Method and system for identifying and handling critical chip card commands

US 6,435,405 B1
Filed: 11/22/1999
Issued: 08/20/2002
Est. Priority Date: 11/23/1998
Status: Expired due to Fees

First Claim

Patent Images

1. A method for identifying and handling critical card commands of a chip card application, comprising the steps of:

a) transmitting a card command to be executed to a comparison device prior to its execution;

b) comparing the card command to be executed to defined comparison samples to identify critical card commands, said critical card commands comprising commands for at least one of monetary instructions and digital signature;

c) executing the card command if the card command to be executed is not identified as a critical card command by said comparing;

d) delaying of the card command to be executed if it corresponds to a comparison sample in the comparison device; and

e) executing the card command to be executed which is identified as a critical card command by said comparing only if a pre-defined event occurs, said predefined event comprising execution of at least one user-defined user confirmation condition.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device and method for identifying critical card commands and their execution on the chip card. Each card command to be executed is supplied prior to its execution to a comparison device, which can either be a component of the chip card reader or a component independent of this. The comparison device checks with reference to filed comparison samples whether a critical card command is involved. A special comparison process is used for this. If the card command to be executed is a critical card command, it must be additionally confirmed by the user for it to be executed. A particular form of execution consists in comparison samples for identifying critical card commands being deposited during manufacture of the chip card and these being loaded into the working memory of the chip card reader or the comparison device on initialisation of the chip card in the chip card reader.

14 Citations

View as Search Results

28 Claims

1. A method for identifying and handling critical card commands of a chip card application, comprising the steps of:
- a) transmitting a card command to be executed to a comparison device prior to its execution;
  
  b) comparing the card command to be executed to defined comparison samples to identify critical card commands, said critical card commands comprising commands for at least one of monetary instructions and digital signature;
  
  c) executing the card command if the card command to be executed is not identified as a critical card command by said comparing;
  
  d) delaying of the card command to be executed if it corresponds to a comparison sample in the comparison device; and
  
  e) executing the card command to be executed which is identified as a critical card command by said comparing only if a pre-defined event occurs, said predefined event comprising execution of at least one user-defined user confirmation condition.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The method of claim 1, wherein the comparing is conducted by a comparison device which is part of a chip card reader.
  - 3. The method of claim 1, wherein the comparison device is connected in one of incoming and outgoing series to a chip card reader.
  - 4. The method of claim 1, wherein for each critical card command an identical comparison sample is filed.
  - 5. The method of claim 1, wherein the comparison sample describes one or more defined areas of a critical card command.
  - 6. The method of claim 1, further comprising assigning a mask to each comparison sample, the mask determining which areas of the comparison sample are to be compared with which areas of the card command to be executed.
  - 7. The method of claim 6, further comprising, prior to the comparison, both Application Protocol Data Units and comparison sample are logically AND-linked bit by bit to the mask, in order to mask out areas of the card command and comparison sample which are not relevant.
  - 8. The method of claim 6, wherein the mask consists of n bits, every bit of the mask which is set to 1 representing a bit to be checked in the comparison sample.
  - 9. The method of claim 6, wherein the mask and the comparison sample have a same number of bits.
  - 10. The method of claim 6, wherein the comparison samples with their related masks are filed in the non-volatile memory of the comparison device.
  - 11. The method of claim 10, wherein, when a chip card is manufactured, the comparison samples with their related masks are filed in the non-volatile memory of the chip card and on activation of the chip card in a chip card reader, the comparison samples with their related masks contained on the chip card are loaded into the volatile memory of the chip card reader or the comparison device.
  - 12. The method of claim 10, wherein the comparison samples with their related masks are filed write-protected in files or applets in the non-volatile memory of a chip card.
  - 13. The method of claim 6, further comprising adding program code to the comparison samples with related masks in order to display visually on a display device data a critical card command identified by the comparison samples.
  - 14. The method of claim 1, wherein the comparison sample includes class and instruction record byte of a card command.
  - 15. The method of claim 1, wherein the comparison sample includes class and instruction record byte and following parameters bytes of a card command.
  - 16. The method of claim 1, wherein the comparison samples are filed in a non-volatile memory of the comparison device.
  - 17. The method of claim 16, wherein, when a chip card is manufactured, the comparison samples are filed in a non-volatile memory of the chip card and on activation of the chip card in the chip card reader, the comparison samples contained on the chip card are loaded into the volatile memory of the chip card reader or the comparison device.
  - 18. The method of claim 16, wherein the comparison samples are filed write-protected in files or applets in the non-volatile memory of a chip card.
  - 19. The method of claim 1, further comprising a step of displaying data of a card command identified by the comparison sample on a device for the visual display of information.
  - 20. The method of claim 1, further comprising adding program code to the comparison samples in order to display visually on a display device data a critical card command identified by the comparison samples.
  - 21. The method of claim 1, wherein the pre-defined event is a confirmation by a user by pressing one or more keys of a keyboard of a chip card reader.

22. A device for identifying and handling defined card commands, containing at leasta) a non-volatile memory unit;
- b) a list of critical card commands, which can be filed in the non-volatile memory unit, said critical card commands comprising commands for at least one of monetary instructions and digital signature;
  
  c) a comparison device for identifying the critical card commands from the card commands to be executed with reference to the list;
  
  d) a confirmation device for releasing execution of an identified critical card command; and
  
  e) a communications device for producing and implementing communication between a chip card application and a chip card.
- View Dependent Claims (23, 24, 25, 26, 27)
- - 23. The device of claim 22, wherein the communications device is a chip card reader.
  - 24. The device of claim 23, wherein the non-volatile memory unit is part of the chip card reader.
  - 25. The device of claim 23, wherein the comparison device is part of the chip card reader.
  - 26. The device of claim 22, wherein the confirmation device is part of a chip card reader.
  - 27. The device of claim 26, wherein the confirmation device receives input from a keyboard.

28. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method steps for identifying and handling critical card commands of a chip card application, said method comprising the steps of:
- a) transmitting a card command to be executed to a comparison device prior to its execution;
  
  b) comparing the card command to be executed to defined comparison samples to identify critical card commands, said critical card commands comprising commands for at least one of monetary instructions and digital signature;
  
  c) executing the card command if the card command to be executed is not identified as a critical card command by said comparing;
  
  d) delaying of the card command to be executed if it corresponds to a comparison sample in the comparison device; and
  
  e) executing the card command to be executed which is identified as a critical card command by said comparing only if a pre-defined event occurs, said predefined event comprising execution of at least one user-defined user confirmation condition.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Bendel, Peter, Albinger, Elmar, Schaeck, Thomas
Primary Examiner(s)
Lee, Michael G.
Assistant Examiner(s)
WALSH, DANIEL I

Application Number

US09/443,380
Time in Patent Office

1,002 Days
Field of Search

235/375, 235/370, 235/380, 235/379
US Class Current

235/375
CPC Class Codes

G06K 7/0008   General problems related to...

G07F 7/08   by coded identity card or c...

G07F 7/0833   Card having specific functi...

Method and system for identifying and handling critical chip card commands

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

14 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for identifying and handling critical chip card commands

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links