The present invention describes a method and a device for identifying and handling critical chip card commands (card commands), which are to be executed on a chip card.
Most of the chip card readers available on the market have a simple reader command, by means of which any card commands (APDUs) can be transmitted to the card. The card command is executed in the chip card 16 of FIG. 1 and a reply is sent back to the chip card reader 14. The chip card reader transmits the reply of the chip card to the application 12.
In many applications, in particular payment applications, it is desirable for the chip card reader to forward certain card commands (i.e., critical card commands) to the chip card for execution only if defined conditions exist. This applies, for example, to applications for the electronic debiting of money by means of a banking chip card. This is not currently possible using ordinary chip card readers, as they do not have this kind of functionality. If the chip card reader is connected for example to a PC, which in turn has a connection to the internet, it is possible for a virus in the PC to use the chip card reader to send any commands to the card and initiate any transactions in the name of the card holder.
Examples of such transactions may be payment instructions or other declarations of intent (e.g., by means of digital signature) in the name of the card holder. However, the requirements of such chip card applications (for example German signature law) demand, with regard to the avoidance of misuse, that the transactions displayed to the user correspond to the transactions actually carried out with the card. Conventional chip card readers cannot satisfy these requirements.
An object of the present invention is therefore to provide a method and a device which identifies certain card commands (so-called critical card commands) and only releases them for execution on the chip card if certain events are present, without the chip card application itself having to or being able to exert influence on this process.
In accordance with the present invention, the chip card reader preferably contains a comparison device for identifying the critical card commands. Another implementation may consist in the fact that the comparison device is connected, in incoming or outgoing series, to the chip card reader. The comparison device checks the card commands to be executed for critical card commands and ensures that critical card commands are only executed if a user-defined condition, e.g. pressing of the confirmation key, has occurred. Templates with the critical card commands are preferably held for classification in the comparison device (e.g. in an EEPROM module) against which templates each card command to be executed is to be compared.