(19)
`
`(12)
`
`Europdisches Patentamt
`
`European Patent Office
`
`Office européen des brevets
`
`(11)
`
`EP 0 818 761 Al
`
`EUROPEANPATENTAPPLICATION
`
`(48) Date of publication:
`14.01.1998 Bulletin 1998/03
`
`(21) Application number: 96202832.0
`
`(22) Dateoffiling: 11.10.1996
`
`(84) Designated Contracting States:
`AT BE CH DE DK ES FIFRGB GRIEITLILUMC
`NL PT SE
`
`(30) Priority: 12.07.1996 EP 96201967
`
`(71) Applicant:
`Koninklijke PTT Nederland N.V.
`2509 CH Den Haag (NL)
`
`(51) Int. cL.8: GO7F 7/10
`
`
`
`(72) Inventors:
`« Drupsteen, Michel Marco Paul
`1816 NA Alkmaar (NL)
`* Feiken, Albertus
`1186 TD Amstelveen (NL)
`
`(74) Representative:
`de Bruijn, LeendertC.et al
`Nederlandsch Octrooibureau
`P.O. Box 29720
`2502 LS Den Haag (NL)
`
`(54)
`
`Integrated circuit card, secure application module, system comprising a secure application
`module and a terminal and a method for controlling service actions to be carried out by the
`secure application module on the integrated circuit card
`
`Anintegrated circuit card (=ICC) with file ori-
`(57)
`ented memorystructure, a secure application module
`(=SAM) with file oriented memory structure, a system
`comprising a SAM and a terminal and a method for con-
`trolling service actions in a multiple service application
`mechanism to be carried out by the terminal on the ICC
`including the following steps:
`
`a. establishing whether said terminal is allowed to
`
`carry out said service action on said integrated
`service card by using at least one key stored both
`on said ICC and on said SAM and by checking on
`said SAM predetermined access rights stored on
`said SAM, and
`b. carrying out said service action on said inte-
`grated service card.
`
`tj q -]
`
`4
`
`o
`
`7
`
`-
`
`Collect service
`~~ parameters — ~~
`
`perform
`service
`action —
`--
`c
`
`~ ~
`
`~
`
`COLLECTION
`SESSION
`
`3
`
`data sollect
`system
`~~ ~load_ se
`paramerer
`
`.
`
`“
`
`~ ~
`
`ice_-—-—" 4We for
`
`update
`~
`—— — ~ service object
`terminal
`™
`SERVICE
`TRANSACTION
`
`1
`
`“7
`service
`
`5
`
`,
`
`SAMSUNG 1023
`
`‘P0818761A1
`
`1
`
`SAMSUNG 1023
`
`

`

`1
`
`EP 0 818 761 Ai
`
`2
`
`Description
`
`Background of the Invention
`
`The present invention relates to an integrated cir-
`cuit card provided with memory meansstoring service
`data relating to at least one service.
`Such integrated circuit cards are now widely used.
`The present inventionis intended to be used in multiple
`application authorization mechanisms. Examples of
`multiple application authorization mechanisms have
`been described beforein, e.g., US-A-5,473,690, WO-A-
`92/06451, EP-A-0,640,945, EP-A-0,644,513, WO-A-
`87/07060, EP-A-0,262,025 and EP-A-0,661,675.
`These known multiple application authorization
`mechanismsshare a direct memory access structure in
`which no directories and files are used. A commonfea-
`ture of the known mechanismsis to use a secret code to
`
`check whether a secure application module is allowed
`to access an application, indicated by a uniqueidenti-
`fier, on the integrated circuit card. Whenever a secure
`application module wishes access to this application
`this secret code needsto be reproduced.
`Since these known mechanismsdo notuse directo-
`
`ries orfile structures the presence of access tables on
`the integrated circuit cards is required. These access
`tables comprise several entries constituted of the secret
`code for a predetermined application, the related mem-
`ory locations on the integrated circuit card used for this
`application and the related access rights associated
`with this application like read/write rights, PIN, etc..
`Mostly, a secret key is required to avoid disclosure of the
`secret code.
`
`A disadvantage of the known mechanismsreferred
`to aboveis that the access tables on the integrated cir-
`cuit card occupy memorylocations. Since nowadays an
`integrated circuit card only has about 8 kilobits memory
`space available this is a serious disadvantage.
`
`Summary of the invention
`
`10
`
`16
`
`20
`
`26
`
`30
`
`35
`
`40
`
`tect write accessto thefirst and secondfiles.
`
`By means of a memory on the integrated circuit
`card structured as defined aboveit is enough to store
`only one or two keys on the card which are commonto
`several service applications. Thus, less overhead data
`relating to any of the service applications on the card is
`required and more service applications can be sup-
`ported by the integrated circuit card.
`In one embodiment, at least one profile part also
`comprises data relating to an expiry date of the service
`slot concerned. Such data relating to an expiry date
`may be checked by the secure application module
`which is communicating with the integrated circuit card.
`If it is established that the date has already expired the
`service slot concerned is available to any other new
`service application. Thus, no complicated arrange-
`ments have to be provided for between the hardware
`provider, the provider of the software and the party who
`is providing the service to the user of the integrated cir-
`cuit card. The availability of a service slot of which the
`expiry date has expired can be checked automatically.
`When there are different application providers of
`the software related to several services the service slots
`
`are preferably structured such that they comprise their
`ownprofile part and their own data part, the profile parts
`being implemented as records of the first file and the
`data parts being implemented as records of the second
`file, the memory meansstoring a further key to protect
`accessto thefirst file. In such a case theseservice slots
`
`may becalled "generic service slots”.
`However, when there is only one application pro-
`vider of the software for several services, preferably the
`implemented service slots share one commonprofile
`part but any service slot comprises its own data part,
`the commonprofile part being implemented as one
`record of the first file and the data parts being imple-
`mented as separate records of the secondfile. These
`service slots may be called "dedicated service slots”. In
`such a case,the first file only comprises one record,
`thus saving required memory space for the profile part
`data.
`
`46
`
`The directory of the integrated circuit card may be
`The object of the present invention is to provide an
`extended by a third file such that at least one service
`integrated circuit card having its memory organized in a
`slot comprises an additional data part in the third file for
`directory andfile structure and in which memory space
`storing additional data. Some service applications need
`is saved by reducing the overhead data on the inte-
`a lot of additional data which maybe stored in such an
`grated circuit card per application.
`additional data part.
`To obtain this object the present invention provides
`The present invention also relates to a secure appli-
`an integrated circuit card as defined in the preamble of
`cation module equipped to communicate with an inte-
`claim 1 which is characterized in that at least part of the
`memory means comprisesservice data in file structures
`grated circuit card according to any of the claims 1
`
`within one directory comprisingafirst file and a second through 7, provided with memory meansstoring service
`file, service data being grouped together in service
`data relating to at least one service, characterised in
`slots, any service slot being divided into a profile part
`that at least part of the memory means comprisesserv-
`and a data part, any profile part having a slot number,
`ice data in file structures within one directory, the direc-
`and being storedin the first file and comprising a unique
`tory comprising at least one file, the at least one file
`application identifier and any data part being stored in
`storing service data relating to one single service
`the secondfile and comprising data relating to the serv-
`grouped togetherinto.
`ice, the memory meansstoring at least one key to pro-
`
`50
`
`55
`
`2
`
`

`

`3
`
`EP 0 818 761 Al
`
`4
`
`-
`
`-
`
`-
`
`-
`
`-
`
` application/service definition data comprising a
`unique service identifier and data indicating a serv-
`ice type;
`at least two application counters for administrating
`the number of allocations and for generating a
`unique record transaction number;
`aservice sequence counter for generating a unique
`object number and administrating the numberof
`created service objects;
`a service float for administrating the number of
`either issued or received value units and
`
`data relating to access rights defining service
`actions allowed to be performed by predefined ter-
`minals,
`andin that the memory means comprisesat
`least a first key and a second keyfor protecting any
`data communication with an integrated circuit card.
`
`The service definition data and the keys on the
`secure application module are used for the manage-
`ment of the service application, which was controlled by
`accesstables on the integrated circuit card in the mech-
`anisms according to the prior art. Thus, management
`control data is now stored on the secure application
`module instead of on the integrated circuit card. How-
`ever, this is no serious disadvantage since the available
`memory space on the secure application module is less
`critical than on the integrated circuit card itself. Moreo-
`ver, such a construction has several advantages.
`First of all, the managementof the applications may
`be realized more easily since the issuer of the inte-
`grated circuit cards is always able to establish a direct
`link between the secure application module and a cen-
`tral data collect system which is more difficult between
`the integrated circuit cards and the central data collect
`system.
`Secondly, different service acceptants, i.e. parties
`which establish direct links between integrated circuit
`cards and the secure application module to facilitate a
`service, may be authorized to different access rights.
`The secure application module can easily check which
`service actions are allowed to a service acceptant to be
`carried out on an integrated circuit card, e.g. adding loy-
`alty points, subtracting loyalty points, or only displaying
`a total numberof loyalty points present on the integrated
`circuit card.
`
`By using records within thefile structure of the serv-
`ice slot mechanism, the use of access tables on the
`integrated circuit cards is avoided. The secure applica-
`tion module will always only allow use of a specified
`record numberthat has been read in a secured way.
`The presentinvention also relates to a system com-
`prising a secure application module according to the
`invention and at
`least one terminal coupled to the
`secure application module, the terminal being equipped
`to communicate with the secure application module and
`with at
`least one integrated circuit according to the
`invention in order to control a service carried out on the
`
`10
`
`15
`
`20
`
`25
`
`30
`
`3
`
`40
`
`45
`
`50
`
`55
`
`at least one integrated circuit card.
`Moreover, the present invention relates to a method
`for controlling a service action to be carried out by a ter-
`minal on an integrated circuit card according to any of
`the claims 1 through 7, the terminal being coupled to
`both a secure application module according to any of
`the claims 8 or 9 and to the integrated circuit card,
`including the following steps:
`
`a. establishing whether the terminal is allowed to
`carry out the service action on the integrated serv-
`ice card by using at least one code andat least one
`secret key, both the at least one code and the at
`least one key being stored on both the integrated
`circuit card and the secure application module and
`by checking predetermined accessrights, and
`b. carrying out the service action on the integrated
`service card;
`c. checking step b. on the terminal,
`characterised in that:
`
`the checking predetermined accessrights in
`step a is carried out on the secure application mod-
`ule using the data relating to access rights stored
`on the secure application module and the at least
`one code.
`
`in the method according to the invention
`Thus,
`more steps of the application mechanism are carried
`out on the secure application module than in methods
`accordingto the prior art. This saves memory space on
`the integrated circuit cards and simplifies management
`of multiple applications on integrated circuit cards.
`Since the available memory spacein secure appli-
`cation modulesis lesscritical than on integrated circuit
`cards the number of possible access rights may be
`rather large. Access rights may be defined in more ways
`than only read or write. In accordancewith the invention
`access rights may relate to creating, erasing, increas-
`ing, decreasing, validating, marking, and verifying serv-
`ice slots on the integrated circuit card and to modifying
`additional data parts if present. These are only exam-
`ples: other types of access rights may be implemented
`on the secure application module.
`In an alternative embodiment the method defined
`
`aboveis characterised by the following step prior to the
`step of checking predetermined access rights in step a:
`reading out service data from the service slot and stor-
`ing in the secure application module a predetermined
`data part of the data which has to remain unchanged;
`and bythe step of carrying out step b. without changing
`the predetermined part of the data on the integrated cir-
`cuit card.
`
`Brief description of the Drawings
`
`The present invention will be explained below with
`reference to some drawings. These crawings are only
`meantto illustrate the present invention and notto limit
`
`3
`
`

`

`5
`
`EP 0 818 761 Ai
`
`6
`
`its scope.
`
`Figure 1 shows processes to support integrated cir-
`cuit card serviceslike an "electronic purse”facility;
`figure 2 shows a schematic flow diagram of method
`steps carried out in an integrated circuit card, a ter-
`minal, and a secure application module, respec-
`tively, to support such a service in accordancewith
`the prior art;
`figure 3 showsa structure for several secure appli-
`cation module facilities;
`figure 4 shows a service application environment
`on anintegrated circuit card which may be usedfor
`services of the sametype,originating from different
`application providers (generic service slots);
`figure 5 showsa structure of an alternative service
`application environment for services of different
`types, originating from one application provider only
`(dedicated serviceslots);
`figure 6 showsa structure of a service application
`environment of a secure application module in
`accordancewith the present invention;
`figure 7 shows a secure application module andits
`relation between several parties involved for provid-
`ing and facilitating a service;
`figure 8a shows a schematic flow diagram of
`method steps carried out on an integrated circuit
`card, a terminal and a secure application module,
`respectively, for carrying out one of the following
`service actions: creating, erasing, or modifying a
`service object:
`figure 8b shows an amendedflow diagram of the
`one shownin figure 8a, whichillustrates steps for
`carrying out one of the following service actions:
`increasing, decreasing, validating, and marking an
`existing service object;
`figure 9 shows an example of the exact structure of
`a service slot.
`
`Detailed description of the embodiments
`
`As shownin figure 1, in accordancewith the state of
`the art, an integrated circuit card 1 may be loaded with
`one or more services, like an "electronic purse” facility.
`Auser 5 mayinsert the integrated circuit card 1 into suit-
`able connection means(not shown)of a terminal 2. The
`terminal 2 is coupled to a secure application module 3.
`A data collect system 4 is coupled to the secure applica-
`tion module 3 via the terminal interface. The connec-
`
`the secure application
`tions between the terminal 2,
`module 3, the data collect system 4, and the integrated
`circuit card 1, respectively, may be either by conven-
`tional wires, optical fibres or by any wireless transmis-
`sion technique.
`The terminal 2 operates as an interface between
`the integrated circuit card 1 and the secure application
`module 3.
`
`In orderto facilitate the description, several defini-
`
`tions used will be statedfirstly.
`Service type: the type of card-related service to be
`used by a card holder 5. Examples of service types are
`the electronic purse, loyalty counters, loyalty coupons,
`identifiers, subscriptions,
`tickets, e.g.
`to be used for
`parking, public transport, cinema, concerts, etc..
`Service application: the set of necessary service
`objects to be stored on the integrated circuit card 1 and
`on the secure application module 3, to be used for the
`exploitation of the service. Examples of service objects
`are: loyalty points, tickets, subscriptions, etc..
`Service parameter: a service object that is neces-
`sary for the secure application module 3 in orderto facil-
`itate a service application, e.g., the application identifier,
`service identifier, service accessrights,etc..
`Serviceaction: the (authorized) execution of one or
`more software routines which results in the modifica-
`
`tion, creation or elimination of the service object, for
`example, the creation or verification of a ticket or the
`increase or decrease ofloyalty points on a loyalty cou-
`pon.
`
`Service accessrights: a defined authorization rule
`for the use of a certain service action by a predeter-
`mined terminal; some terminals may, for example, only
`have the right to read the numberof loyalty points on a
`integrated circuit card 1, whereas others may have the
`authorization to modify this numberof loyalty points.
`Serviceobject: the service related data structure
`that is securely stored on the integrated circuit card and
`which can be modified by a service (object) action (e.g.
`tickets, coupons,loyalty counters).
`Hardware provider: the party which provides the
`integrated circuit card 1
`to the card issuers and the
`secure application module 3 to the card acceptants.
`Theseintegrated circuit cards 1 and secure application
`modules 3 will be provided with basic applications for
`the use of, for instance, the electronic purse. Part of the
`memory of the provided integrated circuit cards 1 and
`the secure application modules can be used for the stor-
`age of further applications to be determined by the card
`issuer/card acceptant.
`Card issuer: the party which issues the integrated
`circuit card 1
`to customers. This party determines the
`optional applications on the integrated circuit cards 1,
`usually after a legal agreement with the hardware pro-
`vider.
`
`Card acceptant: the party which buys the neces-
`sary secure application modules 3 from the hardware
`providerin order to offer several card-related services to
`the card holders 5. These secure application modules 3
`mustbe linked to the terminal(s) 2 of the card acceptant.
`The card acceptant determines the optional applica-
`tions on the secure application module 3, usually after a
`legal agreement with the hardwareprovider.
`Application provider:
`the party which facilitates
`these card-related services, by meansofstoring service
`application modules on the integrated circuit card 1 and
`on the secure application modules 3. This party must
`
`10
`
`16
`
`20
`
`26
`
`30
`
`35
`
`40
`
`46
`
`50
`
`55
`
`4
`
`

`

`7
`
`EP 0 818 761 Al
`
`8
`
`also provide the necessary terminal software to be
`stored in the terminal(s) 2 of the card acceptant.
`Service provider:
`the party which (financially)
`exploits the card-related service offered by a card
`acceptant andfacilitated by an application provider.
`Service acceptant: the party which establishes the
`direct link betweenthe card holder 5 and a certain serv-
`ice via an on-line service host or via an off-line service
`
`terminal 2. This party performs the service actions on
`the stored service object, for whichit is allowed to use.
`Card holder 5: the customer who usesthe inte-
`
`grated circuit card 1 for several services by meansof
`establishing the necessary link between the integrated
`circuit card 1 and the terminal2, e.g., by inserting the
`Chipperin a retailer's reader or by communicating via a
`Tele-Chipper®.
`As shownin figure 1, the terminal 2 controls any
`service transaction after a customer 5 has connected
`
`his integrated circuit card 1 to the terminal 2. The termi-
`nal 2 performs any service action to be made and
`updates the service object on the integrated circuit card
`1. At the sametime, the terminal 2 performs the neces-
`sary actions on the secure application module 3.
`The data collect system 4 collects service parame-
`ters from and loads service parameters on the secure
`application module 3 in a collection session.
`is
`The collection session as indicated in figure 1
`known to personsskilled in the art and is not explained
`in detail here.
`
`As indicated above, several multiple application
`authorization mechanisms have been described before,
`like
`in US-A-5.473.690, WO-A-92/06451,
`EP-A-
`0.640.945, EP-A-0.644.513, WO-A-87/07060, and EP-
`A-0.262.025 and EP-A-0.661.675. These known multi-
`
`ple application authorization mechanisms sharea direct
`memory access structure, i.e., without directories and
`files structures. A secret code C is used for accessing
`the application with an identifier | on the integrated cir-
`cuit card 1. Whenever a secure application module 3
`wishesto accessthis application it must be able to gen-
`erate this secret code C. This secret code C may be
`encrypted whenit is supplied to the integrated circuit
`card 1 to avoid its disclosure to the outside world. Alter-
`
`natively, this code G may be processed with a message
`authentication code (MAC)in order to avoid any modifi-
`cation by the outside world. As a further alternative, this
`code C may besupplied directly. A control mechanism
`on the integrated circuit card 1 may count how many
`times a wrong code C is supplied.
`A second featureofall these known mechanismsis
`
`the presenceof an accesstable on the integrated circuit
`card 1. Mostly, such a table comprises a plurality of
`entries consisting of 1) the secret code C for a specific
`application, 2) related memory locations M on the inte-
`grated circuit card 1 used by that application (e.g. refer-
`ring to zones, number of bytes, offsets, records, etc.)
`and 3) related accessrights A applicable to this applica-
`tion (e.g.
`read/write rights, PIN, etc.). When either
`
`10
`
`15
`
`20
`
`25
`
`30
`
`3
`
`40
`
`45
`
`50
`
`55
`
`option 1 or option 2 is used a secret key Ksis required.
`Figure 2 shows a schematic flow diagram broadly
`summarizing the mechanism according to the prior art
`when writing data D on a memory location M of the
`application related to the code C. Four phases can be
`distinguished: the initialization phase in which several
`parameters are stored in the integrated circuit card
`(ICC) 1 and the secure application module (SAM)3, the
`application access phase in which the integrated circuit
`card 1 checks whetherthe secret code C as supplied is
`correct,
`the application request phase in which the
`request to write data D on the memory location M is
`made, and the request authorization execution phasein
`which the terminal is authorized to write data on mem-
`
`ory location M given accessrights A and code C. The
`use of random numbers RND is optional but is required
`to avoid so-called "replay attacks". A random number
`RND is used by the secure application module 3 to
`encrypt the code C when the secret code C is to be
`transferred from the secure application module 3 to the
`integrated circuit card 1. The integrated circuit card 1 is
`equipped to decode the encoded secret code C. Thus,
`the terminal 2 whentransferring the encrypted secret
`code C from the secure application module 3 to the inte-
`grated circuit card 1 does not know the value of the
`secret code C and will not be able to carry out anyfur-
`ther action on the integrated circuit card 1 without being
`authorized.
`
`The flow diagram of figure 2 is separated into three
`parts relating to the integrated circuit card (ICC) 1, the
`terminal 2, and the secure application module (SAM)3,
`respectively.
`In step 201, the integrated circuit card 1 stores the
`following set of parameters for an application: an identi-
`fier |, a secret code C, a memorylocation M, and access
`rights A.
`In step 202, the integrated circuit card 1 stores a
`secret key Ks.
`in step 203, the secure
`In theinitialization phase,
`application module 3 stores an application identifier I’
`and a secret code C’. In step 204, the secure application
`module stores the secret key Ks.
`For the same application,
`it is required that
`and G=C'.
`
`| = |’
`
`In the application access phase the following steps
`are carried out.
`
`In step 205 the integrated circuit card 1 generates a
`random number RND whichis stored in step 206.
`In step 207, the random number RND is transmitted
`to the terminal 2.
`
`Step 208 indicates that the terminal 2 is waiting for
`receipt of the random number RND.Aslong as the ran-
`dom number RND hasnot beenreceived the terminal 2
`
`remains waiting.
`As soon asthe terminal 2 has received the random
`number RND it transfers the random number RND,in
`step 209, to the secure application module 3.
`Step 210 indicates that in the application access
`
`5
`
`

`

`9
`
`EP 0 818 761 Ai
`
`10
`
`phase the secure application module 3 waits until the
`random number RND hasbeenreceived.
`As soon as the random number RND has been
`
`dom number RND in step 227 to the terminal2.
`Step 228 indicates that the terminal 2 is waiting
`until the random number RND is received.
`
`received the secure application module 3 computes the
`value of a parameter Y in accordance with:
`
`Y := Enc(RND,C’')Ks
`
`Thus, the parameter Y is an encrypted form of the
`secret code C’, the value of Y being determined by the
`value of the random number RND asreceived in step
`210 and bythe secret key Ks.
`In step 212, the secure application module 3 trans-
`mits the application identifier I’ and the parameter Y to
`the terminal2.
`
`Step 213 indicates that the terminal 2 is waiting for
`receipt of the application identifier I' and the parameter
`Y.
`
`As soon as the terminal 2 receives the application
`identifier I' and the parameterY, it transfers the applica-
`tion identifier I' and the parameterY to the integrated cir-
`cuit card 1.
`
`Step 215 indicates that the integrated circuit card 1
`is waiting until it has received the application identifier I’
`and the parameter Y.
`|' and the
`As soon as the application identifier
`parameter Y have been received the integrated circuit
`card 1 searches the entry on the application identifier I’,
`as indicated in step 216.
`Then, the integrated circuit card 1 computes the
`value of a parameter X in accordance with:
`
`10
`
`16
`
`20
`
`26
`
`30
`
`X := Dec(RND,C)Ks
`
`If So, in step 229, the random number RND is trans-
`ferred to the secure application module 3.
`Step 230 indicates that the secure application mod-
`ule 3 is waiting until the random number RND has been
`received.
`After the terminal 2 has transferred the random
`
`in step 231,
`number RND in step 229 the terminal 2,
`starts the write operation by sending a write request to
`the secure application module 3.
`Step 232 indicates that the secure application mod-
`ule 3 is waiting until such a write request has been
`received.
`If so,
`it computes,
`in step 233, the value of
`parameter Y in accordancewith:
`
`Y = MAC(RND,D,M)Ks
`
`Thus, Y is obtained by a message authentication
`code (MAC) operation on the values of the random
`number RND, the data D and the memorylocation M by
`using secret key Ks.
`In step 234, the secure application module 3 trans-
`mits Y to the terminal 2.
`
`Step 235 indicates that the terminal 2 is waiting
`until Y has beenreceived.
`
`If so, the application authorization execution may
`start.
`
`In the application authorization execution phase the
`terminal 2 starts with a request to write data D on mem-
`ory location M in the integrated circuit card 1 given the
`computed value of Y. This is indicated by reference
`number236.
`
`Whende secret codeC is equal to the secret code
`In step 237 the integrated circuit card 1 waits until
`such a write request has been received.
`C’, then, the value of parameter X needs to be equalto
`the value of
`the parameter Y. This equivalence is
`If so,
`the integrated circuit card 1 computes the
`
`checked in step 218 where a Boolean parameterRis value of parameter X in accordance with:
`computed in accordance with a Boolean operation
`X=Y?
`
`X := MAC(RND,D,M)Ks.
`
`35
`
`40
`
`In step 219 the Boolean value of parameter R is
`transmitted to the terminal 2.
`
`The terminal 2 is waiting in step 220 for receipt of
`the parameter R. As soon as parameter R has been
`received, in step 221, the terminal 2 checks whether R
`= true.If not, the terminal 2 will generate an error mes-
`sage in step 222 which may be shown to the user
`through suitable display means (not shown).
`lf R = true, the application request phase maystart.
`In the application request phase the terminal 2
`requests,
`in step 223, the integrated circuit card 1
`to
`generate a random number RND.
`Step 224 indicates that the integrated circuit card 1
`is waiting for such a request.
`After receipt of said request, in step 225, the inte-
`grated circuit card 1 generates a random number RND,
`whichis stored in step 226.
`Then, the integrated circuit card 1 transmits the ran-
`
`46
`
`50
`
`55
`
`if the value of key Ks has been properly
`Thus,
`stored both on the integrated circuit card 1 and the
`secure application module 3, X will be equal to Y. This is
`checked in step 239, where the integrated circuit card 1
`computesthe value of Boolean parameter R in accord-
`ance with X = Y?
`
`In step 240, the integrated circuit card 1 establishes
`whetherthe terminal 2 is authorized to write the data D
`
`on memorylocation M, given the values of the access
`rights A and the secret code C.If not, in step 241, the
`integrated circuit card 1 may generate an error message
`which may be sent to the terminal 2 for display on dis-
`play means (not shown).
`If the terminal 2 is authorized to write, then, the inte-
`grated circuit card 1 will write the data D on memory
`location M, as indicated in step 242.
`In step 243, the integrated circuit card 1 transmits
`
`6
`
`

`

`11
`
`EP 0 818 761 Al
`
`12
`
`the value of Boolean parameter R to the terminal2.
`Step 244 indicates that the terminal 2 is waiting
`until the Boolean parameter R has been received.
`lf so, the terminal 2 evaluates the Boolean parame-
`ter R in step 245 to check whether the write operation
`has been executed correctly.
`Steps 246, 247 and 248 indicate the end of the
`processing on the integrated circuit card 1, the terminal
`2 and the secure application module 3, respectively.
`Although figure 2 relates to a write operation it may
`be clear to a person skilled in the art that this is an
`example only. Read operations and other operations
`may be processed in the sameway, in accordance with
`the prior art.
`Thus, from figure 2 it may be clear, that, in accord-
`ancewith the prior art, in multiple application authoriza-
`tion mechanisms,
`the
`integrated
`circuit
`card
`1
`comprises a table for any individual application. Any of
`these tables comprises an application identifier
`|, a
`secret code C,an indication of the memory zones M
`wherethe application has been stored, and a definition
`of access rights A optionally linked to more than one
`service acceptant.
`the multiple
`Contrary to this known mechanism,
`application authorization mechanism according to the
`presentinvention is based on a directory andfile struc-
`ture in the memoryof the integrated circuit card 1. More-
`over,
`in accordance with the present
`invention no
`accessright tables are stored on the integrated circuit
`card 1
`itself but are stored in the secure application
`module, thus, saving memory spacein the integrated
`circuit card 1.
`
`In practice, on one physical secure application
`module 3 both an electronic purse application and one
`or more other services must be implemented. These
`services must be clearly separated from one another.
`In accordance with the invention, a "service slot
`mechanism’is usedto facilitate the service applications
`other than the already existing electronic purse applica-
`tion. This will be explained below.
`Figure 3 schematically indicates that within the
`secure application module 3 a service slot mechanism 7
`must co-exist with an existing electronic purse mecha-
`nism 8. Both the service slot mechanism 7 and the elec-
`
`tronic purse mechanism 8 are implemented by means
`of generic secure application module facilities, such as
`internalfiles and an internal finite state machine.
`
`Below, an example of using service slots will be
`given.
`In this example the previously stated definitions
`will be used whichare, thus, furtherclarified.
`It is assumed that a "generic service slot” (which
`will be explained with reference to figure 4) is used in
`the example.
`If one of the definitions given above is
`used, it is printed in italics.
`A local shopping centre (service provider) decides
`to begin a regional loyalty schemefor the frequentvisi-
`tors (card holders) of the centre. The wish of the centre
`is that all retailers (service acceptanis) which are partic-
`
`10
`
`15
`
`20
`
`25
`
`30
`
`3
`
`40
`
`45
`
`50
`
`55
`
`ipating in the loyalty scheme mustbe able to safely store
`points (service 1) on the integrated circuit card 1. Most
`of th