Smart card application protocol data unit

Abstract: An architecture and system uses a smart card for payment of goods and/or services purchased on-line over the Internet A client server on a client terminal controls the interaction with a consumer and interfaces to a card reader which accepts the consumer's smart card A payment server on the Internet includes a computer and terminals that contain security cards to handle the transaction, data store and collection Also connected over the Internet is a merchant server advertising the goods and/or services offered by a merchant for sale on a web site The merchant contracts with an acquirer to accept smart card payments for goods and/or services purchased over the Internet A consumer uses his smart card at the client terminal in order to purchase goods and/or services from the remote merchant server The Internet provides the routing functionality between the client terminal, merchant server and payment server The client terminal emulates a security card in interacting with the smart card, and the responses received are grouped together and sent as a draw request message to the payment server The payment server then emulates the smart card in an interaction with the security card The security card delivers the expected smart card signature to the payment server and/or on to the client terminal or merchant server to reduce message traffic between the entities on the network The comparison of the smart card signature to an expected value can occur at any location Encryption is used for security

Abstract: A computerized system offers a uniform platform for conducting electronic transactions in multiple different environments. The system includes a portable, multi-purpose, integrated circuit (IC) card and complimentary computer software which enables access and management of resources maintained on the IC card. The software runs on a user's personal computer, empowering the user to initialize the IC card, configure the card with the resources that the user wants to maintain on the card, and to manage those resources. The software enables the user to generate private/public key pairs and establish or change passcodes for access to the card resources. The IC card itself provides the electronic vehicle for securely transporting the user's private keys and certificates without exposing them in plaintext form. The IC card is designed with enough processing capabilities to perform rudimentary cryptographic functions so that the private keys may be employed for signing or encryption without ever being released from the card.

Abstract: The embodiments of the present invention teaches a system and method which allows card issuers to securely add applications (305A-305C) during the lifetime of the card (304) after the card has already been issued (post issuance). The system and method according to embodiments of the present invention allows the loading of an application and/or objects from an application server via a card acceptance device and its supporting system infrastructure delivery mechanism, onto a card post issuance in a secure and confidential manner.

Abstract: A unitary, self-contained card (10) which does not require interaction with a fixed terminal device to prevent monitoring of confidential information contained within the card (10). The unitary, self-contained card (10) has the ability to verify a personal identification number (PIN) which is entered directly into the card by way of a keyboard (12) without the use of an outside terminal and produce a transaction identification code (TIC) which varies for each transactional use of the card (10) and which can later be verified to determine the validity of the transaction. The card (10) is capable of storing issue and expiration dates, credit limit balances and other card transactional data. The card (10) can be used in conjuctions with a validation system (102) with provisions for verifying information recorded on the magnetic indicia (22) of the card (10). The card (10) can also be used with peripheral devices (96) which function to verify the validity of the transation from the transaction identification code (TIC).