The use of smart cards is increasing in today's consumer-oriented society. A smart card or integrated chip (IC) card is a transaction card, similar in size and appearance to credit card, that contains a microcomputer chip. Traditional smart cards have a contact interface, such as a metallic contact pad, that is used to communicate between the microcomputer on the card and a reader/writer device (RWD) into which the card is inserted. Thus, traditional smart cards require a physical connection to a RWD in order to be utilized.
The use of smart card technology in the consumer environment places a high physical demand on the card and the contact interface, making the required physical connection undesirable at times. For example, since the metallic contact plate is exposed to the environment, it is often subject to oxidation, contamination and other physical degradation due to use. This can decrease the reliability of the physical connection.
Additionally, the requirement of a physical connection for communications is often undesirable in environments where speed and high throughput are demanded. For example, a smart card may be used to store value or electronic tokens for mass transit. To use a traditional smart card, each passenger needs to take the time to properly orient the card and insert it into a RWD that collects a fare. Further, the rate of data transmission through the physical connection upon proper insertion of the card is relatively slow compared to contactless data transmission speeds. Thus, a traditional smart card requiring a physical connection for data transmission is often cumbersome and slow.
On the other hand, even though the contact interface provides a slower communications channel, it does have some other advantages. A contact interface is very common and only requires an inexpensive reader interface. The inexpensive reader interface is readily connected to a home computer, for example, thereby increasing the utility of a card that has a common contact interface. Hence, in order to integrate a smart card having new technology into the commercial world, it is prudent to provide a smart card that is compatible with current contact interface devices. Thus, efforts have been made to overcome the disadvantages of the traditional smart card having a contact interface by adding an additional contactless interface to the card.
Current smart cards having both a contact interface and a contactless interface, however, have a number of disadvantages. For example, one representative contact and contactless interface smart card disadvantageously comprises a shared memory configuration. This smart card has a traditional microprocessor chip with logic to control a contact interface. The contactless interface is also included in the card, but it is a separate function that has its own logic. The contactless interface utilizes an Application Specific Integrated Circuit (ASIC), that has limited computational capability because it is designed specifically for one application. Generally, the ASIC is hard-wired to perform computations specific to the application programmed on the main microprocessor on the prior art card. As such, the ASIC is reasonably secure but it has no capability to perform higher order security algorithms, such as the triple-DES (Data Encryption Standard) symmetric-key encryption algorithm. The ASIC is essentially dumb program logic that cannot be readily adapted to other applications. Thus, the flexibility of running various applications using this prior art card is severely limited because the contactless interface is inflexible and only communicates with the main microprocessor chip through shared memory locations.
Also, current smart cards typically utilize an open purse application to transfer and store value. Examples of open purse applications are VISA CASH® and Mondex® payment systems. An open purse application allows value to be transferred to and from the smart card, making utilization of the smart card for a transaction very similar to utilizing cash. For example, when using a smart card open purse application to make a purchase, the card holder simply inserts the card into a RWD. The RWD allows the card to communicate with a merchant terminal, for example. The terminal and card authenticate each other, then the transaction amount is debited from the card and credited to the terminal. In turn, the terminal forwards the transaction information to a settlement system, which properly credits the merchant account and debits the pool of money associated with transferring the value onto the smart card. Unlike a credit card transaction, for example, the value transfer occurs in a matter of seconds and no receipt needs to be signed. Hence, the value stored in the open purse of a smart card is like cash, because it is generic value and can be used at any location that supports the particular open purse application. In the United States, for example, the VISA CASH® open purse application and settlement system is being accepted by an ever-increasing number of merchants. An open purse application, therefore, becomes more open and the value becomes more generic and like cash with the increased acceptance and use of the application. Thus, open purse applications can be very powerful methods of transferring value, giving a smart card the ability to look and act like cash.
Open purse applications can be risky, however, because of their similarity to cash. The load key, or the encrypted data utilized to authorize and load value into the open purse application on a smart card, must be closely guarded. Typically, load keys are kept on host system computers or at highly-secure remote terminals or load devices (e.g. in the Mondex® system). If the load key were to be stolen, then the owner of the load key, such as a financial institution, has a great exposure to fraud as the stolen load key could be used to improperly add value to a smart card. The improperly added value on the smart card could then be used to perform transactions, just like cash. Thus, it may be desirable to have a closed purse application that limits the ability to load and/or unload value on the smart card.
Although a closed purse application may be helpful to control the transfer of value, typical closed purse applications are too limiting. Closed purse applications are application-specific, only allowing their value to be used in specific transactions approved by the application. This may be advantageous in certain closed environments, but generally a consumer does not find this type of restriction helpful. Thus, a closed purse application does not give the consumer as many options as the consumer would like.
Therefore, a transaction system is desired that overcomes the problems of the open and closed purse applications, and also a smart card having both a contact and contactless interface that overcomes the above problems is desired.