1.0 Field of the Invention
The present invention relates generally to access control mechanisms for controlling the access to smart cards and more particularly to the secure update of the access control mechanisms for smart cards during the smart card life cycle.
2.0 Description of the Related Art
Smart cards are small personal computing devices that are used to protect very sensitive information. Smart cards may be used to perform banking functions, provide access to health records, personalization of computer network access, secure building access, and many more functions. Smart cards are also used as subscriber identity modules (SIM) in certain mobile telephony networks.
A crucial selling point of smart cards is the security of the data stored thereon or accessed through the use of smart cards. In many circumstances smart cards provide heightened levels of security than other security mechanisms because smart cards include a combination of security features. For example, to gain access to some data you need to know a password stored on the smart card and you must be in possession of the smart card. Other access control mechanisms include challenge-response schemes and biometric tests such as finger print verification.
A recent trend in smart card technology is so called multi-application smart cards. These cards may be programmed with multiple disjointed application programs. For example, the same card may be used to access both banking records as well as provide health care information. Examples of such cards include the Cyberflex family of cards from Axalto Inc.
A common feature of multi-application smart cards is that the application programs may be loaded onto the smart card after the card has been issued by the manufacturer or even after an end-user has taken possession of the card. Each such application program in a multi-application smart card is stored in some form of programmable memory on the smart card. Such post-manufacture programmability of smart cards provides increased flexibility and power of use of the smart cards.
Thus, because of the nature of smart cards, they have a product life cycle that includes several distinct phases. A first phase or series of steps is the manufacturing phase in which the integrated circuit is fabricated and mounted on the smart card as well as the system software loaded or stored on the smart card. A second phase is personalization phase in which the smart card is personalized to contain information unique to one person, the intended end-user of the smart card, such as cardholder name and cryptography keys for that cardholder. A third phase is the issuance phase in which the smart card is deployed. Finally, a fourth phase is usage phase in which the cardholder uses the smart card for one or more purposes, such as for banking or as a Subscriber Identity Module (SIM) in a GSM mobile telephone system.
Each phase in the smart card life cycle may have unique needs in terms of access control. For example, at the manufacturing phase there may not be a need for as high a level of security because at that phase neither personal information nor other sensitive application programs have been loaded onto the smart card and smart cards are manufactured in a controlled environment. Thus, to gain access to the smart card during manufacturing may only require a very simple access control mechanism. However, once personal information has been loaded onto the smart card, a higher level of access control may be required. Furthermore, in a multi-application smart card, the smart cards usage may change even during the usage phase. For example, a card that was originally issued for some banking purpose, e.g., an electronic purse for small value transactions, could be re-programmed to also include a health care information application containing very sensitive and personal information about the card holders health history. The former of these applications would not merit a particularly sophisticated access control scheme, perhaps PIN would suffice, whereas the health care information application may require a very secure access control mechanism, e.g., a biometric scheme such as fingerprint verification.
Co-pending patent application Ser. No. 10/285,654 to Apostol Vassilev, et al., entitled “Authentication Framework for Smart Cards”, filed on Oct. 31, 2002 and co-assigned with the present invention, describes an authentication framework in which authentication technology applications are separated from functional card applications, thereby allowing the authentication technology applications to be modified or replaced independently from the card applications. The co-pending patent application '654 allows the application level to select or update the authentication policy without requiring updates to the applications themselves.
A problem with the known prior art access control mechanisms is that these schemes do not allow for controlled update of the access control mechanisms during the smart card life cycle. Accordingly, from the foregoing it is apparent that there is a hitherto unresolved need for a system and methodology for permitting the secure update of the access control mechanism of a smart card during the smart card life cycle.