Credit cards, typically provided with magnetic stripes, have been around for many years. These types of credit cards, however, have a design flaw. The mechanical interface between the credit card and the reader requires periodic cleaning. The poor reliability of the readers, due to the mechanical interface, causes down time for reader maintenance. Contactless smartcards have been developed which eliminate the mechanical interface between the card and the reader.
During a transaction, there exists a need to modify data stored in the smartcard's electrically erasable programmable read-only-memory (EEPROM). One of the problems of contactless smartcard applications stems from the ability of the user to terminate the power before the transaction has completed. Removal of the power prior to the completion of the transaction can cause the wrong data to be programmed into the smartcard's memory. This event is termed a tear.
The current solution to handling a tear and preventing the wrong data from being programmed into the EEPROM is illustrated in FIG. 1. The EEPROM 102 is segmented into a plurality of sectors of memory. A plurality of applications and a plurality of backup memory buffers are programmed into the plurality of sectors of EEPROM memory. The plurality of backup memory buffers must equal the plurality of applications, thus providing a dedicated backup memory buffer for each application. Using the dedicated backup memories for each application provides the current solution for providing memory correction of a particular application in the event of a tear.
A disadvantage to using a dedicated backup memory buffer for each application programmed on the EEPROM 102 is the large amount of valuable memory space required. The number of bits modified during a transaction can be large resulting in large and expensive dedicated backup memory buffers 112-118. Accordingly, there exists a need for insuring the correct data is restored in the smartcard memory in the event of a tear without seriously impacting the size of the smartcard's memory.
Further, the current state of the art allows the EEPROM 102 to restore the valid state of the data only when the application that experienced the tear is launched. As a result, the valid data remains stored in a dedicated backup memory buffer until the corresponding application is launched. Having the restoration scheme used in the prior art results in a large amount of memory being required and used.
A further disadvantage of the prior art is inadequate security precautions taken to prevent unauthorized modifications to the data stored on the smartcard. Since integrity sensitive applications, e.g., applications storing financial information, are programmed on the smartcard, security against unmodified modification of the data field is required. FIG. 2 displays the memory configuration for the prior art. As shown, the data field locations are fixed for all applications and are public knowledge. Fixed data fields in known locations allow unscrupulous individuals to easily modify the desired data fields since all applications place certain data in the same location (e.g., the first memory block of each sector of memory). Accordingly, there exists a need for placing the data in different locations in order to make it difficult for an unscrupulous individual to determine which data fields should be modified.
Moreover, not only does the prior art store the desired data fields in the same location for all applications, the prior art requires that the desired data field store the desired data in triplicate in order to determine if the data has been mistakenly modified. For example, the actual value is stored twice and the complement of the actual value is stored once. Such a procedure is very cumbersome and also requires a large amount of memory.
Thus, there exists a need to provide a method and apparatus for data backup and restoration in a smartcard that insures that the correct data is stored in memory without seriously impacting the size of the memory while simultaneously providing adequate security of the data.