Open Smart Card Development Platform

Abstract: A transaction server for performing a transaction over a network using a virtual smart card the server comprising, a virtual smart card database having a plurality of records each record including a virtual card identification and a value corresponding to a single virtual smart card; a security module; an emulator for emulating a smart card, the emulator for receiving smart card commands and processing the commands in conjunction with the virtual smart card database and the security module; and a virtual card reader module for receiving the smart card commands and relaying the commands to the smart card emulator whereby transactions are performed over the network using one or more the records and the virtual smart card database.

Abstract: Smart token technology, using a smart card, PCMCIA card or any other medium containing storage or processing capability is used to facilitate a variety of secure business transactions, including those which might occur over an unsecured network such as the Internet. Application programs can obtain a variety of smart token services using a common application programming interface. Applications of the smart token technology to electronic cash, banking, credit, computer and network access, software distribution, medical handling and issuance of credentials are presented.

Abstract: A smart card architecture (10) includes a run-time environment (102), a card manager (104), one or more security domains (106, 108), a provider application (114) and an issuer application (112). One or more APIs (110, 122) provide communication. The life cycle (200) of the card and card manager includes states: Pre-production, Ready, Initialized, Secured, Locked and Terminated. The life cycle (220) of an application includes states: Installed, Selectable, Personalized, Blocked, Locked and Deleted. A card registry (250) keeps track of card manager and application data elements. The functionality of a security domain on a smart card is extended to allow it to perform delegated management of smart card applications: delegated loading, installation (figures 7A-7D) and/or deletion of an application. A provider of an application is assured of more direct control and management of their application, yet an issuer still maintains some control over the management of the card. The card issuer empowers application providers to initiate changes to the issuer's smart cards that are pre-approved by the card issuer. A method of delegated loading of an application onto a smart card (604) first receives a load command (500) from an application provider via a card acceptance device. The load command includes an indication of an application to be loaded (516) an an appended command authentication pattern (514). Next, the load command is verified using the command authentication pattern. Then, an application (564) is received from an application provider via the card acceptance device; the application also includes an appended application authentication pattern (562) which is used to verify the application. Finally, the application is loaded into memory of the smart card (604).

Abstract: Automated mass production of smart cards is applicable to either single application or multi-application smart cards, and can be customized. A scripting language combines all of the production aspects of a card into a script. The script is applied to a card production system that automatically produces a custom smart card. To produce a script, a card profile, application profiles, and an issuer profile are used. The card profile describes the resources available on the card and documents the card's software infrastructure, the available resources, memory, applications already on place on the card, the life cycle status of all applications, and physical attributes of the card. Application requirements are documented in an application profile. An application profile identifies the application source code and includes the resource requirements of an application such as memory, operating system version, security, and card physical requirements. For a given card product, the selected application profiles are compared for compatibility. These profiles are checked for compatibility with any number of card profiles to find a suitable card profile. A script is built based upon the selected application profiles and card profile. The script is a natural language description of the functions and data required to produce a single- or multi-application smart card. This creation includes initialization and personalization, and the loading of application code when not already in place on the card. An updated card profile is created when a script is produced. The updated profile describes the card and its resources after an application has been loaded, and is used to create a script to load, initialize and personalize applications onto a card post-issuance, or in a multi-step production process.