1. Field of the Invention
The present invention relates to a method of communicating between a first device and a second device. The invention is specifically applicable in the field of smart cards communicating with terminals.
2.Relevant Background
Communications between smart cards and terminals are usually used to conduct one of a plurality of secure protocols that are needed for a service to be provided by the smart cards.
Especially when using a contactless smart card, a problem may arise from the fluctuating supply current from the terminal to the smart card due to movement of the smart card through an energizing electromagnetic field. The power fluctuations may be so strong and fast that the smart card may lose supply power before performing all communication steps required by a protocol. What is needed is a mechanism to continue a protocol after a full or partial loss of power and in general to assure integrity of the smart card data used in performing the protocol. Due to the risks of power fluctuations, normally all communication steps required by a protocol for a contactless smart card need be done within 150 msec. There is a need to increase the period of time available for the protocol, without introducing further risks as to communication failures.
WO-A-89/02140 (Eglise e.g.) discloses a mechanism against a data carrying device, like a card or a token, being taken away from a terminal prior to completion of a transaction. The data carrying device is storing credit value which is decremented under the control of a machine during the course of a service. Such a service may be a telephone call or providing electricity. The problem to be solved by this prior art document is to ensure that a user of the data carrying device is allowed to remove this device from the terminal at any time without losing important credit data which might occur when the user withdraws the device from the terminal prior to completion of a transaction. A similar loss of relevant credit data might occur when power is temporarily lost.
To solve this problem, the data carrying device according to Eglise e.a., each time a data communication step with the machine is carried out, stores additional information which is as indication for the data communication step concerned. To that end, Eglise e.a. propose to use two flags and three parameters. The values of the flags change in accordance with the steps made whereas the parameter values change in accordance with the stored credit value and its updates during successive operations. Whenever a data carrying device is removed from the machine too early or power is lost, the values of the flags and the parameters which are stored in the non-volatile memory of the data carrying device are a unique indication of the last performed communication step. Thus, when communications between the machine and the data carrying device start again the previous transaction can still be successfully completed.
U.S. Pat. No. 4,877,945 (Fujisaki) discloses an IC card which is provided with a function to exclude erroneous recording. The IC card is arranged to communicate with a terminal. At the beginning of a communication, the terminal sends a start command whereas, at the end of the communication it sends an end command to the IC card. Upon receiving the start command, the IC card checks whether a validity flag stored in a table in its EEPROM memory indicates either a valid status or an invalid status. An invalid status indicates that the last communication procedure between the IC card and a terminal has not been completed correctly, whereas a valid status indicates that the last communication procedure has been completed correctly.
When, upon receiving a start command, the IC card detects that its validity flag is valid it starts the communication procedure with the terminal after having changed the status of the validity flag into “invalid”. It carries out the communication procedure with the terminal and upon receiving the end command from the terminal it changes the validity flag into “valid”. However, when the communication procedure is interrupted prior to completion the validity flag remains invalid thus indicating that its data content is invalid.
When, upon receiving a start command, the IC card detects that its validity flag is invalid it informs the terminal thereof and no communication will be carried out. Thus, no communication procedure can be carried out with an IC card having invalid data.
In order to reuse an IC card having invalid data, Fujisaki discloses a correction mechanism which includes sending an end command to the IC card making the IC card change its validity flag to “valid”.
U.S. Pat. No. 3,636,695 (Feiken) discloses a similar mechanism against interruption of communication between an IC card and a terminal, Feiken also uses a validity flag to indicate whether or not a transaction has been correctly completed on the card. Moreover, Feiken discloses a mechanism for correctly completing an unfinished balance process after which not only the validity flag is reset to its valid status but also the data content of the card will have the correct value.