Classifications

• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07F—COIN-FREED OR LIKE APPARATUS
  • G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
  • G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
  • G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
  • G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F9/00—Arrangements for program control, e.g. control units
  • G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
  • G06F9/44—Arrangements for executing specific programs
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
  • G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
  • G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
  • G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
  • G06Q20/355—Personalisation of cards for use
  • G06Q20/3552—Downloading or loading of personalisation data
• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07F—COIN-FREED OR LIKE APPARATUS
  • G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
  • G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
  • G07F7/0806—Details of the card
  • G07F7/0833—Card having specific functional components
  • G07F7/084—Additional components relating to data transfer and storing, e.g. error detection, self-diagnosis

Definitions

• the present invention relates to a terminal and a method of self-diagnosis or supervision and the portable object of the microcircuit card type used in such a method or terminal or reader.
• These objects include a Central Unit, a program memory containing executable code constituting the operating system, a non-volatile and programmable data memory and, one or more communication interfaces.
• Terminals are devices with an interface compatible with those of objects, they have a central processing unit and software capable of communicating and using data from the non-volatile memory of the portable object.
• the terminals are equipped with specific software corresponding to their use, for example, the portable payment terminals are provided with an operating program of the banking type.
• This software is produced or specified by the organization that manages this application, in the example cited, it is a banking organization.
• This organization is generally not the manufacturer of the terminal, it buys or has the hardware part made, that is to say, the terminal, it introduces the specific program in order to configure its terminal for its own application.
• the banking organization finds its advantage there by buying a standard product therefore inexpensive, and by adapting it according to its needs.
• the manufacturer offers a basic model that can suit several applications, which allows it to expand its market.
• the organization operating a given application may wish to have several models of card reader terminals, it is not desirable to develop application software for each terminal.
• This has led manufacturers to implement a basic software layer which provides the interface between hardware and application software.
• This software layer ensures adaptation between the same application software and different terminals.
• One way of doing this is to create an interpreter, so that the body can develop its application in well-known advanced language, almost independently of the constraints of the material.
• Another way to do this is to organize a software layer of low level which manages all the hardware inputs and outputs, and to make available to the organization operating a library of primitives that the application software will call.
• the validation or the test of the terminal must take into account the two parts: the hardware with its basic software and the application software.
• a self-test makes it possible to check each piece of equipment on the terminal; it generally consists of a routine implemented in the basic software.
• the testing of the application software must be carried out in the laboratory, it is important in this type of application to verify the operation of the program before it is put into service.
• the multiplicity of cards leads to a very large number of specific cases that cannot be reproduced in the laboratory.
• the purpose of the following invention is to validate or test the operation of application software under normal conditions of use.
• the invention relates to a terminal provided with an application program, of at least one output constituted either by a display, or by a printer, or by a communication network, or by a portable and cooperating object.
• a portable object provided with a non-volatile memory area containing data and comprising a reader communicating with said portable object, characterized in that the apparatus includes means for reading or storing in its memory diagnostic data or of supervision and a means of transmitting said data to specified outputs as a function of information supplied by the self-diagnosis or supervision data following the execution of at least one task of its application program in relation to the portable object.
• the means for transmitting the self-diagnostic data are activated a certain number of times.
• the means for transmitting the self-diagnosis or supervision data comprises means for writing to the portable object connected to the device.
• the self-diagnosis or supervision data consist of at least one triplet of information corresponding for a first piece of information to a determined task of the application program, for the second piece of information to a type of data correlated to the task executed and to be presented to an output, and for the third piece of information to a value of specification of the output to which the type of data must be presented among those present on the terminal.
• the device has a means of testing the presence of self-diagnosis or supervision data in a portable object and of triggering the reading and storage of this data in a specific zone ZTD of the memory of the terminal.
• the terminal includes means for introducing self-diagnostic or supervision data into a portable object.
• Another object of the invention is to propose a method for supervising the operation of a terminal or for self-diagnosis of a terminal.
• the method of self-diagnosis or of supervision starting from at least one triplet of information corresponding for a first information to a determined task of an application program executed either by a portable object or by a terminal, for the second information to a type of data correlated to the task executed and to be presented on an output and for the third information to a value of specification of the output among those present on the terminal is characterized in that it consists of:
• the method comprises a test step consisting in determining whether there are other tasks to be executed and, following the execution of these tasks, in searching for all the triplets of information corresponding to the execution of this task.
• the method comprises a step of reading a portable object memorizing in its non-volatile memory a plurality of triplets and a step of storing these triplets in a non-volatile memory area of the terminal followed by a step of activating a self-diagnostic function or active supervision indicator.
• the method comprises a test step to determine whether the portable object is a card specific to the self-diagnosis or supervision function or a so-called banal card.
• the self-diagnosis or supervision data are constituted by a fourth information field containing, at the start in the portable object the write address (Adr-V), the number of bytes to be written (Nb-V), after the self-diagnostic operation the value to be written (Val).
• Another object of the invention is to propose a portable object usable with the terminal and the self-diagnosis or supervision method.
• the portable object is a microprocessor card operating thanks to an operating system stored on the card and comprising a non-volatile memory containing at least one triplet of information in a determined zone of this non-volatile memory whose position is defined by address fields located in the memory part used to store the operating system.
• the part of non-volatile memory used to memorize the operating system also includes in a field memory information constituting a counter for use of the self-diagnosis function.
• the memory area storing the operating system includes a field making it possible to store an indicator for activating the self-diagnosis or supervision function.
• Figure 1 is an explanatory table of triples consisting of elementary tasks, types of data and types of outputs that can be associated with the execution of each of the tasks of an application program;
• FIG. 2 is a diagram of the non-volatile memory areas used on a portable test object necessary for implementing the method of the invention
• FIG. 3 represents the different stages of execution of the terminal initialization programs and of execution of the self-diagnostic function
• FIG. 4 represents a schematic view of the areas for storing information in the non-volatile memory of a portable object called commonplace;
• FIG. 5 represents the different stages of execution of a terminal initialization program and execution of the self-diagnostic function on this terminal with a so-called banal card.
• One way of carrying out the invention consists in a first variant, on the one hand, of using a microprocessor card operating thanks to an operating system stored on the card and constituting a "smart card called intelligent" which is previously initialized with self-diagnostic data, on the other hand to have these data taken into account by the terminal whose application software is to be tested.
• Application software in a terminal can be broken down into elementary tasks which follow one another at determined times. For example, for a banking application, we can break down a transaction by following basic tasks (Ti): Verification (T1, Fig. 1) if the card inserted is authorized, Authentication (12) of the bearer, Acquisition (T3) of the transaction data in the terminal, Recording of this data in the microcircuit of the card, Validation (T4) of the transaction in the terminal and the card.
• the application software manipulates data, this data can be used temporarily like, on the one hand the Code developed by the carrier (Cp) which is stored in the memory of the terminal , on the other hand the identity of the holder (Ip) which is stored in the card or also as the Amount of the transaction (Mt) or the Date of the transaction (Dt) which are stored in the terminal and the card.
• Cp Code developed by the carrier
• Ip identity of the holder
• Mt Amount of the transaction
• Dt Date of the transaction
• the self-diagnostic function of using the application software consists in checking the transaction data during certain tasks and this under normal conditions of use. This function can be performed either by the basic software or by the application software;
• the operator responsible for the control draws up a grid composed on one side of the identifiable elementary tasks denoted Ti and on the other side, data Dj consisting of information such as: Cp, Ip, Mt and Dt.
• Figure 1 shows an example of such a grid.
• the operator chooses to check the value of certain data when performing specific tasks. This amounts to associating a data item Dj with a task Ti, these associations are symbolized by crosses on the grid of FIG. 1.
• a third element of information Sk is added.
• the operator introduces the information triplets (Ti, Dj, Sk) into a special central unit called diagnostic, this central unit is equipped with a card reader.
• the diagnostic software is configured according to the application to be tested so that the triplets (Ti, Dj, Sk) are identified when entering on screen by the indication specifies basic tasks and data to be checked and not the numerical references Ti, Dj, Sk ...
• the card containing the self-diagnostic data is: either a special card or a common card commonly used for an application. A detailed description of an achievement is given for each case.
• test card (20, Fig. 2) is used to contain the self-diagnostic data.
• a security procedure is implemented to prevent a fraudster from being able to use such a card in an unauthorized manner.
• the test card contains, in the secret memory area not shown, a so-called diagnostic code "KD". This secret code must be presented beforehand to the card which verifies it and, if it is equal to a reference code, authorizes the writing of the self-diagnosis data in the programmable memory of the card.
• KD diagnostic code
• the non-volatile programmable memory of the test card has, in addition to the system zone ZS containing the operating system of the card and the zone (AZU other usable zone) allowing other memorizations, a zone (22) called "ZD". It is in this zone that the triplets (Ti, Dj, Sk) are stored successively.
• a first zone (220) of a memory allows the storage of the first triplet T1, D2, 1; a second zone (221) allows the storage of the second triplet T2, D1, 2; a third zone (222) allows the storage of the third triplet T3, D3, 1; a fourth zone (223) allows the storage of the fourth triplet D4, D3, 3; a fifth zone (224) allows the storage of the triplet T4, D4, 1; T1, T2, T3, T4, D1, D2, D3, D4 respectively representing the information in Figure 1.
• the portable object can include more or less triplet depending on the type of supervision or self-diagnosis that one wants to perform on the tasks executed by the application program.
• the ZD area is identified by its start address: "ADD_ZD" and its end address "ADF-ZD", the two address values are stored in the part (230, 231) of the programmable memory allocated to the exploitation.
• the non-volatile programmable memory is of EPROM, EEPROM, FeRAM, SRAM or FLASH type.
• Figure 2 describes the organization of this memory by taking up the information cited in FIG. 1.
• the data Dj is the physical address of the data to be checked in the working memory of the terminal.
• FIG. 3 is a flowchart illustrating the chronology of the events of the program consisting of a waiting and test sequence (1, 2, 3), the test triggering depending on the result being a loading sequence (4 to 7, Fig. . 3) of the terminal with the self-diagnostic data, either a sequence of execution of the self-diagnostic program (8 to 16, Fig. 3) which is incorporated either in the basic software of the terminal, or in the software of application.
• Step 1 is the initialization of the terminal after a power up and step 2 is the phase of waiting for an order or a card introduction.
• step 3 the terminal tests if the card inserted in the reader is a common card, and in step 4 if the card is a test card. In the latter case, the terminal performs in step 5 a procedure for authenticating the card by a reference code or, by a conventional challenge-response authentication scheme using an algorithm and a secret key (KD).
• KD secret key
• the terminal program reads in step 6 the information contained in the zone ZD.
• the selection and the localization of the triples are carried out using two pointers ADD_ZD and ADF-ZD.
• the triplets (Ti, Dj, Sk) successively read in the zone ZD are stored in the same order in a zone of the memory of the terminal called ZTD.
• the terminal program sets a self-diagnostic indicator "lnd_DT" in the terminal memory to the active state. Then the terminal program loops while waiting for an order or another card introduction in step 2.
• step 12 the data Dj must be sent to the network.
• a block of three data is then formed: the value of the Tt field, the reference Dj of the data to be analyzed and the value "Val" of this data extracted from the memory of the terminal.
• These blocks are stored one after the other in an area of the terminal memory called "ZDR". The content of this area is sent to the network at the end of the transaction or when the network requests self-diagnostic data. Once all the data has been transmitted, the ZDR area is emptied to be reused during a new card introduction.
• step 13 the data Dj must be sent to the printer of the terminal for printing.
• a message is then created in the printer's software buffer, it is composed of a text (ASCII code) recalling the nature of the data, for example "AMOUNT:” followed by the decimal or hexadecimal value of the data Dj, the message ends with a separator and a "RETURN TROLLEY - LINE JUMP". You can group all the self-diagnostic messages and print them at the end of the transaction.
• step 14 the data must be sent to the terminal display for display.
• a message is then created in the display buffer, composed of a text (ASCII code) recalling the nature of the data, for example "AMOUNT:” followed by the decimal or hexadecimal value of the data Dj.
• the messages corresponding to each element (Tt, Dj, "3") are displayed successively for a certain time fixed by the program. We can group all the messages and display them at the end of the transaction, the scrolling of the messages can be controlled by pressing a key on the terminal keyboard.
• step 11 the program loops back to step 11 and processes a new triplet.
• steps 17 and 18 do not exist and the self-diagnosis function is executed only once or, indefinitely, until a new insertion of the test card switches the indicator again. lnd_DT in the inactive position.
• the programmable memory of the common card contains in addition to the system zone ZS and the user zone ZU, a zone ZD which is identified by its start address: "ADD_ZD” and its end address "ADF-ZD” ( see figure 4).
• the programmable memory of the common card also contains in its system area at a location (232) an "lnd_D" indicator signaling whether the self-diagnostic function is active or not. All this data ADD-ZD, ADF-ZD, Ind-D is stored in slots (230, 231, 232), of the ZS part of the programmable memory allocated to the operating system.
• the two address values are determined and written during the personalization of the map of the ZD area, this method is simple to implement but has the disadvantage of requiring the reservation of an important location in all the maps that can be used for self-diagnosis.
• the location of the zone ZD can be allocated dynamically by the operating system of the card following the correct presentation of the KD code.
• the operator specifies on the map the number of triplets (Ti, Dj, Sk) or the number of bytes to reserve for ZD.
• the card's operating system searches the programmable memory for a sufficient blank slot. If the memory does not contain such a blank location, the operating system returns an error message and interrupts the procedure for entering the self-diagnostic data. Otherwise, there is enough space.
• the operating system stores the start address: "ADD_ZD" and the end address "ADF-ZD". We will see later how, after the execution of the self-diagnostic function, we can erase the presence of the ZD area and thus free this memory location.
• a security procedure is provided to prevent a fraudster from using a common card to enter self-diagnostic data.
• a challenge-response type mechanism with algorithm and secret code makes it possible to authenticate the operator and authorize the writing and reading (we will see why later) of the triplets in ZD.
• the Sk code can take a fourth value: 4, this value indicates that the value of the Dj data to be checked is entered in the card.
• the fifth triplet (225) in Figure 4 has this structure. When all the triples (Ti, Dj, Sk) (220 to 225) are entered in the ZD area, the "lnd_D" indicator is positioned active, signaling that the self-diagnostic function is active in this map.
• FIG. 5 shows the flow of operations when the card described above is inserted into a terminal.
• Step 1 is the initialization of the terminal after a power-up and step 2 is the waiting phase for a card introduction, the program continues, when the card is recognized as compatible with the application by recognition by the terminal of the presence of the necessary information.
• step 2 the program selects the entity corresponding to the application.
• the program selects the entity corresponding to the application.
• the program can perfectly ignore that the self-diagnostic function is active.
• step 3 the terminal tests whether the lnd_D indicator in the card is positioned active and therefore, whether the self-diagnostic function is operational.
• the indicator can be emitted either by a particular value in the bytes emitted by the card during power-up, or by a particular value emitted during the selection of the entity corresponding to the application used on the card. If lnd_D is active, the program goes to step 4. During this step 4, the zone ZD is read using the two address values ADD-ZD and ADF_ZD and all the triplets read in the card are stored in the terminal's ZTD memory.
• the operating system of the card returns in addition to the three values Ti, Dj and Sk, the address "Adr-v" in the fourth field reserved for entering the given in ZD and the number of bytes "Nb_v” of this field. For security reasons, read access to the ZD area of the card is only granted by the card's operating system if the lnd_D indicator on the card is active.
• Steps 3, 4 and 5 are parts of the initialization sequence of the dialogue between the common card and the terminal and are executed before the execution of the application program.
• the application software is broken down into basic tasks that can be individually tested.
• the basic software takes control and tests if the internal terminal diagnostic indicator is active (step 7). If this is active, in step 8, the program searches if there is an element (Ti, Dj, Sk) stored in the zone ZTD which has a field value Ti equal to that of Tt. If yes: there is a datum (referenced Dj) to be checked following the task which has just been executed, the value of this datum is then temporarily stored in the memory of the terminal.
• Sk it is processed as follows (step 9):
• step 10 the data Dj must be sent by the terminal to the network.
• a block of three data then consists of the value of the Tt field, the reference Dj of the data to be analyzed and the value "Val" of this data extracted from the memory of the terminal.
• These blocks are stored one after the other in an area of the terminal memory called "ZDR". The content of this area is sent to the network at the end of the transaction or during a request by the network for self-diagnostic data. Once all the data has been transmitted, the ZDR area is emptied to be re-used during a new card introduction.
• step 11 a message is created in the printer buffer, composed of a text (ASCII code) recalling the nature of the data, for example "AMOUNT:” followed by the decimal or hexadecimal value of the data Dj, the message ends with a separator and a "RETURN TROLLEY - SKIPPING".
• ASCII code a text recalling the nature of the data, for example "AMOUNT:” followed by the decimal or hexadecimal value of the data Dj
• step 12 a message is then created in the buffer of the display , composed of a text (ASCII code) recalling the nature of the data, for example "AMOUNT:” followed by the decimal or hexadecimal value of the data Dj.
• the messages corresponding to each element are displayed successively for a certain time fixed by the self-diagnostic software.
• all the messages can be grouped together and displayed at the end of the transaction, the scrolling of the messages can be controlled by pressing a key on the terminal keyboard.
• step 13 a fourth field is reserved for this use in ZD, the address " Adr-v "in this fourth field and the number of bytes" Nb_v "in this field were stored in the ZTD area when loading the self-diagnostic data into the terminal.
• the terminal therefore sends a write command to the card with the following parameters: Write address: Adr-v
• the operator may want to perform only one test of the card reader terminal, then the data must not leave the terminal.
• the data to be checked has a Sk type 4 field, a single storage is not possible.
• the card To restart the function again, the card must be programmed again by the operator.
• a terminal authorized to read them i.e. a terminal which is authenticated in the same way as when writing the self-diagnostic data.
• the entire zone ZD can be erased. This erasure can be caused by a special command or when writing to the ZD area for the first time. The erasure, justified by security, also frees up the space occupied by the ZD zone. This location can be used by the application.
• This "one-shot" style operation of the self-diagnostic function can be interesting, when a person returns his credit card to a bank branch by declaring that, on a certain type of payment terminal, his card "does not work ".
• the person returns to the merchant where the terminal to be tested is located, performs a transaction and returns to his agency which analyzes or has the information stored in ZD analyzed remotely.
• Single-shot operation is also useful for verifying the operation of a terminal suspected of fraud.
• a banking organization notices that transactions on a terminal are credited without there being any
• the banking organization will send controllers equipped with banal cards with the function of self-diagnosis. Upon their return, the data loaded in the card will be analyzed.

Landscapes

• Engineering & Computer Science (AREA)
• General Physics & Mathematics (AREA)
• Physics & Mathematics (AREA)
• Business, Economics & Management (AREA)
• Theoretical Computer Science (AREA)
• Software Systems (AREA)
• Accounting & Taxation (AREA)
• Strategic Management (AREA)
• Computer Networks & Wireless Communication (AREA)
• General Business, Economics & Management (AREA)
• Microelectronics & Electronic Packaging (AREA)
• General Engineering & Computer Science (AREA)
• Computer Security & Cryptography (AREA)
• Computer Hardware Design (AREA)
• Test And Diagnosis Of Digital Computers (AREA)

Applications Claiming Priority (3)

Publications (1)

Family

ID=9499124

Family Applications (1)

Country Status (12)

Families Citing this family (24)

Family Cites Families (8)

• 1996
  • 1996-12-24 FR FR9615997A patent/FR2757664B1/fr not_active Expired - Fee Related
• 1997
  • 1997-12-23 JP JP10528479A patent/JPH11504748A/ja active Pending
  • 1997-12-23 EP EP97952981A patent/EP0907937A1/de not_active Withdrawn
  • 1997-12-23 AR ARP970106133A patent/AR009843A1/es unknown
  • 1997-12-23 US US09/125,714 patent/US6253163B1/en not_active Expired - Fee Related
  • 1997-12-23 CA CA002247474A patent/CA2247474A1/en not_active Abandoned
  • 1997-12-23 BR BR9707597A patent/BR9707597A/pt not_active Application Discontinuation
  • 1997-12-23 WO PCT/FR1997/002388 patent/WO1998028720A1/fr not_active Application Discontinuation
  • 1997-12-23 KR KR1019980706599A patent/KR19990087204A/ko not_active Application Discontinuation
  • 1997-12-23 AU AU56682/98A patent/AU723514B2/en not_active Ceased
  • 1997-12-23 CN CN97192506A patent/CN1212065A/zh active Pending
• 1998
  • 1998-08-21 NO NO983851A patent/NO983851L/no not_active Application Discontinuation
• 2001
  • 2001-04-09 US US09/827,905 patent/US6505144B2/en not_active Expired - Fee Related

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events