Normally chipcards are shipped with prepared on-card application components.
These on-card application components permit communication between the chipcard and the chipcard applications, the so-called off-card applications, which are installed on a terminal, e.g. a server system. The chipcard—i.e. the on-card application component—communicates via a chipcard reader with this off-card application. Modern chipcards, so-called multifunction chipcards such as Java Cards or Smart Cards for Windows, have additional functionality permitting on-card application components to be mounted on the chipcard retrospectively, i.e. after the chipcard has been shipped (see FIG. 1). In such cases the on-card application components are downloaded from the terminal to the chipcard via the chipcard reader.
VISA, for example, has defined an Open Platform Specification describing the commands between the off-card application and the on-card application component, the on-card interface and the security standards. OCF (Open Card Framework) and Microsoft's PC/SC on the other side address the communication between the application, the chipcard reader and the chipcard.
The more widespread use of distributed systems has resulted in an increasing need for downloading of on-card application components to the chipcard via distributed systems. The risks of such methods are obvious. The network is subject to varying loads, so the download may take a long time depending on capacity. Another key aspect in this context is security. All data transfers from the server via the client to the chipcard must be safeguarded. It must be ensured that a simple, secure authentication and encryption method which responds to the varying loads on the network is used when downloading application components.
At present, however, no systems or methods are believed to address this possibility.