Intelligent data carriers consisting of a microprocessor (chip) and memory units are already known. They are used, for example, as application-specific smart cards (bank cards, ID cards, etc.). File structures in accordance with the application programs are defined in the manufacture of the smart cards. It is therefore difficult to carry out additional applications and file structures at a later date. The smart card user can solely use the smart card for the applications stated at issuance of the card. The later expansion of file structures for an application or the addition of later applications often means that a smart card has to be reissued.
Application programs for these smart cards must be aware of the smart card to be used, as well as the file structures on them, in order to be able to use them. In addition, the applications must control the specific interfaces for the smart card readers and smart cards in order to be able to access the file structures of the smart card. An additional disadvantage can be found in the fact that each application has a prescribed place for storing data objects available to it, which place cannot be altered in size. This issuing of static memory limits the extent of data to be stored in an application and greatly restricts the flexibility of each application. In addition, up until now, two separate interfaces have had to be implemented for the use of simple data access, and for cryptographic procedures.
The cryptographic token interface standard (PKCS#11) of RSA Data Security Inc. sets out a general application interface standard for cryptographic units. This standard can also be applied to smart card readers and smart cards in order to address cryptographic characteristics of these components. In this, the management and use of objects such as symmetrical and asymmetrical codes and certificates for these codes are possible. The code objects can then be used for cryptographic procedures such as the marking, coding and decoding of data.
It is an object of the present invention to make available a procedure which removes the disadvantages of the current state of technology.
In particular, one object of the invention is to make available a procedure which allows application programs and smart card users to create, manage and use data objects on a smart card independent of the smart card operating system and the smart card readers used.
An additional object of the invention is to allow the smart card user to check the data structure of the smart card and to allow several applications to store data objects on its smart card.
Yet another object of the present invention is to allow the smart card user to equip data objects with any security characteristics and access conditions.