Method and system for facilitating memory and application management on a secured token

US 7,243,853 B1
Filed: 12/04/2002
Issued: 07/17/2007
Est. Priority Date: 12/04/2001
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a client including a first application; and

a secured token including at least one applet, the applet providing a set of common commands and operable to be instantiated to create at least a first applet instance for the first application, the first applet instance utilizing at least one of the set of common commands provided by the applet used to create the first applet instance, the secured token further providing specification logic configured to allow specification of a first file structure for the first applet instance,wherein the applet is further operable to instantiate a second applet instance for a second application, the specification logic further allowing a second file structure to be specified for the second application such that different first and second file structures are used to store application data for the first and second applications in the secured token.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system including a secured token having a plurality of applets. Each applet supports a plurality of commands and is capable of being instantiated to create one or more applet instances. Each applet instance is capable of supporting the same plurality of commands that is supported by the applet that creates that applet instance. The applet instances can provide different file structures or different access conditions for data on the secured token.

Citations

31 Claims

1. A system comprising:
- a client including a first application; and
  
  a secured token including at least one applet, the applet providing a set of common commands and operable to be instantiated to create at least a first applet instance for the first application, the first applet instance utilizing at least one of the set of common commands provided by the applet used to create the first applet instance, the secured token further providing specification logic configured to allow specification of a first file structure for the first applet instance,wherein the applet is further operable to instantiate a second applet instance for a second application, the specification logic further allowing a second file structure to be specified for the second application such that different first and second file structures are used to store application data for the first and second applications in the secured token.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1 wherein the secured token is a smartcard.
  - 3. The system of claim 1 wherein the client includes a plurality of applications, and wherein the set of common commands provides functionality that is commonly utilized by the plurality of applications.
  - 4. The system of claim 1 wherein the secured token comprises a plurality of applets, wherein the plurality of applets includes a first applet including a first plurality of commands from the set of common commands, the first plurality of commands configured to manage data stored on the secured token, and a second applet including the first plurality of commands and a second plurality of commands from the set of common commands, the second plurality of commands configured to provide passcode management and credential management in connection with management of data stored on the secured token.
  - 5. The system of claim 4 wherein the second plurality of commands allows a holder of the secured token to access data in the secured token using only a single passcode, even if at least one of the first and second applications does not utilize functionality provided by the plurality of applets to manage their respective data on the secured token.
  - 6. The system of claim 4 wherein the first plurality of commands includes a first set of commands that is available when the corresponding applet is in a first state and a second set of commands that is available when the corresponding applet is in a second state.
  - 7. The system of claim 6 wherein the first set of commands includes a select command for selecting a desired applet instance, an initialize command for establishing a secure channel between the client and the secured token, an authenticate command for authenticating the client to the secured token, a store command for storing information when the secured token is in a personalization phase, and an end-personalization command designed to transition the corresponding applet to the second state.
  - 8. The system of claim 6 wherein the second set of commands includes a select command for selecting a desired applet instance, a retrieve command for retrieving information from a desired applet instance, a file read command for reading data from a desired file, a record read command for reading data from a desired record in a file, a file update command for updating data in a desired file, a record update command for updating a desired record, and a verify passcode command for verifying a passcode in order to access the secured token.
  - 9. The system of claim 6 wherein the first set of commands includes a get status command for retrieving information detailing an internal status of the corresponding applet, and wherein the second set of commands includes a get status command for retrieving information detailing an internal status of the corresponding applet, an internal authenticate command for providing credential management services for incoming data, a change passcode command for modifying a passcode used for accessing the secured token, and an unblock passcode command for unblocking the passcode.
  - 10. The method of claim 1 wherein communications with the secured token are protected by secure messaging.

11. A secured token including at least one applet, the applet providing a set of common commands and operable to be instantiated to create at least a first applet instance for a first application, the first applet instance utilizing at least one of the set of common commands provided by the applet used to create the first applet instance, the secured token providing specification logic configured to allow specification of a first file structure for the first applet instance,wherein the applet is further operable to instantiate a second applet instance for a second application the specification logic further allowing a second file structure to be specified for the second application such that different first and second file structures are used to store application data for the first and second applications in the secured token.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The secured token of claim 11 wherein the secured token is a smartcard.
  - 13. The secured token of claim 11 wherein the secured token is adapted to interact with a client that includes a plurality of applications, and wherein the set of common commands is utilized by the plurality of applications.
  - 14. The secured token of claim 11 wherein the secured token comprises a plurality of applets, wherein the plurality of applets includes a first applet associated with a first plurality of commands from the set of common commands, the first plurality of commands configured to manage data stored on the secured token, and a second applet associated with the first plurality of commands and a second plurality of commands from the set of common commands, wherein the second plurality of commands is configured to provide passcode management and credential management in connection with management of data stored on the secured token.
  - 15. The secured token of claim 14 wherein the second plurality of commands allows a holder of the secure token to access the secured token using only a single passcode, even if at least one of the first and second applications does not utilize functionality provided by the plurality of applets to manage their respective data on the secured token.
  - 16. The secured token of claim 14 wherein the first plurality of commands includes a first set of commands that is available when the corresponding applet is in a first state and a second set of commands that is available when the corresponding applet is in a second state.
  - 17. The secured token of claim 16 wherein the first set of commands includes a select command designed for selecting a desired applet instance, an initialize command designed establishing a secure channel between the client and the secured token, an authenticate command designed for authenticating the client to the secured token, a store command designed for storing information when the secured token is in a personalization phase, and an end-personalization command designed to transition the corresponding applet to the second state.
  - 18. The secured token of claim 16 wherein the second set of commands includes a select command for selecting a desired applet instance, a retrieve command for retrieving information from a desired applet instance, a file read command for reading data from a desired file, a record read command for reading data from a desired record in a file, a file update command for updating data in a desired file, a record update command for updating a desired record, and a verify passcode command for verifying a passcode in order to access the secured token.
  - 19. The secured token of claim 16 wherein the first set of commands includes a get status command for retrieving information detailing an internal status of the corresponding applet, and wherein the second set of commands includes a get status command for retrieving information detailing an internal status of the corresponding applet, an internal authenticate command for providing credential management services for incoming data, a change passcode command for modifying a passcode used for accessing the secured token, and an unblock passcode command for unblocking the passcode.
  - 20. The secured token of claim 11 wherein communications with the secured token are protected by secure messaging.

21. A method comprising:
- providing at least one applet on a secured token, the applet providing a set of common commands and operable to be instantiated to create at least a first applet instance for a first application, the first applet instance utilizing at least one of the set of common commands provided by the applet used to create the first applet instance, the secured token further providing specification logic configured to allow specification of a first file structure for the first applet instance; and
  
  instantiating a second applet instance for a second application, the specification logic further allowing a second file structure to be specified for the second application such that different first and second file structures are used to store application data for the first and second applications in the secured token.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 22. The method of claim 21 further comprising providing the secured token, wherein the secured token is a smartcard.
  - 23. The method of claim 21 further comprising:
    - using the first application in a client to interact with the first applet instance.
  - 24. The method of claim 21 further comprising protecting communications with the secured token by secure messaging.
  - 25. The method of claim 21 further comprising using the secured token for financial transactions.
  - 26. The method of claim 21 further comprising providing the secured token, wherein the secured token comprises a plurality of applets, wherein the plurality of applets includes a first applet including a first plurality of commands from the set of common commands, the first plurality of commands configured to manage data stored on the secured token, and a second applet including the first plurality of commands and a second plurality of commands from the set of common commands, the second plurality of commands configured to provide passcode management and credential management in connection with management of data stored on the secured token.
  - 27. The method of claim 26 wherein the second plurality of commands allows a holder of the secured token to access data in the secured token using only a single passcode, even if at least one of the first and second applications does not utilize functionality provided by the plurality of applets to manage their respective data on the secured token.
  - 28. The method of claim 26 wherein the first plurality of commands includes a first set of commands from the set of common commands, wherein the first set of commands is available when the corresponding applet is in a first state and a second set of commands from the set of common commands, wherein the second set of commands is available when the corresponding applet is in a second state.
  - 29. The method of claim 28 wherein the first set of commands includes a select command for selecting a desired applet instance, an initialize command for establishing a secure channel between the client and the secured token, an authenticate command for authenticating the client to the secured token, a store command for storing information when the secured token is in a personalization phase, and an end-personalization command designed to transition the corresponding applet to the second state.
  - 30. The method of claim 28 wherein the second set of commands includes a select command for selecting a desired applet instance, a retrieve command for retrieving information from a desired applet instance, a file read command for reading data from a desired file, a record read command for reading data from a desired record in a file, a file update command for updating data in a desired file, a record update command for updating a desired record, and a verify passcode command for verifying a passcode in order to access the secured token.
  - 31. The method of claim 28 wherein the first set of commands includes a get status command for retrieving information detailing an internal status of the corresponding applet, and wherein the second set of commands includes a get status command for retrieving information detailing an internal status of the corresponding applet, an internal authenticate command for providing credential management services for incoming data, a change passcode command for modifying a passcode used for accessing the secured token, and an unblock passcode command for unblocking the passcode.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.), Visa USA, Inc. (Visa, Inc.)
Original Assignee
Visa USA, Inc. (Visa, Inc.)
Inventors
Hammad, Ayman, Simcox, Virginia I., Levy, Philippe, Gorden, Mary, Sloan, Jerry
Primary Examiner(s)
Lee; Michael G.
Assistant Examiner(s)
Koyama; Kumiko C.

Application Number

US10/310,748
Time in Patent Office

1,686 Days
Field of Search

235/379, 235380-382, 235/441, 235487-488, 235/492, 705 64- 66, 705/41, 713/159, 713/172, 194/205, 361/737, 707/101
US Class Current

235/492
CPC Class Codes

G06F 21/77   in smart cards

G06F 2221/2105   Dual mode as a secondary as...

G06F 2221/2153   Using hardware token as a s...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3574   Multiple applications on card

G07F 7/1008   Active credit-cards provide...

Method and system for facilitating memory and application management on a secured token

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for facilitating memory and application management on a secured token

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links