The use of secure smart cards that provide information specific to an individual is becoming more prevalent in a number of different types of situations. Examples of such include electronic commerce, security access control and health care record maintenance. Each system which employs smart cards contains two fundamental components, namely the smart cards themselves and an interface device, commonly known as a reader. The smart cards are carried by the users of the system, and include a memory which stores information that is pertinent to the user's interaction with the system. In an electronic commerce system, for example, each smart card may contain the balance in an account maintained by the user, as well as details of account transactions. More recently, the smart cards also include microprocessors, which provide for an increased level of security over the information stored in the cards. The incorporation of microprocessors into the cards also enhances their flexibility, for instance by facilitating the storage of executable programs in the cards that can be used to provide expanded functionality.
The readers communicate with the cards in a secure manner to access the information stored therein. In one type of system, the card is inserted into a slot in the reader, which brings electrical contacts in the reader into engagement with mating contacts on the exterior of the card. The engaged contacts enable a microcontroller in the reader to communicate with the memory and/or microprocessor in the card. Typically, the reader is connected to a peripheral device that is associated with the particular type of system into which the reader is incorporated. In a security system, for example, the reader might be connected to an electronic lock that permits a door to be opened. In a banking system, the reader could be incorporated into an automatic teller machine.
To permit the cards and readers of different manufacturers to be compatible with one another, a set of standard specifications has been developed. One of the common standards that applies to smart cards and readers is ISO 7816, promulgated by the International Standards Organization. This standard provides specifications for the location of the electrical contacts on the exterior of the cards, as well as the functions of the electrical signals that are present at the respective contacts. In this regard, the standard provides for up to eight electrical contacts, although specific signals are defined for only five of these contacts. The standard also contains specifications for the power-up, or initialization, procedure that is carried out when a card is first inserted into the reader, and the protocol for communicating between the card and the reader.
Due to the need to comply with the published standards, a conventional card reader can turn out to be a relatively expensive item of equipment. For instance, the ISO standard requires that different respective signals be applied to the five designated contacts on the card in a specific sequence at predetermined times during the power-up procedure. As a result, the reader must include a controller which supervises the application and timing of these signals, thereby adding to its cost.
In many systems which currently employ smart cards, the number of users can be quite large. For example, in an electronic banking system, a considerable number of customers might be expected to access an automated teller machine each day. Consequently, the cost of the reader is amortized over a sufficient number of transactions that it can be readily justified by the provider of the services.
More recently, there has been a trend toward personalized types of smart card applications. For instance, the ability to execute software programs from a microprocessor-based smart card makes it desirable to be able to connect the card to a personal computer. One approach for doing this is to add a smart card reader to the computer, either as an integral device or as a peripheral add-on. However, due to the appreciable cost of a reader, personal computer users may not be inclined to adopt this approach. In contrast to large institutions such as banks and the like, individual computer users may not be able to amortize the cost of the reader over a sufficient number of transactions to justify its cost.
It is desirable, therefore, to provide a smart card system which does not require a relatively expensive reader to access the information and/or functionality present in a card. With such a capability, the smart card is able to directly communicate with a variety of different types of peripheral devices that do not require a protocol associated with ISO standards and the like. Consistent with this objective, however, it is further desirable to provide such a system which remains compatible with currently existing smart card systems that comply with established standards.