Smart card technology has been used for years in the banking industry. The technology allows for issuing a client a bank card (a.k.a. IC card), with an embedded smart card IC. The technology relies on the robustness of the public key infrastructure (PKI) along with other field proven encryption mechanism to provide a secure platform to conduct e-commerce services. The IC card holds customer account information and serves as one of the factors of authentication, in addition to PIN and/or password, to authorize the customer for access and operation to financial resources available through ATM kiosk or web. Usually, a USB-based smart card reader is provided to the customer, if a web access is required. Due to security concerns, the IC cards are always issued by the bank directly to its customers. The IC card issuance process involves:
1. Have the customer open up an account with the bank.
2. The bank initializes the blank IC card in its card making facility.
3. The bank personalizes the IC card with the customer account information.
4. The IC card is sent to the customer via mail.
5. The customer activates the IC card through phone or web.
The IC card has a few unique and robust features, compared with other traditional proprietary encryption/decryption mechanism:
1. It is virtually clone-proof.
2. The smart card IC in use is certified to be tamper-resistant.
3. Its strength and weakness are well understood and deterministic.
4. It is field proven in the past twenty years.
As the USB drive becomes ubiquitous and cost effective, it become apparent that a smart card IC could be embedded with a standard USB drive (a.k.a. Smart Card Device) to replace the above mentioned USB-based smart card reader and an IC card. The architecture of the Smart Card Device is fully compatible with the existing solution with the combination of a USB-based smart card reader and an IC card. If the Smart Card Device is properly initialized and personalized and issued, there is no reason it can not perform each and all functions of the existing IC card. In addition, the Smart Card Device has one added advantage of internal flash storage that can be used for content protection and delivery purpose. It therefore expands the scope of application of IC card beyond what it can address at present. By utilizing the clone-proof feature of the smart card IC embedded on a USB Smart Card Device, it allows the content owner to store a unique key and/or a set of keys that can later be used to encrypt and decrypt media content or a software package for protection and secure delivery to the consumers.
Based on the same business model of the issuance of IC card, a unique Smart Card Device can be issued by a specific content owner to each and every one of its customers. The Smart Card Device can then be used by the customer in a kiosk or through web, to acquire the content or services available through his account. The type of content or services include, but not limit to, audio, video, software package, game, e-book and financial products. The existing business model of IC card works well in banking industry, as it is a more captive market and application. There are a number of parameters govern current IC card market and application:
1. The IC card can only be initialized, personalized and issued by a specific issuer.
2. Limited number of banks to issue IC card.
3. Great security concern.
4. Brand name recognition of issuer on IC card.
5. Personal verification of the customer on IC card.
Again, all these parameters can be addressed with the Smart Card Device, if it is issued as the same way like an IC card, by a specific issuer.
But due to the content nature of the business model with limitless numbers of content owners, the above mentioned model of specific Smart Card Device issuers may work in a very limited scope. It will be desirable and beneficial that a mechanism developed on Smart Card Device to expand the scope market and application:
1. The Smart Card Device can be purchased as a blank drive through retail channel.
2. The Smart Card Device can be initialized and personalized by the customer in the field.
3. The Smart Card Device can be associated with an account setup with a content/service provider.
4. The Smart Card Device is then considered issued by the content/service provider.
5. It addresses all the security concerns in this new business model.
6. Brand name recognition is addressed electronically and physically.
7. Personal verification is addressed electronically and physically.
Accordingly, what is desired is to provide a system and method that overcomes the above issues. The present invention addresses such a need.