medium in the mobile phone sector, the portable storage medium can be configured for example as a smart card having a security module for using a terminal (e.g. mobile phone) in a mobile phone network or be integrated in such a smart card. The smart card is for example a SIM card for the GSM system or a USIM card for the UMTS system or a similar smart card. Selectively, the portable storage medium is configured as a pay TV card for using pay TV or integrated in such a pay TV card. Selectively, the portable storage medium is a smart card integrated in a secure flash card, the secure flash card having a flash controller higher ranking than the smart card.
The portable storage medium can be read-out and written into by means of a terminal. As a terminal there is provided for example a mobile terminal for a mobile phone network, e.g. a mobile phone, PDA, smart phone, etc, or a set top box for pay TV (Pay TV) is provided. In the case of a portable storage medium, which is configured as a smart card integrated in a secure flash card, as a terminal there can be provided a flash controller, or alternatively a mobile terminal such as e.g. mobile phone, etc, PDA or smart phone.
An application for a portable storage medium normally must be personalized to the user of the application. The application first is unpersonalized, e.g. anonymous, and therefore identical and usable for each potential user. Not until upon the personalization, the initially anonymous application is made unique with personalization data for the user. The personalization data comprise for example personal identity data relating to the user and device data of a device for using the storage medium and are at least partly required so that the application can be used on the storage medium. For the personalization, first, the application is made available in an unpersonalized form. Subsequently, the personalization data are loaded into the application and the application is thus personalized.
Changes of the application at the application's manufacturer or provider require that from time to time an updated application is loaded into the portable storage medium. An updated application is made available, for example, in order to correct errors of the application, or to provide the user with additional or modified services of the application.
Conventionally, for updating an application, the updated application, which too is unpersonalized first, and the personalization data for personalizing the application are loaded from a server of the manufacturer or provider via a server-side connection into the portable storage medium. With the conventional method for updating the application it is necessary that upon each loading of an updated application the personalization data must be available at the manufacturer or provider of the application, so that they can be loaded again into the storage medium. Because of this, conventional application updates mean a high administration effort for the manufacturer or provider of the application. In addition, upon each application update the personalization data have to be loaded via the server-side connection. As the costs of the server-side connection often rise with transmitted data amount and/or duration of the connection, the personalization data, which have to be transmitted again upon each update, might cause additional costs for the manufacturer or provider of the application and for the user of the storage medium. The costs of the server-side connection, especially in the case of application updates over the air (OTA), i.e., if there is used a (mobile) radio connection as a server-side connection, can even be of a significant amount. Another risk upon the transmission of personalization data via a server-side connection is that personalization data are strictly confidential and can be intercepted upon any server-side transmission. Upon a personalization of an application loaded for the first time in the secure environment of the manufacturer of the storage medium (“pre-issuance”), the risk of the personalization data being intercepted upon the server-side connection may still be acceptable. Upon the loading of updated applications after the issuance of the storage medium by the manufacturer (“post-issuance”), however, the risk of personalization data being intercepted upon the server-side connection is great.
EP 1 936 574 A1 describes a loading of a Java card application requiring personalization into a Java card. An application and personalization data for personalizing the application are jointly loaded in one packet into the Java card here. The application is installed in the Java card and then the installed application is personalized with the personalization data from the packet.