The present invention relates to information processing and storage, and more particularly, to smart card systems using various protocols.
Smart cards SC are plastic cards having an embedded Integrated Circuit (IC). That IC may be a logic circuit with its associated memories or a microcontroller with its associated memories and software, or a microcontroller with its associated memories and software coupled to a custom block.
To use the computing power given by the IC, a SC makes use of a full set of packaging technologies. The die size varies from 1 mm2 to 30 mm2. The die size is limited for mechanical aspects going with the plastic nature of the SC. The IC is attached to a lead frame and wire-bonding techniques are used to connect the IC pads to the lead frame contacts. Potting and other strengthening methods protect the IC against chemical and mechanical stresses. Contacts are located on one side of the card and their number is limited to eight. Ultimately SC performs transactions with a SC reader using a serial protocol. All the mechanical and electrical specifications of SC are published by the International Standard Organization (ISO). The ISO7816-X standards have allowed the simple and massively produced magnetic stripe cards to evolve toward the SC. SC, depending of the IC complexity, may perform pre-paid accounting, cryptographic scheme, personal authentication using PIN code or biometrics and run java scripts to name few.
ISO documents ISO 7816-1 Physical Characteristics, ISO 7816-2 Dimensions and Locations of the contacts, ISO 7816-3 Electronic signals and transmission protocols and, ISO 7816-10 Electronic signals and answer to reset for synchronous cards are incorporated herein by reference.
Today all the SC readers have to be recognized by the infrastructure prior to perform any transaction involving a SC. The infrastructure is running an application in which the SC end is involved. The SC reader expects a SC. The half duplex protocol between the SC and the SC reader, in which, either the SC sends information to the SC reader or vice versa, cannot start until a SC is detected in place into the SC reader. The infrastructure manages authentication or transactions for pre-paid cards in public telephony, for Bank cards in Point Of Sale (POS) terminals and Automatic Teller Machines (ATM), for Pay TV providers in set top boxes and for wireless telecom operators in Subscriber Identification Modules (SIM) in Global System for Mobile (GSM) terminals. Except for SIM cards, all others applications use a physical sensor to detect the SC. This sensor tells the SC reader when a SC is in place that is when the SC lead frame contacts are able to mate with the SC reader contacts. Two sorts of SC reader contacts can be used, contacts that remain in place and because of their elasticity can slide over the SC when inserted in the SC reader or mobile contacts which descend to touch the lead frame contacts once the card has been detected in place. When the SC reader has established that a SC is in place the power up sequence can start at the SC reader convenience. After the power up sequence, the SC reader will provide first a clock to the SC and then will release its reset signal. The SC is then able to execute the stored Operating System (OS). The SIM card is particular since it is put in place only once with the power off and used constantly.
The first application ever to have deployed the SC technology more than 20 years ago is the public telephone system. The die size used in this application is less than 1 mm2. Just memories and logic circuits are integrated in the IC. In 1999, Pre-paid SC accounted for more than ⅔ of the millions SC produced worldwide. The SC reader utilizes all eight contacts to interface properly with the different SC generations. When a SC is inserted in the payphone, the telephone infrastructure authenticates the SC and the telephone remove units out of the SC. It is worth noting that the SC developed for Banking applications can be utilized in a payphone. The payphone does not remove units out of a Bank card but bills the SC carrier.
The second largest application using the SC has been deployed by the Banking industry. The ATM and POS infrastructures have been installed in most countries other than the USA. The die size used in this application is about 10 mm2. A microcontroller and its associated memories and software are integrated in the IC. The SC reader utilizes up to six contacts to interface properly with the different SC generations. When a SC is inserted in the ATM or the POS, the SC carrier is asked to authenticate himself with a PIN code. The SC can store anything like the balance of cash the owner got out of an ATM on a per week basis, the details of purchases he has done since the last closing date, etc. Based on this information, the authorization can be issued on the spot once the PIN has authenticated the debtor without any telephone calls to the bank. Ultimately Banks and Businesses perform the equalization using the telephone, private communication networks and some day the Internet. While performing the equalization, a black list of fraudulent SC may be stored in the POS or ATM. This scheme has been able to reduce the fraud level down to 0.02% of all the transactions equivalent money done with the SC from 0.2% when no IC was embedded in the card. The level of fraud using SC has been reduced by ten fold compared to the regular credit cards.
The third largest application using SCs has been deployed by GSM manufacturer. The die size used in a SIM is about 30 mm2. A microcontroller and its associated memories and software are integrated in the IC. The SIM reader utilizes five contacts to interface properly with the SC. The most sophisticated SC applications are performed in GSM using Java applets.
A whole new market for the SC is now emerging with the Internet accessed from a Personnel Computer. Secure message, Public Key Infrastructure, Authentication and Electronic Payment are the new SC hot areas. The SC can be an e-commerce facilitator. The differentiation of the smartcard compared to other solutions is to have the PIN in the memory that is never communicated in any transaction.
Up to now, the SC is used in a SC reader connected to the computer. Two protocols are involved in supporting transactions between the SC and the application run by the computer. The first protocol complies with the ISO-7816-3. This standard provides detailed requirements for the serial interface between SC and SC reader. The reader is connected to the computer by via a Serial Port, a Parallel Port or even the Universal Serial Bus (USB) using a second protocol. The SC reader contains electronic circuits and embedded software that enable communication between the SC using the first protocol and the computer using the second protocol. The computer is loaded with the appropriate driver to support the SC reader. Many countries have started to use the SC in the PC environment. The die size used in this application will be anywhere from 5 mm2 to 30 mm2. A microcontroller and its associated memories and software are integrated in the IC with a cryptocontroller. Sometimes, a bio-sensor will be also integrated. The SC reader utilizes at least five contacts to interface properly with the SC.
Closed infrastructures enabling all kinds of transactions like Healthcare, Public phone, parking, Loyalty programs, Cash payments, Credit payments are using millions of ISO compliant SC readers around the world. Europe has lead the development of these technologies back in the late 1970""s. In these proprietary infrastructures, every single SC reader is designed to carry many transactions each hour. The many users share the cost of the SC reader.
The extreme growths of the e-commerce and Internet transactions have highlighted the huge needs to secure transactions. Fraud is booming. False credit card numbers are used, credit card numbers are stolen and eavesdropping on the Internet is well established. Dotcom companies search for the device having the best cost/performance ratio. The SC is an excellent contender if the SC reader price can be reduced.
The USB has recently become firmly established and has gained wide acceptance in the Personal Computer (PC) marketplace. The USB has been developed in response to a need for a standard interface that extends the concept of xe2x80x9cplug and playxe2x80x9d to devices external to a PC. It has enabled users to install and remove external peripheral devices without having to open the PC case or to remove power from the PC. The USB provides a low-cost, high performances, half-duplex serial interface that is easy to use and readily expandable. The USB can be seen as a set of four wires carrying the supply power with two wires and data with the two other wires. The USB is currently defined by the Universal Serial Bus Specification written and controlled by USB Implementers Forum, Inc., a non-profit corporation founded by the group of companies that developed the USB Specification.
In particular, Chapter 5 USB Data Flow Model, Chapter 7 Electrical, Chapter 8 Protocol Layer and Chapter 9 USB Device Framework of Universal Serial Bus Specification are incorporated herein by reference. The increasingly widespread use of the USB in computers has led SC reader manufacturers to develop USB interfaces for connection of their products to computers to complement the existing serial and parallel interfaces.
We are now in a situation where the brick and mortar companies and the Banks have been using the SC technology for more than 25 years. On the other hand, the Internet, a formidable arena to enhance commerce and Banking activities, does not use the SC technology. Most of the Internet transactions are done from a PC and despite PC manufacturer efforts, the PC industry has failed to install on each PC a cost effective SC reader meeting the specific needs of web related applications. A comprehensive solution, servicing the needs of both the one already engaged in the SC technologies and those wishing to benefit from it, is to be found. These two fields should share a common authentication platform in the best interests of the customers and the service providers.
An example of a conventional approach may be found in published PCT application WO 99/49415 and entitled xe2x80x9cVersatile Interface Smart Card.xe2x80x9d The system discloses a smart card system which can be used with different protocols. Specifically, the system provides a mode signal at one of the non-ISO standard contacts to indicate the protocol of the device that the card is communicating with. However, the mode signal is not checked until after the smart card is powered up and the reset signal has been applied. In other words, the smart card is already operating in the ISO 7816 protocol, and upon detection of the mode signal, may have to switch to a non-ISO protocol.
In view of the foregoing background, it is therefore an object of the invention to provide an integrated circuit which can operate according to more than one protocol.
It is a further object of the invention to provide a smart card system that can determine whether the smart card is communicating with a device using the ISO 7816 protocol or the USB protocol, and configure the smart card in such a protocol.
This and other objects, features and advantages in accordance with a first embodiment of the present invention are provided by a dual-mode IC for operating in first mode such as an ISO mode in accordance with International Standards Organization 7816 (ISO 7816) protocol, and a USB mode in accordance with Universal Serial Bus (USB) protocol. The dual-mode IC is preferably in a smart card and includes a microprocessor, a switching block, and an external interface. The external interface comprises a voltage supply pad, a ground or reference voltage pad, a first set of pads for the first mode, and a second set of pads for the USB mode. The first set of pads preferably include a reset pad, a clock pad and an input/output pad in accordance with the ISO 7816 protocol, and the second set of pads preferably includes a D-plus pad and a D-minus pad in accordance with the USB protocol. The IC further includes a mode configuration circuit comprising a USB mode detector connected to at least one of the D-plus and D-minus pads. A pull-up resistor may be connected to one of the D-plus and D-minus pads, and a USB voltage detector may be connected to the voltage supply pad. A latching circuit is connected between the switching block and the USB mode detector, and a control register may be connected to the latching circuit for storing a mode configuration indicator.
The mode configuration circuit preferably configures the IC to operate in one of the ISO and USB modes while disabling the other of the ISO and USB modes. As such, the reset, clock and input/output pads are disabled when the IC is configured in the USB mode, and the D-plus and D-minus pads are disabled when the IC is configured in the ISO mode. Preferably, in the first embodiment, the mode configuration circuit configures the IC to operate in the ISO mode as a default if the USB mode detector does not detect the USB mode. However, in a second embodiment, an ISO detector is provided for detecting an ISO-mode condition. Here, the mode configuration circuit configures the IC in the mode detected by the USB detector or the ISO detector.
The USB mode detector may detect if a low speed USB device is connected to the D-plus and D-minus pads, and the USB voltage detector may detect whether a power supply on the voltage supply pad is greater than about 3.5 volts or preferably between about 4.01 and 5.5 volts. The ISO-mode detector may detect the rising of a signal on the reset pad as the ISO-mode condition. Of course, to ensure that the ISO- mode is detected, the ISO-protocol sequence may be detected via the reset, clock and I/O pads.
A method aspect of the present invention is directed to a method of operating a dual-mode IC in an ISO-mode in accordance with the ISO protocol, and a USB-mode in accordance with the USB protocol. The dual-mode IC includes an external interface having a voltage supply pad, a first set of pads in accordance with the ISO protocol, and a second set of pads in accordance with the USB protocol. The method includes detecting whether a USB-mode condition exists on at least one pad of the second set of pads during a power-on-reset of the dual-mode IC. The method may also include verifying the USB-mode, when the USB-mode condition is detected, by detecting a USB-mode voltage on the voltage supply pad.
The dual-mode IC is configured in the USB mode and the first set of pads is disabled upon verification of the USB mode voltage. Also, according to the first embodiment, the method includes configuring the dual-mode IC in the ISO mode and disabling the second set of pads when the USB-mode condition is not detected. However, in accordance with the second embodiment, the method includes detecting whether an ISO-mode condition exists on one pad of the first set of pads. Here, the method includes configuring the dual-mode IC in the ISO mode and disabling the second set of pads when the ISO-mode condition is detected.
The first set of pads comprises a reset pad, a clock pad and an input/output pad in accordance with the ISO 7816 protocol. Also, the second set of pads comprises a D-plus pad and a D-minus pad in accordance with the USB protocol. Detecting whether the USB-mode condition exists may comprise detecting whether the second set of pads are connected to a USB device. Again, verifying the second mode may comprise detecting whether a power supply on the voltage supply pad is greater than about 3.5 volts, or preferably between about 4.1 and 5.5 volts. Furthermore, the method includes storing a mode configuration indicator for indicating whether the dual-mode IC is configured in the ISO or USB mode.
In the first embodiment, the IC is configured in the ISO mode by default if the USB mode is not detected on the second set of pads, such as the D-plus and D-minus pads. If a USB device is detected via the D-plus and D-minus pads during the power-on reset sequence, then the IC USB voltage is verified on the voltage supply pad before the IC is configured in the USB mode. Once the IC is configured in one mode, it can only operate in that mode and it cannot be changed except via another power-on reset sequence.
In the second embodiment, the IC is configured in the ISO mode if an ISO condition is detected on one of the first pads, such as the reset pad. Similar to the first embodiment, if a USB device is detected via the D-plus and D-minus pads during the power-on reset sequence, then the USB voltage is verified on the voltage supply pad before the IC is configured in the USB mode. However, unlike the first embodiment, the default is a neutral mode where the IC is not configured in either the ISO or USB mode. Once the IC is configured in one mode, it can only operate in that mode and it cannot be changed except via another power-on reset sequence.