WO1999053449A1 - Secured data transaction system for smart cards - Google Patents

Secured data transaction system for smart cards Download PDF

Info

Publication number
WO1999053449A1
WO1999053449A1 PCT/IL1999/000192 IL9900192W WO9953449A1 WO 1999053449 A1 WO1999053449 A1 WO 1999053449A1 IL 9900192 W IL9900192 W IL 9900192W WO 9953449 A1 WO9953449 A1 WO 9953449A1
Authority
WO
WIPO (PCT)
Prior art keywords
rsam
sci
data
memory
transaction system
Prior art date
Application number
PCT/IL1999/000192
Other languages
French (fr)
Inventor
Ronnie Gilboa
Oded Bashan
Nehemya Itay
Moshe Aduk
Original Assignee
On Track Innovations Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by On Track Innovations Ltd. filed Critical On Track Innovations Ltd.
Priority to AU31657/99A priority Critical patent/AU3165799A/en
Priority to CA002327728A priority patent/CA2327728A1/en
Priority to EP99913559A priority patent/EP1070302A1/en
Publication of WO1999053449A1 publication Critical patent/WO1999053449A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/363Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes with the personal data of a user
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0866Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means by active credit-cards adapted therefor
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0873Details of the card reader
    • G07F7/088Details of the card reader the card reader being part of the point of sale [POS] terminal or electronic cash register [ECR] itself
    • G07F7/0886Details of the card reader the card reader being part of the point of sale [POS] terminal or electronic cash register [ECR] itself the card reader being portable for interacting with a POS or ECR in realizing a payment transaction

Abstract

A secured data transaction system (10) comprising a Smart Card Interface (SCI) (12) for interfacing between a local device (25, 26) and a Remote Secure Application Module (RSAM) (14) located remote from the SCI for processing data from smart cards. The SCI (12) comprises an SCI memory (28, 35) containing a predetermined instruction set, an SCI processor (15) coupled to the memory for operating in accordance with said instruction set, and a first SCI communication interface (16) coupled to the SCI processor for allowing bi-directional contactless communication between the SCI and the RSAM. The RSAM (14) comprises an RSAM memory (21) containing a predetermined instruction set and comprising a secured area reserved for security applications and for secure storage of data related thereto, an RSAM processor (20) coupled to the RSAM memory for operating in accordance with said instruction set, and an RSAM communication interface (19) coupled to the RSAM processor for allowing bi-directional contactless communication between the RSAM and the SCI. In such an arrangement data associated with the smart card interface (12) may thus be stored in the RSAM memory (21) remote from the smart card interface.

Description

Secured data transaction system for smart cards
FIELD OF THE INVENTION
This invention relates to a data transaction system for smart cards and, in particular, to a secured data transaction system where the transactions and the data related thereto are securely stored.
BACKGROUND OF THE INVENTION
Smart cards are becoming increasingly important and widespread for all manner of data transactions. Typically, a smart card user performs a transaction via a read/write station containing a user interface, a card interface and a processor with a memory. To perform a transaction with a smart card, the user defines his request via the card interface, which feeds data to the processor for execution and storage in memory. The results of such a transaction are usually stored as data in the memory of the station for later use. In practice, data retrieval generally takes place either at a time convenient to the resources of the system, or on a periodic basis. Later on, the institution involved in the deal may retrieve the data and credit or debit the user's account, as appropriate. - 2 -
Along with the growth in popularity of smart cards and so-called "super smart" cards, a rise in criminal activity has spurred the demand for the prevention of fraudulent transactions. The great amount of money involved in the smart card market has attracted, and continues to attract, a growing number of unscrupulous efforts to defeat the data transaction card's security. A partial response to this threat is provided by the protocols and algorithms which include security measures such as DES, an acronym for Data Encryption Standard dealing with passwords, encryption and decryption of communications and of data. DES allows host and terminal applications to operate safely in environments wherein the threat of intrusion by unauthorized cards and terminals, eavesdropping, playback of captured passwords and data, or alteration or substitution of data is a risk. DES provides protection to comiTiunications, to data transactions and to data stored in memory.
DES provides an effective protection against the danger that unauthorized circles will profit from stolen memories containing passwords and transaction monies, from communication being established between the wrong parties and from data transfer being intercepted. Various kinds of available security measures applied in systems are commonly referred to as SAM, an acronym for Secured Application Module. According to the prior art, the necessary security measures for protecting communications, transactions and the consequent data are incorporated within the read/write units such that they are physically connected to the circuits of the read write station. The SAM uses the processor and the memory of the read/write station accordingly to run and store the software application constituting the SAM. The many elements of the read/write station including the SAM, are kept closely together, packaged inside one hardware unit. The memory of known read/write stations thus contains not only the security means, including password and protocols, but also the record of the transactions performed and the money involved. - 3 -
Methods of practical implementation of security measures are taught, for example, in US Patent 5,664,017 in the name of Gressel et al. and in US Patent 5.694,472 for a Personal Management System, to Johnson et al.
Since relatively large sums of money may be involved, transaction information is of great value both to the user of the card and to the company concerned. Therefore, it is important to safeguard the data against possible loss, such as loss due to a power shortage. One known approach that provides a partial remedy is the use of non- volatile memories, able to retain data even without power. Nevertheless, even non-volatile memory cannot prevent physical damage incurred by the read/write station from the possible destruction of the stored data.
Another conventional measure for the prevention of potential loss of data in memory is immediately to transfer the data out of memory, for real-time processing. However, although feasible, this kind of response imposes a strain on the communication and processing resources by requiring attention without delay, thus increasing costs to the provider of the service and, ultimately, to the customer. It would thus be advantageous if data could be left in memory without fear of loss resulting from possible damage suffered by the card read/write station. Besides physical harm to the data card station, there is also the danger of an electrical malfunction, even as unintentional as a mistake by personnel performing routine maintenance. For example, an accidental short-circuit due to human error is enough to wipe out the contents of a memory device. Therefore, isolation of the memory from electrically conductive connections is desirable.
For mobile card reader systems, such as those to be installed for fare collection in vehicles of mass transportation services, there lingers the peril of an accident destroying the data transaction equipment, including memory and data. It would therefore be beneficial to provide for crash-proof protection to the memory containing the data, comparable to the araiored protection imparted to the "black box" installed in aircraft.
These drawbacks of prior art systems do not appear to have been even addressed, still less solved, notwithstanding the ongoing effort in recent years 5 to render smart card data transaction systems ever more secure. As noted, the bulk of this effort has been concentrated in the application of ever more secure cryptology algorithms for providing proper verification and signature authentication. However, this is just so much wasted effort if direct access to the memory containing the sensitive data is insufficiently restricted.
o SUMMARY OF THE INVENTION
It is therefore an object of the invention to provide a secured data transaction system for use with smart cards wherein the shortcomings associated with the prior art are significantly reduced or eliminated.
According to the invention there is provided a secured data transaction 5 system comprising: a Smart Card Interface (SCI) for interfacing with smart cards and a Remote Secure Application Module (RSAM) located remote from the SCI for processing data from smart cards and for providing security functions; the SCI comprising: 0 an SCI memory containing a predetermined instruction set, an SCI processor coupled to the memory for operating in accordance with said instruction set, a first SCI communication interface coupled to the SCI processor for allowing bi-directional communication between at least 5 one smart card and at least one device coupled to the SCI, and a second SCI communication interface coupled to the SCI processor for allowing bi-directional contactless communication between the SCI and the RSAM; and - 5 -
the RSAM comprising: an RSAM memory containing a predetermined instruction set and comprising a secured area reserved for security applications and for secure storage of data related thereto, an RSAM processor coupled to the RSAM memory for operating in accordance with said instruction set, and an RSAM communication interface coupled to the RSAM processor for allowing bi-directional contactless communication between the RSAM and the SCI; whereby data associated with the smart card interface is stored in the
RSAM memory remote from the smart card so as to be inaccessible to or from the smart card.
Thus in accordance with the invention, the security measures and secured operations and their storage are assigned to a remote device separate from the read/write station accepting the smart cards. A read/write station, constituted by the Smart Card Interface or SCI, receives the smart card and forwards the data stored therein to the Remote Secured Application Module, (RSAM), for processing the security measures and the transactions and for storing the security measure software, the transactions and the data related thereto.
It follows that to prevent the loss of data stored in memory in case of complete or partial damage to the station, the memory device is best maintained separate from the read/write station. Thus, by confining the data memory as a separate entity in its own housing, detached from the read write station, the chances are high that the data will remain intact regardless of harm to the station.
Further security may be achieved by hiding the memory device containing the data, so as to render it less easily accessible. Alternatively, security may be enhanced by preventing the physical removal of the memory from the system or, on the contrary, permitting removal of the memory from the system for safe consignment elsewhere. Removal of the memory is desirable, for example, at the end of a work session, when personnel abandon the premises thereby leaving a facility unattended. It will be appreciated that improved security is afforded by separating the read/write functions from the SAM functions. Therefore, it is beneficial to maintain physical separation between those functions in the read/write station which handle the user's requests and allow for reading of the card data and which are in contactless communication with each other, from the independent and remote device which implements the secure treatment of data processing, of the security measures and of the secure storage.
The system is transparent to the user who, as in hitherto proposed systems, presents his smart card to the read/write station constituted by the Smart Card Interface, which accepts the smart card and transfers processing and storage operations to the Remote Secured Application Module (RSAM).
The system according to the invention allows for secure retrieval of the data stored in the memory of the RSAM via one or more SCI, while ensuring that impairment of one SCI does not impair other SCIs in the system. Further, impairment of the SCI does not either influence the functioning of the RSAM or alter the integrity of the data stored in the memory of the RSAM.
If desired, a host computer may be provided for communication with the smart card interface(s). The host computer may be a PC comprising a host processor for operating functions of the host computer and of the SCI, for establishing bi-directional communication between the host and the SCI, and for retrieval of data contained in the RSAM. A host memory coupled to the host processor within the host allows for secured storage of data received from the RSAM memory. The SCI communication interface allows communication with the host communication means, whereby the host communicates with the SCI for control of SCI functions, and the host - 7 -
authorizes data retrieval from the RSAM and commands secure storage of data received from the RSAM memory into the host memory.
BRIEF DESCRIPTION OF THE DRAWINGS
In order to understand the invention and to see how it may be carried out in practice, a preferred embodiment will now be described, by way of non-limiting example only, with reference to the accompanying drawings, in which:
Fig. la is a block diagram showing functionally a detail of a secure data transaction system according to a first embodiment of the invention; Fig. lb shows schematically a modification to the system shown in
Fig. la;
Fig. 2a and 2b show schematically further variations of the system illustrated in Figs, la and lb; and
Fig. 3 is a flow diagram showing the principal operating steps associated with the system shown in Fig. la.
DETAILED DESCRIPTION OF A PREFERRED EMBODIMENT
Fig. la shows a system designated generally as 10 comprising a Smart Card Interface (SCI) 12, and a Remote Secured Application Module (RSAM) 14. The SCI 12 may be part of a station such as, for example, an Automatic Teller Machine (not shown in Fig. la), utilized for reading and for writing to secured contact/contactless smart cards for carrying out financial transactions. The SCI 12 includes a processor 15 (constituting an SCI processor) coupled to a transceiver 16 having a coil antenna 17 for effective non-contact inductive coupling with a coil antenna 18 coupled to the RSAM 14. The SCI 12 is energized by an external power supply whilst the RSAM 14 may or may not be self-powered, as will be explained in greater detail below. - 8 -
The RSAM 14 comprises an antenna interface 19 coupled to the coil antenna 18 and to a microprocessor 20 (constituting an RSAM processor) which is itself coupled to an EEPROM 21. The antenna interface 19 is not itself a feature of the present invention and so is not described in further detail. It is described more fully in WO 98/29830 published on July 9, 1998.
The RSAM 14 is in contactless communication with the SCI 12 and is remote from the SCI, and therefore remote from the station of which the SCI is a component. Transactions requested by the owner of a secured smart card are forwarded for execution, via the SCI 12, to the RSAM 14 where they are securely processed and stored. The EEPROM 21 constitutes an RSAM memory for storing the data, an area in the EEPROM 21 being reserved for the secure storage of transactions and data so as to be inaccessible except via the SCI 12. If desired, the instruction set in accordance with which the microprocessor 20 operates may also be stored in the EEPROM 21. The antenna interface 19 includes a bi-directional communication interface that allows for bi-directional contactless communication between the RSAM 14 and the SCI
12. The SCI processor 15 and the RSAM microprocessor 20 are responsive to their respective instruction sets for retrieving data from the RSAM memory.
The SCI processor 15 is coupled to a host computer 25 (constituting a local device) and may also be coupled to a smart card 26 having a contact field (not shown) and having a microprocessor 27 operating in accordance with an instruction set contained within a memory 28 coupled thereto. The contact field of the smart card 26 engages corresponding contacts (also not shown) associated with the transceiver 16 in the SCI 12. Alternatively, a contactless smart card 30 having a coil antenna 31 may effect bi-directional communication with a coil antenna 32 coupled to the transceiver 16 within the SCI 12. The coil antenna 31 of contactless smart card 30 is connected to an antenna interface 33 coupled to a microprocessor 34 operating in accordance with an instruction set stored in a memory 35 coupled thereto. The - 9 -
memory 35 may be an EEPROM operating in similar manner to the EEPROM 21 in the RSAM 14 so as to allow customization of the antenna interface 33.
In such an arrangement the transceiver 16 is a first SCI communication
5 interface for allowing bi-directional contactless communication with the contactless smart card 30, whilst the processor 15 constitutes a second SCI communication interface for allowing bi-directional contact communication with the contact smart card 26 and with the local device 25. If desired, a separate contactless interface may be coupled to the processor 15 for allowing
10 for contactless communication with the local device, be it a host computer or another smart card.
Although data is stored securely in the RSAM 14, authorized parties may retrieve stored data from the RSAM by means of the SCI 12. In the event of a malfunction of the SCI 12 preventing retrieval of data from the RSAM
15 14, the malfunctioning SCI 12 may be replaced by another functional SCI 12.
Fig. lb shows schematically such a system comprising two identical
SCIs. 12 and 12', each in close contactless communication with the RSAM
14. The SCI 12' constitutes an auxiliary SCI which may be used temporarily for the purpose of data retrieval only or as a substitute for the malfunctioning
20 SCI 12 until a replacement is installed. Alternatively, both the SCIs 12 and 12' may be permanently installed and configured for alternate operation, or the system may be configured so that the SCI 12 perform transactions while the SCI 12' retrieves data from the RSAM 14. Since both of the SCIs 12 and 12' are identical, their tasks may be interchanged.
25 Fig. 2a shows schematically yet another arrangement wherein the three elements SCI 12, SCI 12' and RSAM 14 form a group in which the elements are mutually remote from each other. Besides being separate, the communication between the RSAM 14 and either of the SCIs 12 or 12' is contactless. Both the remoteness and the contactless communication ensure that a failure - 10 -
of any of the elements of the group, namely SCI 12. SCI 12' and RSAM 14, will not propagate to any other of the remaining elements of the group. Thus, for example, damage to the SCI 12 will not derogate from the performance of the SCI 12' and vice versa. Furthermore, the collapse of any SCI, 12 or 12', or of both of them, will have no influence on the functioning of the RSAM 14 or on the integrity of the data stored in its memory.
Fig. 2b shows schematically another variation wherein the host 25 is connected by line to two SCIs 12 and 12', in a similar configuration to that depicted in Fig. lb. Each of the SCIs 12 and 12' is coupled to a respective RSAM 14 and 14', the combination of SCI and RSAM constituting a cluster. In practice, many clusters may be connected to the host 25 and each cluster may display a different mix of attached devices.
In all embodiments, the use of contactless communication allows for the SCI 12 to be maintained separate and remote from the RSAM 14 which performs the secure transactions and contains all the transaction data. Contactless communication between the may be achieved by numerous methods, including: radio frequency, microwave, optical communication, infra red, fiber optic and inductive coupling. To keep manufacturing costs low inductive coupling communication is chosen which also allows transmission of energy from a transmitting antenna to a receiving antenna. The transmitting side, here SCI 12, may operate with a matched coil antenna, and the receiving side, in this case the RSAM 14, may possess a tuned coil antenna. Another reason for selecting inductive coupling communication is that it renders possible to power the circuits of the RSAM 14 with the power received from the SCI 12, whereby the RSAM 14 will not need to be self-powered but will rely on the emissions radiated from the SCI 12. This feature is especially important as it allows implementation of DES secured functions that impose a constant power drain on the system. An SRAM powered by batteries is not practical. - 1 1 -
Communication and energy transfer between the SCI 12 and the RSAM 14 is via inductive coupling in accordance with the teachings of US Patent 5,241, 160 entitled "A System and Method for the Non-Contact Transmission of Data", in the name of Bashan et al.. incorporated herein by reference. This patent also explains how the impedance of a cable connecting a coil antenna to a transmitter may be varied without requiring re-tuning of the card resonant frequency.
Using these techniques, the matched coil antenna of the SCI may be connected by a length of SCI cable to the SCI 12 and the SCI cable may be deployed outside of the SCI so that it may be brought close to the tuned coil antenna of the RSAM 14. The distance between the SCI 12 and the RSAM 14 may thereby be significantly increased.
In like manner, the tuned RSAM coil antenna may also be connected to the RSAM 14 by a length of RSAM cable that may extend out of the housing of the RSAM. Moreover, both the SCI cable and the RSAM cable may be extended so that the maximum distance between the SCI 12 and the RSAM 14 is equal to the combined length of both cables. It will be appreciated that either or both of the two coil antennas may be connected via respective cables of equal or unequal lengths. The length of the coil antenna cable is preferably determined as multiples of half-wavelengths, starting from zero for up to eight half- wavelengths. The measured length of such a coil antenna cable depends therefore on the frequency of the carrier signal used. Thus, assuming a carrier frequency equal to 13.56 MHz, one half- wavelength, taking the influence of the cable into account, amounts to 8 m. Preferably the length of the coil antenna cable will not reach more than 48 m and ideally it should be less than 32m. The aforementioned U.S. Patent 5,241,160 lists the factors influencing the relative distance allowed between the two coil antennae and provides information about the distances obtainable. - 12 -
Because the RSAM 14 is prone to theft or to attempted intrusion, advantage may be taken from the fact that the RSAM 14 consists of a separate unit, packaged within an individual housing and remote from the SCI 12. Accordingly, the RSAM 14 may be physically protected, such as secreted behind a wall or embedded in concrete for purposes of concealment as well as for reasons of safekeeping and prevention of removal. With quality assurance and reliability as objectives, the housing of the RSAM 14 may be hermetically sealed against liquids or gases.
The RSAM 14 may thus reside within a housing appropriately reinforced to thwart off forceful intrusion and properly protect against physical destruction, like being clad in steel armor. To avoid shielding of the inductive ' coupling communication by the steel housing, the RSAM coil antenna, with or without a span of cable, protrudes out of the steel housing.
In contrast to this approach, but with the same goal of avoiding theft and intrusion, the housing may be removable for storage in a safe place. This may be realized in practice by providing the housing in the form of a data card.
DES applications are stored in the memory of the RSAM, in a secured area reserved for security applications. The transactions and the data related thereto are also deposited in a secured area of the memory of the RSAM, in known manner. By such means the SAM may be realized in a remote housing.
Referring now to Fig. 3, there will be described a protocol for use with the system described above with particular reference to Fig. 1 of the drawings. Thus, initially a data transaction card is coupled to the SCI that receives a transaction request and prompts the card owner for entry of his secret code (PIN). On entry of a valid PIN, the transaction request is encrypted by the card so as to produce a secure Account Certificate. This is fed. via contact or non-contact communication to the SCI from where it is forwarded to the RSAM via non-contact communication. The transaction data - 13 -
is decrypted by the RSAM so as to authenticate the card. If authentic, then the encrypted Account Certificate is also decrypted so as to produce an encrypted Transaction Certificate. This is fed. via non-contact communication to the SCI from where it is forwarded to the card via contact or non-contact communication. The card now decrypts the transaction data is so as to authenticate the RSAM. If authentic, the transaction is processed and an encrypted Settlement Certificate is prepared for feeding via contact or non-contact communication back to the SCI from where it is forwarded via non-contact communication to the RSAM wherein the transaction data is again decrypted so as to authenticate the card. If authentic, then the purse account is settled. In the event of an invalid card or RSAM, the transaction is aborted arid a suitable message relayed via the SCI.
Whilst preferred embodiments of the invention have been described in detail, it is apparent that many modifications and variations thereto are possible, all of which fall within the scope of the invention as defined in the appended claims.
Thus, for example, whilst in the preferred embodiment a matched antenna is employed in the SCI, it will be understood that a conventional resonant circuit may be employed as is well known in the art.

Claims

- 14 -CLAIMS:
1. A secured data transaction system (10) comprising: a Smart Card Interface (SCI) (12) for interfacing between a local device (25, 26) and a Remote Secure Application Module (RSAM) (14) located remote from the SCI for processing data from smart cards: the SCI (12) comprising: an SCI memory (28, 35) containing a predetermined instruction set, an SCI processor (15) coupled to the memory for operating in accordance with said instruction set, a first SCI communication interface (16) coupled to the SCI processor for allowing bi-directional contactless communication between the SCI and the RSAM; and the RSAM (14) comprising: an RSAM memory (21) containing a predetermined instruction set and comprising a secured area reserved for security applications and for secure storage of data related thereto, an RSAM processor (20) coupled to the RSAM memory for operating in accordance with said instruction set, and an RSAM communication interface (19) coupled to the RSAM processor for allowing bi-directional contactless communication between the RSAM and the SCI; whereby data associated with the smart card interface (12) may be stored in the RSAM memory (21) remote from the smart card interface.
2. The secured data transaction system according to Claim 1, wherein data is retrieved from the RSAM memory via the SCI. - 15 -
3. The secured data transaction system according to Claim 1 or 2, further including an auxiliary SCI (12') for allowing parallel or backup data retrieval from the RSAM memory.
4. The secured data transaction system according to any one of the preceding Claims, wherein the Smart Card Interface includes a second SCI coiΗmunication interface (15) for allowing bi-directional communication with the local device.
5. The data transaction system according to any one of the preceding Claims, wherein: the RSAM contains security means for prevention of unauthorized transactions and unauthorized access to RSAM functions and RSAM memory.
6. The data transaction system according to any one of the preceding Claims, wherein: the SCI communication interface (16) communicates with a smart card and the RSAM by contactless inductive coupling communication.
7. The data transaction system according to Claim 6, wherein: the first SCI communication interface (16) is coupled to an SCI coil antenna (17) operating at a predetermined frequency, and the RSAM communication interface (19) is coupled to an RSAM coil antenna (18) tuned to said predetermined frequency.
8. The data transaction system according to Claim 7, wherein the first SCI communication interface is coupled to the SCI coil antenna (17) by an SCI cable having a length which may be varied without requiring the first SCI communication interface to be re-tuned to said predetermined frequency.
9. The data transaction system according to Claims 7 or 8, wherein the RSAM communication interface (19) is coupled to the RSAM coil antenna (18) by a cable. - 16 -
10. The data transaction system according to Claim 9, wherein the SCI coil antenna (17) and the RSAM coil antenna (18) are in mutual proximity.
11. The data transaction system according to any one of the preceding Claims, wherein the RSAM (14) is displaced from the SCI (12) and is in contactless communication therewith.
12. The data transaction system according to any one of the preceding Claims, wherein the RSAM is housed in a reinforced casing for protection against physical intrusion.
13. The data transaction system according to any one of the preceding Claims, wherein the RSAM is housed in a hermetically sealed casing.
14. The data transaction system according to any one of the preceding Claims, wherein the RSAM is housed in a concealed casing.
15. A secured data transaction system (10) comprising: an SCI (12) for interfacing with smart cards and an RSAM (14) for processing data from smart cards and for providing security functions, the SCI (12) comprising: a processor (15) for operating functions of the SCI, an SCI memory (28) connected to the SCI processor, and an SCI communication interface (16) for bi-directional inductive coupling communication with smart cards and for bi-directional communication with a host device (25); the RSAM (14) comprising: an RSAM processor (20) for operating functions of the RSAM, an RSAM memory (21) connected to the RSAM processor, the RSAM memory comprising a secured area reserved for security applications and for secure storage of transactions and data related thereto, - 17 -
an RSAM communication interface (19) connected to the RSAM processorfor bi-directional inductive coupling communication with at least one SCI, and a data card for containing the RSAM therein, the data card being remote from the SCI; whereby the SCI transfers data exchanges between secured smart cards and the RSAM, the RSAM providing for the secured processing of transactions and the RSAM also providing a secured repository for the transactions and for data related thereto.
16. The data transaction system according to any one of the preceding claims, wherein the SCI also provides energy for functions of the RSAM thereby obviating the need for the RSAM to be self-powered.
PCT/IL1999/000192 1998-04-08 1999-04-06 Secured data transaction system for smart cards WO1999053449A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
AU31657/99A AU3165799A (en) 1998-04-08 1999-04-06 Secured data transaction system for smart cards
CA002327728A CA2327728A1 (en) 1998-04-08 1999-04-06 Secured data transaction system for smart cards
EP99913559A EP1070302A1 (en) 1998-04-08 1999-04-06 Secured data transaction system for smart cards

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IL124008 1998-04-08
IL12400898 1998-04-08

Publications (1)

Publication Number Publication Date
WO1999053449A1 true WO1999053449A1 (en) 1999-10-21

Family

ID=11071407

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IL1999/000192 WO1999053449A1 (en) 1998-04-08 1999-04-06 Secured data transaction system for smart cards

Country Status (4)

Country Link
EP (1) EP1070302A1 (en)
AU (1) AU3165799A (en)
CA (1) CA2327728A1 (en)
WO (1) WO1999053449A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
NL1014956C2 (en) * 2000-04-14 2001-10-16 Jelle Ossenwaarde Method is for secret storage of valuable software and/or personal data in first memory of device connectable to telephone network and comprises identification part with identification code
EP1172754A1 (en) * 2000-07-10 2002-01-16 Sony Corporation IC card data communication method
WO2001086599A3 (en) * 2000-04-14 2002-06-20 Supercom Ltd Smart communications
WO2002017247A3 (en) * 2000-08-24 2003-06-05 Marconi Commerce Sys Inc Wirekess payment systems for retail environments
EP1553510A1 (en) * 2002-06-10 2005-07-13 NTT DoCoMo, Inc. Electronic value transfer device equipped with non-contact ic interface
US8014755B2 (en) 2007-01-05 2011-09-06 Macronix International Co., Ltd. System and method of managing contactless payment transactions using a mobile communication device as a stored value device
US9731208B2 (en) 2005-09-12 2017-08-15 Mattel, Inc. Methods of playing video games

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2079504A (en) * 1980-07-01 1982-01-20 Interbank Card Ass Security system for electronic funds transfer system
US4849927A (en) * 1987-06-12 1989-07-18 Ncr Corporation Method of controlling the operation of security modules
EP0534559A1 (en) * 1991-09-24 1993-03-31 N.V. Nederlandsche Apparatenfabriek NEDAP Chip card allowing remote identification
US5241160A (en) * 1990-12-28 1993-08-31 On Track Innovations Ltd. System and method for the non-contact transmission of data
US5572004A (en) * 1992-12-01 1996-11-05 Landis & Gyr Business Support Ag Method for paying for services and/or goods and apparatus for carrying out the method
FR2740291A1 (en) * 1995-10-20 1997-04-25 Sagem Radiotelephone with housing for connection of micro-circuits

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2079504A (en) * 1980-07-01 1982-01-20 Interbank Card Ass Security system for electronic funds transfer system
US4849927A (en) * 1987-06-12 1989-07-18 Ncr Corporation Method of controlling the operation of security modules
US5241160A (en) * 1990-12-28 1993-08-31 On Track Innovations Ltd. System and method for the non-contact transmission of data
EP0534559A1 (en) * 1991-09-24 1993-03-31 N.V. Nederlandsche Apparatenfabriek NEDAP Chip card allowing remote identification
US5572004A (en) * 1992-12-01 1996-11-05 Landis & Gyr Business Support Ag Method for paying for services and/or goods and apparatus for carrying out the method
FR2740291A1 (en) * 1995-10-20 1997-04-25 Sagem Radiotelephone with housing for connection of micro-circuits

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
NL1014956C2 (en) * 2000-04-14 2001-10-16 Jelle Ossenwaarde Method is for secret storage of valuable software and/or personal data in first memory of device connectable to telephone network and comprises identification part with identification code
WO2001086599A3 (en) * 2000-04-14 2002-06-20 Supercom Ltd Smart communications
EP1172754A1 (en) * 2000-07-10 2002-01-16 Sony Corporation IC card data communication method
US6659343B2 (en) 2000-07-10 2003-12-09 Sony Corporation IC card and IC card data communication method
WO2002017247A3 (en) * 2000-08-24 2003-06-05 Marconi Commerce Sys Inc Wirekess payment systems for retail environments
US7716082B1 (en) 2000-08-24 2010-05-11 Gilbarco, Inc. Wireless payment mat device and method for retail environments
EP1553510A4 (en) * 2002-06-10 2006-06-21 Ntt Docomo Inc Electronic value transfer device equipped with non-contact ic interface
US7416114B2 (en) 2002-06-10 2008-08-26 Ken Sakamura Electronic value transfer device equipped with non-contact IC interface
EP1553510A1 (en) * 2002-06-10 2005-07-13 NTT DoCoMo, Inc. Electronic value transfer device equipped with non-contact ic interface
US9731208B2 (en) 2005-09-12 2017-08-15 Mattel, Inc. Methods of playing video games
US8014755B2 (en) 2007-01-05 2011-09-06 Macronix International Co., Ltd. System and method of managing contactless payment transactions using a mobile communication device as a stored value device
US8019320B2 (en) 2007-01-05 2011-09-13 Macronix International Co., Ltd. System and method of managing contactless payment transactions using a mobile communication device as a stored value device
US8045956B2 (en) 2007-01-05 2011-10-25 Macronix International Co., Ltd. System and method of managing contactless payment transactions using a mobile communication device as a stored value device
US8073424B2 (en) 2007-01-05 2011-12-06 Macronix International Co., Ltd. System and method of managing contactless payment transactions using a mobile communication device as a stored value device
US8275353B2 (en) 2007-01-05 2012-09-25 Macronix International Co., Ltd. System and method of managing contactless payment transactions using a mobile communication device as a stored value device

Also Published As

Publication number Publication date
CA2327728A1 (en) 1999-10-21
AU3165799A (en) 1999-11-01
EP1070302A1 (en) 2001-01-24

Similar Documents

Publication Publication Date Title
US6021494A (en) Electronic micro identification circuit that is inherently bonded to someone or something
JP3790032B2 (en) Authentication settlement method using portable terminal device and portable terminal device
CA2182464C (en) Radio frequency transponder stored value system employing a secure encryption protocol
AU615832B2 (en) Multilevel security apparatus and method with personal key
US6078888A (en) Cryptography security for remote dispenser transactions
EP1132800B1 (en) Non-wire contact device application for cryptographic module interfaces
US20020077992A1 (en) Personal transaction device with secure storage on a removable memory device
KR0125095B1 (en) Data transfer method
EA001415B1 (en) Conditional access method and device
WO2001086599A2 (en) Smart communications
US6371376B1 (en) PCMCIA card with secure smart card reader
CN101939945A (en) A payment method and system for certification by a smart card with a display and a keyboard using one time dynamic cipher code
US7416114B2 (en) Electronic value transfer device equipped with non-contact IC interface
WO2010043974A1 (en) System for secure contactless payment transactions
AU2007224797B2 (en) Method and apparatus for the secure processing of sensitive information
US11783152B1 (en) Chip card with on/off mechanisms
WO2000074007A1 (en) Network authentication with smart chip and magnetic stripe
WO1999053449A1 (en) Secured data transaction system for smart cards
JP2000156718A (en) Protocol conversion adaptor and method for controlling the protocol conversion adaptor
JP2000268137A (en) Recording medium backup method and its execution device
JP2899464B2 (en) Electronic asset data transfer method
JP2000507380A (en) Safety module
KR101140640B1 (en) Terminal Devices for Post Issuing Card Applet and Recording Medium
JP4101561B2 (en) IC card and service information display system
AU8349998A (en) Secure transactions

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
ENP Entry into the national phase

Ref document number: 2327728

Country of ref document: CA

Ref country code: CA

Ref document number: 2327728

Kind code of ref document: A

Format of ref document f/p: F

NENP Non-entry into the national phase

Ref country code: KR

WWE Wipo information: entry into national phase

Ref document number: 1999913559

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 31657/99

Country of ref document: AU

WWP Wipo information: published in national office

Ref document number: 1999913559

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWW Wipo information: withdrawn in national office

Ref document number: 1999913559

Country of ref document: EP