The use of chip cards, such as the Visa Smart Card™, is on the rise. A chip card is assigned to a user by an entity which typically has a pre-existing relationship with the user. The chip card contains or has access to a digital certificate to authorize that user's relationship. Using a chip card to store the digital certificate and other information is an improvement over existing configurations in which the digital certificate is stored on the device, such as a PC, laptop, hand-held computer, mobile phone, and so on. By putting information on a chip card, the digital certificate is still secure but now portable. The chip card can now be used at stores, service providers (e.g., car rental agencies, hotels, airline ticket offices, public phones, laptop modem outlets, and the like), and, in the near future, public chip card readers for dispensing cash. Essentially, the card, and the user digital certificate, can be used to benefit both the user in terms of convenience and to the card/certificate issuer in terms of increased business at any location that has a chip card reader.
It is widely recognized in the chip card service industry that establishing and implementing the cryptographic infrastructure for wide-spread use of the chip card is expensive and difficult to manage for a vast majority of companies and organizations. This cryptographic infrastructure includes creating and distributing the chip cards to the users, verifying the identity of the users, and issuing digital certificates. Common standards for issuing and storing digital certificates include the Public Key Infrastructure and the DES shared key system. Establishing the initial framework and infrastructure is typically done by large banks and credit card organizations which have a large, established customer base whose members are already accustomed to carrying the bank's or organization's card.
Although there are ways to enable entities which do not have the means or financial power to establish their own infrastructure to use an existing infrastructure, these means typically require that steps be taken by the user and typically involve modifying the chip card. From a business perspective, this is impractical and has limited success since users generally do not respond to requests or offers to upgrade or modify chip cards. Furthermore, the memory available on chip cards for storing digital certificates is limited, and, therefore, can only accommodate a limited number of potential entities that can take advantage of the existing infrastructure.
Therefore, it would be desirable to be able to leverage an existing cryptographic infrastructure so that additional digital certificates can be accessed by one chip card without having to store additional data on the card. It would be desirable to do this without having to modify the chip card or notify and require actions taken by users of the chip cards. In other words, have additional digital certificates for a user added to the chip card and done so transparently to the user. The additional certificates should be capable of containing data signed by the entities leveraging the existing infrastructure. These entities should also be able to use their own trusted roots and not have to rely on the trusted root of the entity which laid down the existing cryptographic infrastructure.