CA2220279C - Identification medium with passive electronic data carrier - Google Patents
Identification medium with passive electronic data carrier Download PDFInfo
- Publication number
- CA2220279C CA2220279C CA002220279A CA2220279A CA2220279C CA 2220279 C CA2220279 C CA 2220279C CA 002220279 A CA002220279 A CA 002220279A CA 2220279 A CA2220279 A CA 2220279A CA 2220279 C CA2220279 C CA 2220279C
- Authority
- CA
- Canada
- Prior art keywords
- identification
- identification medium
- read
- application
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 230000008520 organization Effects 0.000 claims abstract description 33
- 230000006854 communication Effects 0.000 claims abstract description 29
- 238000013475 authorization Methods 0.000 claims abstract description 26
- 238000004891 communication Methods 0.000 claims abstract description 23
- 238000000034 method Methods 0.000 claims description 15
- 230000006870 function Effects 0.000 claims description 9
- 230000005540 biological transmission Effects 0.000 claims description 8
- 238000003860 storage Methods 0.000 claims description 5
- 241000252067 Megalops atlanticus Species 0.000 claims description 3
- 230000009182 swimming Effects 0.000 claims description 3
- 230000001360 synchronised effect Effects 0.000 claims description 3
- 101100264195 Caenorhabditis elegans app-1 gene Proteins 0.000 claims 2
- 230000000694 effects Effects 0.000 claims 1
- BALXUFOVQVENIU-KXNXZCPBSA-N pseudoephedrine hydrochloride Chemical compound [H+].[Cl-].CN[C@@H](C)[C@@H](O)C1=CC=CC=C1 BALXUFOVQVENIU-KXNXZCPBSA-N 0.000 abstract 1
- 239000002609 medium Substances 0.000 description 64
- 230000000875 corresponding effect Effects 0.000 description 11
- 239000000969 carrier Substances 0.000 description 8
- 102100032055 Elongation of very long chain fatty acids protein 1 Human genes 0.000 description 4
- 102100032050 Elongation of very long chain fatty acids protein 2 Human genes 0.000 description 4
- 101000771413 Homo sapiens Aquaporin-9 Proteins 0.000 description 4
- 101000921370 Homo sapiens Elongation of very long chain fatty acids protein 1 Proteins 0.000 description 4
- 101000921368 Homo sapiens Elongation of very long chain fatty acids protein 2 Proteins 0.000 description 4
- 238000010276 construction Methods 0.000 description 3
- 239000000463 material Substances 0.000 description 3
- 101100125012 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) ECM10 gene Proteins 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000002360 preparation method Methods 0.000 description 2
- 238000004804 winding Methods 0.000 description 2
- 229910000859 α-Fe Inorganic materials 0.000 description 2
- 101100269674 Mus musculus Alyref2 gene Proteins 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 239000000789 fastener Substances 0.000 description 1
- 210000000245 forearm Anatomy 0.000 description 1
- 230000003455 independent Effects 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/08—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers from or to individual record carriers, e.g. punched card, memory card, integrated circuit [IC] card or smart card
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/357—Cards having a plurality of specified features
- G06Q20/3576—Multiple memory zones on card
Abstract
The identification medium with passive electronic data carrier and contac t- less, encoded communication with an associated read and write station WR has in a memory (42) a data organization with a common data field CDF, with invariable, uncopiable master data (44), with a segmentable applica- tion data field ADF, in which several independent applications can be written in application segments (S1, S2, S3). A hierarchical authorization system A valid for all the identification media IM-S and all the read and write stations WR is established, with which each identification medium IM-S must be initialized and which ensures the mutual uninfluenceability of all the independent applications.
Description
IDENTIFICATION MEDIUM WITH A PASSIVE ELECTRONIC DATA CARRIER
The invention relates to an identification medium with a passive electronic data carrier which has a processor, a control electronics, a memory, and an antenna for a contactless transmission of HF signals as coded communications to an associated read and write station, the identification medium for several independent applications of several independent users with several associated read and write stations, and a method for initialising such an identification medium. Such identification media are known for various applications, e.g. as access cards for specific areas of a company (electronic code), for time management, as access media for the use of equipment, e.g. data systems, or also as credit/debit card systems for procuring services. For each independent application an independent medium is required, e.g. in the form of a card or an electronic code. A new application which a user wishes to apply, requires an additional new medium. Thus, a user wishing to use various applications must carry a corresponding number of individual media. This is both costly and cumbersome and there is also a risk of losing or forgetting one of said numerous media or cards and then not to have some available when required.
The problem of the invention is therefore to overcome the inadequacies and restrictions of the hitherto known solutions and to provide an identification medium with which several independent applications an be used with a single medium. The handling must be simple and contactless and must reliably operate in hands free manner. The security of the transmitted data must be guaranteed also with respect to faults, losses, including attempted fraud and the independence of the different applications must be so secured that no undesired influencing of other applications is possible. It is also desirable for additional applications to be subsequently includable on the same identification medium.
According to the invention this problem is solved by an identification medium wherein a memory has a data organization with a common data field, which contains invariable and uncopiable master data with a unique record number having a segmentable application data field, in which several independent applications (Appl, App2, App3) can be entered in application segments (S 1, S2, S3), each application segment containing a segment identification and where a valid hierarchical authorization system is established for all the identification media and all the associated read and write stations and with which must be initialized each identification medium and which ensures a mutual uninfluenceability of all the independent applications with their application segments (Sl, S2, S3).
The invention is described in greater details hereinafter relative to embodiments and the attached drawings, wherein show:
The invention relates to an identification medium with a passive electronic data carrier which has a processor, a control electronics, a memory, and an antenna for a contactless transmission of HF signals as coded communications to an associated read and write station, the identification medium for several independent applications of several independent users with several associated read and write stations, and a method for initialising such an identification medium. Such identification media are known for various applications, e.g. as access cards for specific areas of a company (electronic code), for time management, as access media for the use of equipment, e.g. data systems, or also as credit/debit card systems for procuring services. For each independent application an independent medium is required, e.g. in the form of a card or an electronic code. A new application which a user wishes to apply, requires an additional new medium. Thus, a user wishing to use various applications must carry a corresponding number of individual media. This is both costly and cumbersome and there is also a risk of losing or forgetting one of said numerous media or cards and then not to have some available when required.
The problem of the invention is therefore to overcome the inadequacies and restrictions of the hitherto known solutions and to provide an identification medium with which several independent applications an be used with a single medium. The handling must be simple and contactless and must reliably operate in hands free manner. The security of the transmitted data must be guaranteed also with respect to faults, losses, including attempted fraud and the independence of the different applications must be so secured that no undesired influencing of other applications is possible. It is also desirable for additional applications to be subsequently includable on the same identification medium.
According to the invention this problem is solved by an identification medium wherein a memory has a data organization with a common data field, which contains invariable and uncopiable master data with a unique record number having a segmentable application data field, in which several independent applications (Appl, App2, App3) can be entered in application segments (S 1, S2, S3), each application segment containing a segment identification and where a valid hierarchical authorization system is established for all the identification media and all the associated read and write stations and with which must be initialized each identification medium and which ensures a mutual uninfluenceability of all the independent applications with their application segments (Sl, S2, S3).
The invention is described in greater details hereinafter relative to embodiments and the attached drawings, wherein show:
Fig. 1 An identification medium according to the invention with segmented application data field ADF (Application data field).
Fig. 2 An associated decentralized read and write station WR (Write).
Figs. 3a, b The structure of an identification medium with a large-area antenna.
Figs. 4a, b Data organizations with a common data field and segmented application data field with several application segments.
Fig. 5 A data organization of an application segment with segment header SCDF
(Segment header) and application data field SADF (Segment application data field).
Fig. 6 A data organization of an application segment with implemented stamp.
Fig. 7 The association between the organization level and implemented stamp.
Fig. 8a, b The hierarchical authorization concept A of the system for all identification media and all associated read and write stations with organization levels.
Fig. 9 The link between the organization level and data organization.
Fig. 10 The uncopiable production of identification media.
Fig. 11 The fimction and sequence of communication between an identification medium and a read and write station Fig. 12 The function of a shadow memory in the application data field.
Fig. 13 A common cash segment as an application segment in application data field ADF (Appticadon data field).
Fig. 2 An associated decentralized read and write station WR (Write).
Figs. 3a, b The structure of an identification medium with a large-area antenna.
Figs. 4a, b Data organizations with a common data field and segmented application data field with several application segments.
Fig. 5 A data organization of an application segment with segment header SCDF
(Segment header) and application data field SADF (Segment application data field).
Fig. 6 A data organization of an application segment with implemented stamp.
Fig. 7 The association between the organization level and implemented stamp.
Fig. 8a, b The hierarchical authorization concept A of the system for all identification media and all associated read and write stations with organization levels.
Fig. 9 The link between the organization level and data organization.
Fig. 10 The uncopiable production of identification media.
Fig. 11 The fimction and sequence of communication between an identification medium and a read and write station Fig. 12 The function of a shadow memory in the application data field.
Fig. 13 A common cash segment as an application segment in application data field ADF (Appticadon data field).
Fig. 14 An example of the data organization with common cash segment.
Fig. 15 The system compatibility of segmented and unsegmented ident-ification media.
Fig. 16 An example of a system with several independent applications, with several read and write stations and several segmented identification media.
Fig. 17 A use example of a system at a holiday location with several independent applications.
Figs. 18 & 19 Examples of identification media, which can be carried as identification carriers on a personal bracelet.
Fig. 1 diagrammatically shows an identification medium IM-S according to the invention with integrated passive data carrier MI, whose operating energy is supplied by the read and write station WR and intercepted by means of a HF antenna 45. The data carrier MI has a highly integrated special chip (ASIC) with a processor 41, a data store 42 (e. g. in the form of an EEPROM) as well as a control electronics 43. The control electronics and processor.control the entire external and internal data exchange, encode the transmission data and decode the received data and contain the entire high frequency part for supplying the antenna 45, including the clock preparation and synchronization for receiving energy and data from the transmitting station WR.
The antenna 45 can have a relatively large-area construction, as shown in fig. 3b, so that there is a relatively large communication range R for all applications or application segments S1, S2, S3.
Arrow 20 illustrates the HF communication with the read and write station WR (cf. fig. 2). The data carrier MI contains an invariable system program with security functions such as check sum control CRC and encrypting algo-rithms 52. The data store or memory 42 contains several independent application segments S1, S2, S3 for freely available applications of independent users or licensees (SSC). As will be explained hereinafter, the memory 42 has a data organization with a common data field CDF, which contains invariable, uncopiable master data with a unique record number 44, with a segmental application data field ADF, in which can be written or entered several independent applications (Appl, App2, App3) in application segments S1, S2, S3, each application segment containing a segment identi-fication. For all the identification media IM-S and all the associated read and write stations WR is fixed a hierarchical authorization system A
with which each identification medium IM-S must be initialized and with which is ensured the mutual uninfluenceability of all the independent applications with their application segments S1, S2, S3 (figs. 8 and 10).
As a result of this construction the identification carrier according to the invention cannot be read out or modified with respect to any appl~ca-tion and is also not hardware-duplicatable.
Fig. 2 diagrammatically shows an autonomous read and write station WR
functioning in decentralized manner associated with the identification media IM-S for the contactless communication with said media IM-S. The read and write station has a security module SM-S, a separate transmitting and receiving antenna 54, a power supply and an additional interface to a master computer 75. The security module SM-S contains all the communica-tions functions with the data carriers MI or an associated application segment of the identification medium. This comprises the HF preparation, encrypting and checking the data for correct transmission, the checking of the read and write authorization, an identification medium or application segment through said read and write station and communication with a master computer. The security functions comprise encoding and decoding the data, identifying the data carrier MI and the relevant application segment, as well as the calculation of check sums (CRC) for the error-free data trans-mission. The communication sequence between identification media IM-S and read and write stations WR will be explained hereinafter relative to fig.
11.
Figs. 3a and 3b show in two views the structure of an identification medium IM-S With a data carrier MI and an antenna 45. These elements are prefer-ably constructed in one piece and for this purpose are e.g. placed on a printed circuit 46. As is apparent from fig. 3, the antenna area can be made relatively large, so that for all the applications and application segments of an identification medium IM-S, particularly good communications characteristics can be achieved. These are in particular a large range R
of up to several decimetres and a large solid angle range W, in which communication can take place, and an extensive independence of the relative positioning of the identification medium and the associated read and write station WR. As it is possible with a single identification medium IM-S
according to the invention to replace numerous hitherto individual iden-tification media with in each case only one application, the said multi-identification medium IM-S can be given a correspondingly greater degree of complication, e.g. having a large antenna and further characteristics improving communications and range. In addition, naturally a considerable cost saving is also achieved.
Figs. 4 to 6 illustrate the data organization of the memory 42 of the segmented identification media IM-S according to the invention. Preferably the variable memory 42 as an EEPROM has at least a 256 byte storage loca-tion. As a function of requirements, i.e. in accordance with the number and size of the application segments provided S1, S2, S3, etc., which must be housed in an identification medium IM-S, it is also possible to use a larger memory, e.g. with 1 Kbyte, 4 Kbytes, etc. The memory size of each application segment is advantageously freely selectable, so that as a func-tion of needs and up to the filling of the entire memory capacity, one application after the other can be entered in an identification medium IM-S.
Fig. 4a shows a data organization with a segmented application data field ADF, which here has three application segments S1, S2, S3 of different sizes. These three segments correspond to three independent applications Appl, App2, App3 of three independent users or licensees with licensee numbers SSC1, SSC2 and SSC3. In the case of the hitherto known, unsegmen-ted identification media, a separate medium IM1, IM2 and IM3 was necessary for each application.
The example of fig. 4b shows a data organization of an identification medium IM-S, which has an independent application App2 of a licensee SSC2, which has more than one application segment (here the application segments S2.1 and S2.2). In principle, the licensee SSC2 within the framework of the application App2 can also fix certain connections between the segments S2.1 and S2.2 at a lower organization level OL2. This Will be explained hereinafter relative to figs. 7 to 10. Here again the applications Appl, App2 and App3 are completely independent of one another.
Fig. 5 shows a data organization of an application segment S1 with a segment header SCDF1 and an application date field SADF1. In the segment header SCDF are established valid information and conditions for the part-icular segment(S1). The data field SADF1 is freely available for the appli-cation. Each application segment has in the segment header SCDF a user number SSC, as well as read and write conditions for the application segment. Preferably the following read and write conditions are estab-lished:
~WRP = write-protect, this establishes the number of write-protected bytes in the memory.
WRC ~ write condition, which determines which read and write stations may read and write the identification medium, these only being read and write stations containing a corresponding launch data set.
RD = read disable, which means a read protection, i.e. the establishing as to where the data carrier may and may not be read.
With these conditions each identification medium IM-S establishes which stations it can read or write. Each application segment advantageously also contains an indication of the segment length LEN and a check sum control CRC of this application.
On launching a read and write station WR associated with the identification media IM-S, within the framework of the authorization system A by means of a special launching medium a launch data set is entered in the read and write station WR containing the authorization to process an identification medium corresponding to said launch data set. Each launch data set begins with the user number SSC, corresponding to the independent application, and the launch data set also establishes these read and write conditions.
Thus, an unlaunched read and write station WR cannot read and write a protected identification medium.
Fig. 6 illustrates the implementing of the stamp of each segment, e.g. here application segment S1. The implementing of said base data is explained in greater detail relative to figs. 7 to 9.
The necessary implementing of the stamp is further illustrated in fig. 7.
The length of the implemented stamp increases proportionally to the organization level OL. Here, e.g. the stamp increases by 1 byte if the organization level OL increases by one stage, e.g. from OL2 to OL3.
Figs. 7 to 9 illustrate the authorization concept A valid for all identifi-cation media and all associated read and write stations of the system, with the hierarchical organization levels and the necessary transmission of stamps, with which the general maintaining of the system rules is ensured.
Figs. 8a, b illustrate the hierarchical authorization concept A, which applies to all data carriers MI and to all read and write stations WR, as well as to all authorization data carriers AMI and programming stations WRI
of the system and which has hierarchical organization stages or levels 0L0, OL1, OL2, OL3, OL4, etc.
The highest stage, organization level OLO, corresponds to the system stage, i.e. the owner or licensor 10 of the entire system.
The next lower stage OL1 corresponds to different, independent users or licensees 101, 102, 103, etc. of the system, e.g. different firms, corpor-ations, municipalities, etc. This stage also corresponds to different independent applications, i.e. each independent licensee and each indepen-dent application is allocated a SSC number, which differentiates the same from all other SSC numbers.
The next lower stage OL2 corresponds to different uses 101.1, 101.2 of a user 101, e.g. different subsidiaries of a company 101.
The next stage OL3 corresponds to different areas of a use, e.g. areas g _ 101.11 of subsidiary 101.1 and areas 101.21, 101.22 of subsidiary 101.2.
The next stage OL4 corresponds to different subareas of 101.21, 101.22, etc.
This hierarchical authorization system ensures that different independent applications Appl, App2, App3, etc. cannot mutually influence in any way independent users 101, 102, 103, but a user, e.g. 101, can freely establish the organization in his area, i.e. as from OL2. This is illustrated by the separation lines 70 in fig. 8. This guarantees that no misuse of any nature is possible from this side, because e.g. applications of 101 are not generally authorized in 102 and 103.
With each downward step of an organization stage OLn to OLn+1 in this~auth-orization system the powers of the data carrier are limited, so that they only apply downwards, i.e. for organization stages with a higher number.
For this purpose in the application segments of a specific organization stage all the fixed-written data of the higher organization stage are necessarily entered, i.e. quasi-inherited, as is illustrated in fig. 9.
For each lower organization stage OLn+1 an additional memory part is fixed-written in the memory 42 and simultaneously all the data of the higher organization stage OLn are taken over. Thus, successively e.g. 10, 101, 101.1, 101.11 are entered in the memory parts of the organization stages OLO, OL1, OL2, OL3. Whereas, as explained hereinbefore, in known unseg-mented identification media an independent medium IM was required (mono-media) for each independent application (101, 102, 103, etc.), it is now possible in the manner shown in fig. 8b to combine several, randomly select-able, independent applications on a single identification medium IM-S
(multimedium). For example, more than 100 independent applications or licensee numbers SSC can exist and in the segmented identification medium IM-S, it is in principle possible to receive a randomly large number of such independent application segments, provided that the storage capacity of the medium allows it.
This authorization principle is made clear by fig. 10, which illustrates the production or initialization of identification media with data carriers MI. All the data carriers or identification media of the system must be produced as a slave medium 72 by means of a master medium 71 (as authoriz-ation data carriers AMI) and a special programming read/write station WRI.
To a new and as yet unwritten identification medium or an application seg-ment (here e.g. S2) of the system must necessarily be transmitted a non-erasable stamp 71 for the application S2 to the slave medium 72 and is so-to-speak inherited or implemented. This takes place in accordance with the rules of the hierarchical authorization system A. The identification med-ium produced (as slave medium 72) is also initialized by the master medium 71 as the authorization data carrier AMI. This initialization is the pre-requisite for the authorization for use of the application segment S2 and identification medium IM-S in the system. Only initialized identification media and application segments are authorized as valid by the read and write stations WR of the system. Each authorization medium AMI contains a user number SSC, so that it can only initialize and write application segments with the same user number SSC.
Fig. 11 shows the communication 20 between a read and write station WR with security module SM-S and a data carrier MI or an application data field S2 of the identification medium IM-S. The necessary electromagnetic HF field energy (e. g. with a carrier frequency of 13 MHz) is transmitted together with the modulated information from the read and write station WR to the data carrier MI. At the latter the field energy is collected by the antenna 45 and used for the operation of the passive data carrier MI, as well as for transmitting the encoded information to the WR. A particularly rational perforanance of this information transmission involves the carrier frequency modulating in one direction e.g. from the read and write station WR to the data carrier MI by pulse modulation and in the opposite direction (from MI to WR) by load modulation.
Fig. 11 now illustrates an interception-proof sequence of the communication between the read and write station WR and an application segment S2 of the identification medium IM-S. As soon as an identification medium enters the field of a read and write station WR, there is an automatic start of the sequence for synchronizing WR and IM-S.
For each new identification process the read and write station WR produces new initialization data 51 (e.g. in the form of random numbers) and transmits same to the identification medium 20.1. Here there is a linking of said initialization data 51 with a fixed-stored encrypting code 52 of the identification medium. The encoded result (a code word) is then transmitted back to the read and write station 20.2.
This information is then decrypted in the security module SM-S and a check is made 53, i.e.
decoded with the code 52 also stored in WR and is compared with the original random initialization data 51. On the basis of this result the WR can establish what type of medium is involved.
Subsequently and without interruption, there can be a synchronized communication 20.3 between the read and write station WR and the application segment S2 of the identification medium IM-S.
Using this method the clock generators and code generators of WR and IM-S are synchronized.
After the communication process with an application segment has been concluded or broken off, each new communication (with the same or a different application segment) must again start with new initialization data 51. A recording of the transmitted data and a subsequent feeding back into the field is consequently impossible, because the original initialization data 51 are no longer valid. It is therefore impossible to produce copies of functioning identification media.
In addition, the transmitted data are checked by a NRC check, i.e. by a check sum control, in which e.g. useful data are linked with master data of the data carrier MT.
'Thus, faulty data transmissions are substantially excluded. This is in particular important if sensitive data or value changes are entered by an authorized read and write station in an application segment and where newly entered data must be checked prior to their acquiring validity. Thus, this communication sequence ensures that there is no interception of the communication can be misused for producing fraudulent application segments on the identification media.
Fig. 12 shows as a further security element a shadow memory in the application memory ADF. If a communication process between the identifica-tion medium 1M-S and read and write station WR is disturbed or interrupted, where new sensitive data are entered in the data carrier, it 1s important that no sensitive data are lost or undesirably modified. Therefore such a co~munication process with sensitive data should either be performed com-pletely and correctly or an incomplete or incorrect data transfer must be cancelled as a whole. Such a disturbance or interruption of a communica-tion process can in particular occur if the identification medium is removed from the transmitting area R of the read and write station during the communication process. By means of a shadow memory shad in the identi-fication medium it is now ensured that each communication process is either completely entered or is not entered at all. Firstly the old data in the ADF or in a segment are transmitted into the shadow memory and checked.
When the old data are correctly present in the shadow memory, the new data are transmitted by the read and write station into the application segment and checked there. If said transmitted new data are complete and correct, they remain in valid form in the application segment. If the new data have not been correctly and completely transmitted, all the new data in the application segment are erased and once again the old data are written back from the shadow memory into the application segment. Subsequently the communication process can be repeated in the same way until the new data have been correctly and completely entered in the application segment of the identification medium.
Fig. 13 shows as an important application example a common cash segment as an application segment Scash in the identification medium to which other authorized application segments S1, S2, S3 are to have access. Access to the application segments takes place by means of a system code in a refer-ence area Ref. Each segment also has a segment reference area Refl, Ref2, Ref3. Thus, the common cash segment Scash at an associated read and write station can be charged as a money charging station in accordance with a paid in sum. This credited sum on the identification medium IM-S can be successively used up at different stations of the application segments S1, S2, etc. The individual sums are charged to the corresponding appli-cation segments S1, S2, etc. The deductions on the side of the identifi-cation medium IM-S consequently correspond to the settlements on the side of the application stations WR.
Fig. 14 shows an example of a data organization of a common partial segment Sca-sh with a segment header SCDF, a reference area with a system code SC, a shadow memory shad, the cash segment cash and the check sum controls CRC
with respect to said areas.
Fig. 15 illustrates the system compatibility of segmented identification media IM-S (multi) and unsegmented identification media IM (mono) with res-pect to the associated read and write station WR With corresponding secur-ity modules SM-S (multi) and SM (mono), as well as With the associated programming read and write stations WRI with security modules MSM-S (multi) and MSM (mono). As can be gathered from fig. 15, the system is upwardly compatible, i.e. mono-identification media can be additionally processed or produced by segmented security modules SM-S of the read and write stations and security modules MSM-S of the programming stations. Thus, in the system With segmented media IM-S can also be used unsegmented media IM, or an existing system with mono-media can be additionally equipped with mufti-media IM-S. The securing of this compatibility takes place by the data organization in the system data field SDF of the segmented identifica-tion media IM-S.
Fig. 16 diagrammatically illustrates a system having several independent applications, here With segmented identification media IM-S, which have a random number of combinations of application segments from S1 to S20. The independent applications Appl to App20 correspond to the independent licen-sees or users with numbers SSC1 to SSC20 and they correspond to the appli-cation segments S1 to S20. The associated decentralized and autonomously operational read and write stations WR have launch data sets for one or more applications S1 to S20. The read and write stations WR are addition-ally connectable to a master host computer 75. Into this system are also incorporated unsegment identification media IM, as shown by the example with S20. This corresponds to the system compatibility according to fig.
15.
Fig. 17 shows as an example a system in a geographical region, e.g. in a vacation region, with the independent users SSC1 to SSCS with the corres-ponding independent applications and application segments S1 to S5. Appli-cations S1 and S2 are two different mountain railway and ski lift regions, which are managed by the corresponding railway companies as users SSC1 and SSC2.
Application S3 is a public bus, swimming pool, sports facilities, parking garages and a hotel, which are managed by the municipality as SSC3.
Application S4 is various shops, Which are managed by an association of individual owners as user SSC4.
Application S5 consists of telephone and postal services controlled by the PTT as user SSCS.
Application segment S5 has its own cash segment, whereas segments S1 to S4 have a joint cash segment Scash.
Here, a segmented identification medium IM-S according to the invention, can in principle have random combinations of segments S1 to S5 and the individual segments, corresponding to the establishment of the correspond-ing user, can again be freely structured (cf. fig. 8).
Another example is a system with various companies as independent users.
Application segments can be available to in each case one company or the employees thereof. Other application segments can be jointly operated by two or more companies, e.g. for a common infrastructure and equipment, whilst further application segments can be available to outsiders as well as to company employees, e.g. a personnel restaurant or a swimming pool and different use prices can be established for different users.
The identification medium can be additionally combined with a personal encoding function, in order to be able to satisfy particularly high secur-ity requirements in specific applications. For this purpose, use can e.g.
be made of a PIN code or biometric data codes. Personal biometric data, such as e.g. fingerprints or finger, hand and head geometries can be estab-lished and compared with corresponding codes 33 stored in the data carrier MI (figs. 1, 3b and 18b) for the purpose of personal identification and verification of an authorized user.
The identification media IM-S can be implemented in various, per se known forms, e.g. as cards. However, they can also be combined with another element, e.g. with a personal article, such as a bracelet, which is always worn by a person. As a result of this combination or connection of Identi-fication medium and carried or worn personal article, it is ensured that the identification medium is always carried and therefore always available to the authorized person when it is required. As opposed to this, cards can be forgotten in pockets of clothing.
Fig. 18 shows an example of a portable identification carrier 1 as an identification medium IM-S in two views 18a, 18b. The identification carrier is interchangeably fixed in a suitable position to a personal brace-let PA worn on the arm 11. The identification carrier consists of a separ-ate, flat carrier element 1 and a detachable fastening device 3, which allows a replacement of the personal bracelet PA. The carrier element 1 contains the passive, integrated electronic data carrier MI with processor, electric circuit and memory, as well as an antenna 45 surrounded by a diel-ectric 4, here on both sides by a dielectric covering layer. The antenna 45 (here in the form of an antenna loop) has at least partly open antenna radiating surfaces FAO, which are not covered by electrically conductive parts or electromagnetically opaque material of the personal bracelet. An illustration is provided in fig. I9. For optimum adaptation to the round-ness of the arm 11 and the bracelet, the data carrier can be easily bend-able and is advantageously made from flexible material, e.g. plastic. The fastening device 3 is here connected in one piece to the carrier element 1 and comprises e.g. one or two bands 8 with in each case opposite, inter-connectable ends. The carrier element 1 is fitted beneath the bracelet PA, i.e. between the arm 11 and bracelet. The ends of 8 surround the bracelet PA, so that, facing the arm 11, they can be closed together over the brace-let PA. The length of the closure is adjustable in such a way that it can be adapted in optimum manner to different cross-sectional circumferences of the personal bracelet PA and for this purpose e.g. positive closure elements are placed on the ends of 8 (fig. 19).
Figs. 18a, b illustrate an example of fastening devices with Velcro fast-eners 15 at both band ends of a wide, central band 8. On one band end is fitted the loop part 15.2 of the Velcro fastener and the counterpart, i.e.
the hook part 15.1, is located on the other band end. The length of these two Velcro fastener parts 15.1 and 15.2 is chosen in such a way that it is possible to achieve a maximum length change DL of the fastener, adapting to personal bracelets PA of different sizes. The Velcro fastener allows a particularly simple and practical replacement.of the personal bracelet PA.
In the case of a suitable design as regards material and position of the two Velcro fastener parts 15.1 and 15.2, it is possible to achieve a secure closure or fastening, which does not open under normal conditions of use.
In the view of fig. 18b, in the cross-section for the personal bracelet PA, the structure of the carrier element is shown with a data carrier MI, as well as with a flat antenna 45, which can e.g. be applied as an air loop or winding to a printed circuit. On either side of the antenna is applied a dielectric covering 4, which has a thickness D1 of e.g. preferably at least 0.5 mm and which can e.g. be 0.5 to 1 mm.
In another construction the carrier element 1, e.g. together with the fast-ening device 3 as an elastic fastening can form a clamp embracing the bracelet PA. In a further variant there is a fastening procedure using four elastic tabs, which are fitted as a fastening device to the corners of the carrier element and can be clipped onto the personal bracelet PA. The carrier element 1 and fastening device 3 can also be constructed as two separable and firmly assemblable parts. Another variant is formed by ferrite antennas in place of loop antennas, e.g. in the form of a flat ferrite rod with electric winding, whose axis is parallel to the forearm 11.
Various positions are possible with respect to the bracelet PA. The car-rier element 1 can be placed below the bracelet, on the top of the bracelet or laterally alongside the bracelet.
Fig. 19 shows an example with a wristwatch 21 as a personal bzacelet PA, which positions the carrier element 1 below the bracelet and alongside the watch 22 and which is fixed by a band 8 as the fastening device. Here again there are relatively large, open antenna radiating surfaces FAO not covered by the bracelet PA.
Fig. 15 The system compatibility of segmented and unsegmented ident-ification media.
Fig. 16 An example of a system with several independent applications, with several read and write stations and several segmented identification media.
Fig. 17 A use example of a system at a holiday location with several independent applications.
Figs. 18 & 19 Examples of identification media, which can be carried as identification carriers on a personal bracelet.
Fig. 1 diagrammatically shows an identification medium IM-S according to the invention with integrated passive data carrier MI, whose operating energy is supplied by the read and write station WR and intercepted by means of a HF antenna 45. The data carrier MI has a highly integrated special chip (ASIC) with a processor 41, a data store 42 (e. g. in the form of an EEPROM) as well as a control electronics 43. The control electronics and processor.control the entire external and internal data exchange, encode the transmission data and decode the received data and contain the entire high frequency part for supplying the antenna 45, including the clock preparation and synchronization for receiving energy and data from the transmitting station WR.
The antenna 45 can have a relatively large-area construction, as shown in fig. 3b, so that there is a relatively large communication range R for all applications or application segments S1, S2, S3.
Arrow 20 illustrates the HF communication with the read and write station WR (cf. fig. 2). The data carrier MI contains an invariable system program with security functions such as check sum control CRC and encrypting algo-rithms 52. The data store or memory 42 contains several independent application segments S1, S2, S3 for freely available applications of independent users or licensees (SSC). As will be explained hereinafter, the memory 42 has a data organization with a common data field CDF, which contains invariable, uncopiable master data with a unique record number 44, with a segmental application data field ADF, in which can be written or entered several independent applications (Appl, App2, App3) in application segments S1, S2, S3, each application segment containing a segment identi-fication. For all the identification media IM-S and all the associated read and write stations WR is fixed a hierarchical authorization system A
with which each identification medium IM-S must be initialized and with which is ensured the mutual uninfluenceability of all the independent applications with their application segments S1, S2, S3 (figs. 8 and 10).
As a result of this construction the identification carrier according to the invention cannot be read out or modified with respect to any appl~ca-tion and is also not hardware-duplicatable.
Fig. 2 diagrammatically shows an autonomous read and write station WR
functioning in decentralized manner associated with the identification media IM-S for the contactless communication with said media IM-S. The read and write station has a security module SM-S, a separate transmitting and receiving antenna 54, a power supply and an additional interface to a master computer 75. The security module SM-S contains all the communica-tions functions with the data carriers MI or an associated application segment of the identification medium. This comprises the HF preparation, encrypting and checking the data for correct transmission, the checking of the read and write authorization, an identification medium or application segment through said read and write station and communication with a master computer. The security functions comprise encoding and decoding the data, identifying the data carrier MI and the relevant application segment, as well as the calculation of check sums (CRC) for the error-free data trans-mission. The communication sequence between identification media IM-S and read and write stations WR will be explained hereinafter relative to fig.
11.
Figs. 3a and 3b show in two views the structure of an identification medium IM-S With a data carrier MI and an antenna 45. These elements are prefer-ably constructed in one piece and for this purpose are e.g. placed on a printed circuit 46. As is apparent from fig. 3, the antenna area can be made relatively large, so that for all the applications and application segments of an identification medium IM-S, particularly good communications characteristics can be achieved. These are in particular a large range R
of up to several decimetres and a large solid angle range W, in which communication can take place, and an extensive independence of the relative positioning of the identification medium and the associated read and write station WR. As it is possible with a single identification medium IM-S
according to the invention to replace numerous hitherto individual iden-tification media with in each case only one application, the said multi-identification medium IM-S can be given a correspondingly greater degree of complication, e.g. having a large antenna and further characteristics improving communications and range. In addition, naturally a considerable cost saving is also achieved.
Figs. 4 to 6 illustrate the data organization of the memory 42 of the segmented identification media IM-S according to the invention. Preferably the variable memory 42 as an EEPROM has at least a 256 byte storage loca-tion. As a function of requirements, i.e. in accordance with the number and size of the application segments provided S1, S2, S3, etc., which must be housed in an identification medium IM-S, it is also possible to use a larger memory, e.g. with 1 Kbyte, 4 Kbytes, etc. The memory size of each application segment is advantageously freely selectable, so that as a func-tion of needs and up to the filling of the entire memory capacity, one application after the other can be entered in an identification medium IM-S.
Fig. 4a shows a data organization with a segmented application data field ADF, which here has three application segments S1, S2, S3 of different sizes. These three segments correspond to three independent applications Appl, App2, App3 of three independent users or licensees with licensee numbers SSC1, SSC2 and SSC3. In the case of the hitherto known, unsegmen-ted identification media, a separate medium IM1, IM2 and IM3 was necessary for each application.
The example of fig. 4b shows a data organization of an identification medium IM-S, which has an independent application App2 of a licensee SSC2, which has more than one application segment (here the application segments S2.1 and S2.2). In principle, the licensee SSC2 within the framework of the application App2 can also fix certain connections between the segments S2.1 and S2.2 at a lower organization level OL2. This Will be explained hereinafter relative to figs. 7 to 10. Here again the applications Appl, App2 and App3 are completely independent of one another.
Fig. 5 shows a data organization of an application segment S1 with a segment header SCDF1 and an application date field SADF1. In the segment header SCDF are established valid information and conditions for the part-icular segment(S1). The data field SADF1 is freely available for the appli-cation. Each application segment has in the segment header SCDF a user number SSC, as well as read and write conditions for the application segment. Preferably the following read and write conditions are estab-lished:
~WRP = write-protect, this establishes the number of write-protected bytes in the memory.
WRC ~ write condition, which determines which read and write stations may read and write the identification medium, these only being read and write stations containing a corresponding launch data set.
RD = read disable, which means a read protection, i.e. the establishing as to where the data carrier may and may not be read.
With these conditions each identification medium IM-S establishes which stations it can read or write. Each application segment advantageously also contains an indication of the segment length LEN and a check sum control CRC of this application.
On launching a read and write station WR associated with the identification media IM-S, within the framework of the authorization system A by means of a special launching medium a launch data set is entered in the read and write station WR containing the authorization to process an identification medium corresponding to said launch data set. Each launch data set begins with the user number SSC, corresponding to the independent application, and the launch data set also establishes these read and write conditions.
Thus, an unlaunched read and write station WR cannot read and write a protected identification medium.
Fig. 6 illustrates the implementing of the stamp of each segment, e.g. here application segment S1. The implementing of said base data is explained in greater detail relative to figs. 7 to 9.
The necessary implementing of the stamp is further illustrated in fig. 7.
The length of the implemented stamp increases proportionally to the organization level OL. Here, e.g. the stamp increases by 1 byte if the organization level OL increases by one stage, e.g. from OL2 to OL3.
Figs. 7 to 9 illustrate the authorization concept A valid for all identifi-cation media and all associated read and write stations of the system, with the hierarchical organization levels and the necessary transmission of stamps, with which the general maintaining of the system rules is ensured.
Figs. 8a, b illustrate the hierarchical authorization concept A, which applies to all data carriers MI and to all read and write stations WR, as well as to all authorization data carriers AMI and programming stations WRI
of the system and which has hierarchical organization stages or levels 0L0, OL1, OL2, OL3, OL4, etc.
The highest stage, organization level OLO, corresponds to the system stage, i.e. the owner or licensor 10 of the entire system.
The next lower stage OL1 corresponds to different, independent users or licensees 101, 102, 103, etc. of the system, e.g. different firms, corpor-ations, municipalities, etc. This stage also corresponds to different independent applications, i.e. each independent licensee and each indepen-dent application is allocated a SSC number, which differentiates the same from all other SSC numbers.
The next lower stage OL2 corresponds to different uses 101.1, 101.2 of a user 101, e.g. different subsidiaries of a company 101.
The next stage OL3 corresponds to different areas of a use, e.g. areas g _ 101.11 of subsidiary 101.1 and areas 101.21, 101.22 of subsidiary 101.2.
The next stage OL4 corresponds to different subareas of 101.21, 101.22, etc.
This hierarchical authorization system ensures that different independent applications Appl, App2, App3, etc. cannot mutually influence in any way independent users 101, 102, 103, but a user, e.g. 101, can freely establish the organization in his area, i.e. as from OL2. This is illustrated by the separation lines 70 in fig. 8. This guarantees that no misuse of any nature is possible from this side, because e.g. applications of 101 are not generally authorized in 102 and 103.
With each downward step of an organization stage OLn to OLn+1 in this~auth-orization system the powers of the data carrier are limited, so that they only apply downwards, i.e. for organization stages with a higher number.
For this purpose in the application segments of a specific organization stage all the fixed-written data of the higher organization stage are necessarily entered, i.e. quasi-inherited, as is illustrated in fig. 9.
For each lower organization stage OLn+1 an additional memory part is fixed-written in the memory 42 and simultaneously all the data of the higher organization stage OLn are taken over. Thus, successively e.g. 10, 101, 101.1, 101.11 are entered in the memory parts of the organization stages OLO, OL1, OL2, OL3. Whereas, as explained hereinbefore, in known unseg-mented identification media an independent medium IM was required (mono-media) for each independent application (101, 102, 103, etc.), it is now possible in the manner shown in fig. 8b to combine several, randomly select-able, independent applications on a single identification medium IM-S
(multimedium). For example, more than 100 independent applications or licensee numbers SSC can exist and in the segmented identification medium IM-S, it is in principle possible to receive a randomly large number of such independent application segments, provided that the storage capacity of the medium allows it.
This authorization principle is made clear by fig. 10, which illustrates the production or initialization of identification media with data carriers MI. All the data carriers or identification media of the system must be produced as a slave medium 72 by means of a master medium 71 (as authoriz-ation data carriers AMI) and a special programming read/write station WRI.
To a new and as yet unwritten identification medium or an application seg-ment (here e.g. S2) of the system must necessarily be transmitted a non-erasable stamp 71 for the application S2 to the slave medium 72 and is so-to-speak inherited or implemented. This takes place in accordance with the rules of the hierarchical authorization system A. The identification med-ium produced (as slave medium 72) is also initialized by the master medium 71 as the authorization data carrier AMI. This initialization is the pre-requisite for the authorization for use of the application segment S2 and identification medium IM-S in the system. Only initialized identification media and application segments are authorized as valid by the read and write stations WR of the system. Each authorization medium AMI contains a user number SSC, so that it can only initialize and write application segments with the same user number SSC.
Fig. 11 shows the communication 20 between a read and write station WR with security module SM-S and a data carrier MI or an application data field S2 of the identification medium IM-S. The necessary electromagnetic HF field energy (e. g. with a carrier frequency of 13 MHz) is transmitted together with the modulated information from the read and write station WR to the data carrier MI. At the latter the field energy is collected by the antenna 45 and used for the operation of the passive data carrier MI, as well as for transmitting the encoded information to the WR. A particularly rational perforanance of this information transmission involves the carrier frequency modulating in one direction e.g. from the read and write station WR to the data carrier MI by pulse modulation and in the opposite direction (from MI to WR) by load modulation.
Fig. 11 now illustrates an interception-proof sequence of the communication between the read and write station WR and an application segment S2 of the identification medium IM-S. As soon as an identification medium enters the field of a read and write station WR, there is an automatic start of the sequence for synchronizing WR and IM-S.
For each new identification process the read and write station WR produces new initialization data 51 (e.g. in the form of random numbers) and transmits same to the identification medium 20.1. Here there is a linking of said initialization data 51 with a fixed-stored encrypting code 52 of the identification medium. The encoded result (a code word) is then transmitted back to the read and write station 20.2.
This information is then decrypted in the security module SM-S and a check is made 53, i.e.
decoded with the code 52 also stored in WR and is compared with the original random initialization data 51. On the basis of this result the WR can establish what type of medium is involved.
Subsequently and without interruption, there can be a synchronized communication 20.3 between the read and write station WR and the application segment S2 of the identification medium IM-S.
Using this method the clock generators and code generators of WR and IM-S are synchronized.
After the communication process with an application segment has been concluded or broken off, each new communication (with the same or a different application segment) must again start with new initialization data 51. A recording of the transmitted data and a subsequent feeding back into the field is consequently impossible, because the original initialization data 51 are no longer valid. It is therefore impossible to produce copies of functioning identification media.
In addition, the transmitted data are checked by a NRC check, i.e. by a check sum control, in which e.g. useful data are linked with master data of the data carrier MT.
'Thus, faulty data transmissions are substantially excluded. This is in particular important if sensitive data or value changes are entered by an authorized read and write station in an application segment and where newly entered data must be checked prior to their acquiring validity. Thus, this communication sequence ensures that there is no interception of the communication can be misused for producing fraudulent application segments on the identification media.
Fig. 12 shows as a further security element a shadow memory in the application memory ADF. If a communication process between the identifica-tion medium 1M-S and read and write station WR is disturbed or interrupted, where new sensitive data are entered in the data carrier, it 1s important that no sensitive data are lost or undesirably modified. Therefore such a co~munication process with sensitive data should either be performed com-pletely and correctly or an incomplete or incorrect data transfer must be cancelled as a whole. Such a disturbance or interruption of a communica-tion process can in particular occur if the identification medium is removed from the transmitting area R of the read and write station during the communication process. By means of a shadow memory shad in the identi-fication medium it is now ensured that each communication process is either completely entered or is not entered at all. Firstly the old data in the ADF or in a segment are transmitted into the shadow memory and checked.
When the old data are correctly present in the shadow memory, the new data are transmitted by the read and write station into the application segment and checked there. If said transmitted new data are complete and correct, they remain in valid form in the application segment. If the new data have not been correctly and completely transmitted, all the new data in the application segment are erased and once again the old data are written back from the shadow memory into the application segment. Subsequently the communication process can be repeated in the same way until the new data have been correctly and completely entered in the application segment of the identification medium.
Fig. 13 shows as an important application example a common cash segment as an application segment Scash in the identification medium to which other authorized application segments S1, S2, S3 are to have access. Access to the application segments takes place by means of a system code in a refer-ence area Ref. Each segment also has a segment reference area Refl, Ref2, Ref3. Thus, the common cash segment Scash at an associated read and write station can be charged as a money charging station in accordance with a paid in sum. This credited sum on the identification medium IM-S can be successively used up at different stations of the application segments S1, S2, etc. The individual sums are charged to the corresponding appli-cation segments S1, S2, etc. The deductions on the side of the identifi-cation medium IM-S consequently correspond to the settlements on the side of the application stations WR.
Fig. 14 shows an example of a data organization of a common partial segment Sca-sh with a segment header SCDF, a reference area with a system code SC, a shadow memory shad, the cash segment cash and the check sum controls CRC
with respect to said areas.
Fig. 15 illustrates the system compatibility of segmented identification media IM-S (multi) and unsegmented identification media IM (mono) with res-pect to the associated read and write station WR With corresponding secur-ity modules SM-S (multi) and SM (mono), as well as With the associated programming read and write stations WRI with security modules MSM-S (multi) and MSM (mono). As can be gathered from fig. 15, the system is upwardly compatible, i.e. mono-identification media can be additionally processed or produced by segmented security modules SM-S of the read and write stations and security modules MSM-S of the programming stations. Thus, in the system With segmented media IM-S can also be used unsegmented media IM, or an existing system with mono-media can be additionally equipped with mufti-media IM-S. The securing of this compatibility takes place by the data organization in the system data field SDF of the segmented identifica-tion media IM-S.
Fig. 16 diagrammatically illustrates a system having several independent applications, here With segmented identification media IM-S, which have a random number of combinations of application segments from S1 to S20. The independent applications Appl to App20 correspond to the independent licen-sees or users with numbers SSC1 to SSC20 and they correspond to the appli-cation segments S1 to S20. The associated decentralized and autonomously operational read and write stations WR have launch data sets for one or more applications S1 to S20. The read and write stations WR are addition-ally connectable to a master host computer 75. Into this system are also incorporated unsegment identification media IM, as shown by the example with S20. This corresponds to the system compatibility according to fig.
15.
Fig. 17 shows as an example a system in a geographical region, e.g. in a vacation region, with the independent users SSC1 to SSCS with the corres-ponding independent applications and application segments S1 to S5. Appli-cations S1 and S2 are two different mountain railway and ski lift regions, which are managed by the corresponding railway companies as users SSC1 and SSC2.
Application S3 is a public bus, swimming pool, sports facilities, parking garages and a hotel, which are managed by the municipality as SSC3.
Application S4 is various shops, Which are managed by an association of individual owners as user SSC4.
Application S5 consists of telephone and postal services controlled by the PTT as user SSCS.
Application segment S5 has its own cash segment, whereas segments S1 to S4 have a joint cash segment Scash.
Here, a segmented identification medium IM-S according to the invention, can in principle have random combinations of segments S1 to S5 and the individual segments, corresponding to the establishment of the correspond-ing user, can again be freely structured (cf. fig. 8).
Another example is a system with various companies as independent users.
Application segments can be available to in each case one company or the employees thereof. Other application segments can be jointly operated by two or more companies, e.g. for a common infrastructure and equipment, whilst further application segments can be available to outsiders as well as to company employees, e.g. a personnel restaurant or a swimming pool and different use prices can be established for different users.
The identification medium can be additionally combined with a personal encoding function, in order to be able to satisfy particularly high secur-ity requirements in specific applications. For this purpose, use can e.g.
be made of a PIN code or biometric data codes. Personal biometric data, such as e.g. fingerprints or finger, hand and head geometries can be estab-lished and compared with corresponding codes 33 stored in the data carrier MI (figs. 1, 3b and 18b) for the purpose of personal identification and verification of an authorized user.
The identification media IM-S can be implemented in various, per se known forms, e.g. as cards. However, they can also be combined with another element, e.g. with a personal article, such as a bracelet, which is always worn by a person. As a result of this combination or connection of Identi-fication medium and carried or worn personal article, it is ensured that the identification medium is always carried and therefore always available to the authorized person when it is required. As opposed to this, cards can be forgotten in pockets of clothing.
Fig. 18 shows an example of a portable identification carrier 1 as an identification medium IM-S in two views 18a, 18b. The identification carrier is interchangeably fixed in a suitable position to a personal brace-let PA worn on the arm 11. The identification carrier consists of a separ-ate, flat carrier element 1 and a detachable fastening device 3, which allows a replacement of the personal bracelet PA. The carrier element 1 contains the passive, integrated electronic data carrier MI with processor, electric circuit and memory, as well as an antenna 45 surrounded by a diel-ectric 4, here on both sides by a dielectric covering layer. The antenna 45 (here in the form of an antenna loop) has at least partly open antenna radiating surfaces FAO, which are not covered by electrically conductive parts or electromagnetically opaque material of the personal bracelet. An illustration is provided in fig. I9. For optimum adaptation to the round-ness of the arm 11 and the bracelet, the data carrier can be easily bend-able and is advantageously made from flexible material, e.g. plastic. The fastening device 3 is here connected in one piece to the carrier element 1 and comprises e.g. one or two bands 8 with in each case opposite, inter-connectable ends. The carrier element 1 is fitted beneath the bracelet PA, i.e. between the arm 11 and bracelet. The ends of 8 surround the bracelet PA, so that, facing the arm 11, they can be closed together over the brace-let PA. The length of the closure is adjustable in such a way that it can be adapted in optimum manner to different cross-sectional circumferences of the personal bracelet PA and for this purpose e.g. positive closure elements are placed on the ends of 8 (fig. 19).
Figs. 18a, b illustrate an example of fastening devices with Velcro fast-eners 15 at both band ends of a wide, central band 8. On one band end is fitted the loop part 15.2 of the Velcro fastener and the counterpart, i.e.
the hook part 15.1, is located on the other band end. The length of these two Velcro fastener parts 15.1 and 15.2 is chosen in such a way that it is possible to achieve a maximum length change DL of the fastener, adapting to personal bracelets PA of different sizes. The Velcro fastener allows a particularly simple and practical replacement.of the personal bracelet PA.
In the case of a suitable design as regards material and position of the two Velcro fastener parts 15.1 and 15.2, it is possible to achieve a secure closure or fastening, which does not open under normal conditions of use.
In the view of fig. 18b, in the cross-section for the personal bracelet PA, the structure of the carrier element is shown with a data carrier MI, as well as with a flat antenna 45, which can e.g. be applied as an air loop or winding to a printed circuit. On either side of the antenna is applied a dielectric covering 4, which has a thickness D1 of e.g. preferably at least 0.5 mm and which can e.g. be 0.5 to 1 mm.
In another construction the carrier element 1, e.g. together with the fast-ening device 3 as an elastic fastening can form a clamp embracing the bracelet PA. In a further variant there is a fastening procedure using four elastic tabs, which are fitted as a fastening device to the corners of the carrier element and can be clipped onto the personal bracelet PA. The carrier element 1 and fastening device 3 can also be constructed as two separable and firmly assemblable parts. Another variant is formed by ferrite antennas in place of loop antennas, e.g. in the form of a flat ferrite rod with electric winding, whose axis is parallel to the forearm 11.
Various positions are possible with respect to the bracelet PA. The car-rier element 1 can be placed below the bracelet, on the top of the bracelet or laterally alongside the bracelet.
Fig. 19 shows an example with a wristwatch 21 as a personal bzacelet PA, which positions the carrier element 1 below the bracelet and alongside the watch 22 and which is fixed by a band 8 as the fastening device. Here again there are relatively large, open antenna radiating surfaces FAO not covered by the bracelet PA.
Claims (27)
1. Identification medium with passive electronic data carrier which has a processor, a control electronics and a memory, as well as an antenna for a contactless transmission of HF signals as coded communications to an associated read and write station, characterized in that the memory has a data organization with a common data field, which contains invariable and uncopiable master data with a unique record number having a segmentable application data field, in which several independent applications (App1, App2, App3) can be entered in application segments (S1, S2, S3), each application segment containing a segment identification and where a valid hierarchical authorization system is established for all the identification media and all the associated read and write stations and with which must be initialized each identification medium and which ensures a mutual uninfluenceability of all the independent applications with their application segments (S1, S2, S3).
2. Identification medium according to claim 1, characterized in that the memory also contains a system data field with data for ensuring the system compatibility with unsegmented identification media of the same system.
3. Identification medium according to claim 1, characterized in that each application segment (S1, S2, S3) has a segment header, in which are established information and conditions valid for the particular segment and having a freely available data field for the application.
4. Identification medium according to claim 3, characterized in that each application segment in the segment header has a user number, as well as read and write conditions for the application segment.
5. Identification medium according to claim 4, characterized in that each application segment contains the following read and write conditions:
write protect, write condition and read disable.
write protect, write condition and read disable.
6. Identification medium according to claim 3, characterized in that each application segment additionally contains segment length and a check sum control of said application.
7. Identification medium according to claim 1, characterized in that storage size of each application segment (S1, S2, S3) is freely selectable (according to a needs and the storage size).
8. Identification medium according to claim 1, characterized in that at least one independent application (App2) has more than one application segment (S2.1, S2.2, S2.3).
9. Identification medium according to claim 1, characterized in that for communication between identification medium and read and write station for each identification process from the read and write station new initialization data with random numbers are produced and transmitted to the identification medium and are linked there with a fixed-stored encrypting code of the identification medium and in this encoded form are transmitted back to the read and write station, where said information is decrypted and checked in a security module of the read and write station and after which there is a synchronized communication between the read and write station and the identification medium.
10. Identification medium according to claim 1, characterized in that the communication from the read and write station always only takes place with a single identification medium and that no communication takes place if simultaneously there is more than one identification medium in transmitting area of the read and write station.
11. Identification medium according to claim 1, characterized in that the identification medium or data carrier has a modifiable memory (EEPROM) with an at least 256 byte storage location.
12. Identification medium according to claim 1, characterized in that the antenna and data carrier are constructed in one piece and located on a printed ASIC
circuit.
circuit.
13. Identification medium according to claim 1, characterized in that in the application data field there is a shadow memory shad, in which during a writing process with sensitive data said data are buffer stored, so that the writing process is performed either completely correctly or not at all.
14. Identification medium according to claim 1, characterized in that the application data field contains modifiable cash segments cash, which can be written by authorized read and write stations.
15. Identification medium according to claim 1, characterized in that in the application data field there is a common cash segment cash as the application segment, to which other authorized application segments (S1, S2, S3) have access.
16. Identification medium according to claim 1, characterized in that the data carrier contains an additional personal encoding function, such as a PIN code or a biometric data code.
17. System with several identification media according to claim 1 for several independent applications (App1, App2, App3) of several independent users with several associated, autonomous, decentralized read and write stations for said applications, the identification media having different combinations of application segments (S1, S2, S3) and in which the read and write stations are connectable to a master host computer.
18. System according to claim 17, characterized in that within a frame-work of the same authorization system there are additional unsegmented identification media from in each case only one independent user and which can be processed by all authorized segmented and unsegmented read and write stations.
19. System according to claim 17, characterized in that in a holiday area it covers several independent applications for leisure and sporting activities, swimming pool, mountain railways and ski lifts, restaurants, parking garages, public transport, food and drink machines, shops and telephone.
20. Method for initializing an identification medium according to claim 1, within [the scope of] the hierarchical authorization system, characterized in that each identification medium must be initialized by means of a specific authorization medium and a specific programming read/write station.
21. Method according to claim 20, characterized in that each identification medium of the system must be produced as a slave medium by means of a master authorization medium as the master medium and necessarily a no longer modifiable master medium stamp is transmitted, to the slave medium (inherited).
22. Method according to claim 21, characterized in that an inherited stamp length increases in proportion to an organization level, e.g. by one byte if the organization level increases by one stage.
23. Method according to claim 20, characterized in that each authorization medium always only contains one user number and that only application segments (S1, S2, S3) with the same user number can be initialized and written.
24. Method for launching a read and write station associated with one of the identification media according to claim 1 within the framework of the authorization system, characterized in that by a specific launching medium a launch data set is entered in the read and write station, which gives the authorization to process identification media corresponding to a launch data set.
25. Identification medium according to one of the claims 1 to 16, characterized in that the identification medium is constructed as a contactless identification carrier with access functions which can be carried or worn by a person and that the identification carrier as a separate, flat carrier element is carriable and interchangeably fixed to a personal bracelet PA and in which the carrier element has the passive, integrated electronic data carrier with processor, electric circuit and memory, as well as an integrated antenna and a detachable fastening device and in which the antenna is surrounded by a dielectric and has at least partly open radiating surfaces, which are not covered by electrically conductive parts of the personal bracelet.
26. Identification medium according to claim 25, characterized in that the personal bracelet is a wristwatch and the carrier element can be fastened in such a way that there are open antenna radiating surfaces, which are not covered.
27. Identification medium according to claim 25, characterized in that the fastening device has a Velcro fastener or a snap fastener.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CH62896 | 1996-03-11 | ||
| CH00628/96 | 1996-03-11 | ||
| PCT/CH1997/000063 WO1997034265A1 (en) | 1996-03-11 | 1997-02-19 | Identification medium with passive electronic data carrier |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CA2220279A1 CA2220279A1 (en) | 1997-09-18 |
| CA2220279C true CA2220279C (en) | 2001-10-30 |
Family
ID=4191446
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002220279A Expired - Fee Related CA2220279C (en) | 1996-03-11 | 1997-02-19 | Identification medium with passive electronic data carrier |
Country Status (16)
| Country | Link |
|---|---|
| US (1) | US6126078A (en) |
| EP (1) | EP0824743B1 (en) |
| JP (1) | JP4071285B2 (en) |
| KR (1) | KR100526752B1 (en) |
| CN (1) | CN1133959C (en) |
| AR (1) | AR006168A1 (en) |
| AT (1) | ATE256902T1 (en) |
| AU (1) | AU711240B2 (en) |
| BR (1) | BR9702167A (en) |
| CA (1) | CA2220279C (en) |
| DE (1) | DE59711125D1 (en) |
| ES (1) | ES2213204T3 (en) |
| ID (1) | ID18760A (en) |
| MY (1) | MY121279A (en) |
| WO (1) | WO1997034265A1 (en) |
| ZA (1) | ZA971894B (en) |
Families Citing this family (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6310647B1 (en) | 1997-04-15 | 2001-10-30 | Eastman Kodak Company | Image format for storing digital images and including multiple application segments |
| EP1065598A1 (en) * | 1999-06-24 | 2001-01-03 | Siemens Aktiengesellschaft | Method of protected access to a memory and corresponding memory device |
| US6349881B1 (en) * | 1999-06-30 | 2002-02-26 | Richard Bruce Wilkey | Identification system for personal property |
| DE10001929A1 (en) * | 2000-01-19 | 2001-08-09 | Skidata Ag | Authorization control facility |
| US7159039B1 (en) * | 2000-02-28 | 2007-01-02 | Verizon Laboratories Inc. | Systems and methods for providing in-band and out-band message processing |
| CA2384498C (en) * | 2000-07-11 | 2012-02-14 | Klaus Ulrich Klosa | Method for the initialisation of mobile data carriers |
| JP2002117382A (en) * | 2000-10-06 | 2002-04-19 | Sony Corp | Information transmission/reception device |
| AU2001293609A1 (en) * | 2000-10-23 | 2002-05-06 | Omega Electronics S.A. | Non-contact electronic identification system |
| EP1433043A4 (en) * | 2001-10-05 | 2010-06-09 | Mastercard International Inc | System and method for integrated circuit card data storage |
| US20050086506A1 (en) * | 2001-12-17 | 2005-04-21 | Legic Identsystems Ag | Method for initialising an application terminals |
| USH2120H1 (en) * | 2002-10-10 | 2005-07-05 | The United States Of America As Represented By The Secretary Of The Air Force | Biometric personal identification credential system (PICS) |
| US20040161127A1 (en) * | 2003-02-18 | 2004-08-19 | Josef Wagner | Hearing-aid remote control |
| US20060262952A1 (en) * | 2003-02-18 | 2006-11-23 | Phonak Ag | Hearing-aid remote control |
| DE60331823D1 (en) | 2003-07-14 | 2010-05-06 | Em Microelectronic Marin Sa | Circuit for a general-purpose transponder and method for memory management thereof |
| CH716409B1 (en) | 2003-11-12 | 2021-01-29 | Legic Identsystems Ag | Method for writing a data organization in identification media and for writing and executing applications in the data organization. |
| CA2557961C (en) | 2004-03-03 | 2014-01-14 | Legic Identsystems Ag | Method for detecting identification media |
| US20060080655A1 (en) * | 2004-10-09 | 2006-04-13 | Axalto Inc. | System and method for post-issuance code update employing embedded native code |
| EP1942470A1 (en) | 2006-12-29 | 2008-07-09 | Legic Identsystems AG | Authentication system |
| US20090188340A1 (en) * | 2008-01-24 | 2009-07-30 | Shimano Inc. | Bicycle control device |
| MX2010011376A (en) * | 2008-05-26 | 2011-02-24 | Nxp Bv | Reader and transponder for obscuring the applications supported by a reader and/or a transponder and method thereof. |
| EP2154623A1 (en) | 2008-08-15 | 2010-02-17 | Legic Identsystems AG | Authorization system with wireless authorization storage device |
Family Cites Families (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE2919753A1 (en) * | 1979-05-16 | 1980-11-27 | Bbc Brown Boveri & Cie | DEVICE FOR AUTOMATICALLY IDENTIFYING OBJECTS AND / OR LIVING BEINGS |
| JPS60160491A (en) * | 1984-01-31 | 1985-08-22 | Toshiba Corp | Ic card |
| FR2591008B1 (en) * | 1985-11-30 | 1991-05-17 | Toshiba Kk | PORTABLE ELECTRONIC DEVICE |
| JP2537199B2 (en) * | 1986-06-20 | 1996-09-25 | 株式会社東芝 | IC card |
| GB2204973A (en) * | 1987-05-19 | 1988-11-23 | Gen Electric Co Plc | Data processing system |
| DE3740794A1 (en) * | 1987-12-02 | 1989-06-15 | Pedro Rodriguez | Electronic data-processing wristwatch as interactive wireless data carrier and control element |
| EP0332117B1 (en) * | 1988-03-09 | 1994-05-11 | Kabushiki Kaisha Toshiba | Portable electronic apparatus |
| US5161256A (en) * | 1988-08-26 | 1992-11-03 | Kabushiki Kaisha Toshiba | Method and system for allocating file area in memory area of ic card |
| US5130519A (en) * | 1990-01-16 | 1992-07-14 | George Bush | Portable pin card |
| WO1991014237A1 (en) * | 1990-03-09 | 1991-09-19 | Cubic Western Data | Non-contact automatic fare collection medium |
| FR2667417B1 (en) * | 1990-10-02 | 1992-11-27 | Gemplus Card Int | MICROPROCESSOR CARD DESIGNED TO RECEIVE MULTIPLE PROGRAMS IN PROGRAMMABLE MEMORY. |
| WO1992008148A1 (en) * | 1990-11-06 | 1992-05-14 | Westinghouse Electric Corporation | Dual mode electronic identification system |
| FR2673476B1 (en) * | 1991-01-18 | 1996-04-12 | Gemplus Card Int | SECURE METHOD FOR LOADING MULTIPLE APPLICATIONS INTO A MICROPROCESSOR MEMORY CARD. |
| FR2683357A1 (en) * | 1991-10-30 | 1993-05-07 | Philips Composants | MICROCIRCUIT FOR PROTECTED PROGRAMMABLE MEMORY CHIP CARD. |
| DE69320900T3 (en) * | 1992-08-13 | 2007-04-26 | Matsushita Electric Industrial Co., Ltd., Kadoma | IC card with hierarchical file structure |
| DE59304983D1 (en) * | 1992-10-22 | 1997-02-13 | Skidata Gmbh | MEDIA |
| JPH06274397A (en) * | 1993-03-24 | 1994-09-30 | Toshiba Corp | File control system |
| US5544246A (en) * | 1993-09-17 | 1996-08-06 | At&T Corp. | Smartcard adapted for a plurality of service providers and for remote installation of same |
| JPH0962808A (en) * | 1995-08-25 | 1997-03-07 | Mitsubishi Electric Corp | Non-contact ic card and non-contact ic card system |
| EP0788069A3 (en) * | 1996-02-01 | 2000-01-19 | Kaba Schliesssysteme AG | Wearable identification carrier |
-
1997
- 1997-02-19 EP EP97902146A patent/EP0824743B1/en not_active Expired - Lifetime
- 1997-02-19 US US08/952,314 patent/US6126078A/en not_active Expired - Lifetime
- 1997-02-19 KR KR1019970708034A patent/KR100526752B1/en not_active IP Right Cessation
- 1997-02-19 ES ES97902146T patent/ES2213204T3/en not_active Expired - Lifetime
- 1997-02-19 BR BR9702167-9A patent/BR9702167A/en not_active IP Right Cessation
- 1997-02-19 DE DE59711125T patent/DE59711125D1/en not_active Expired - Lifetime
- 1997-02-19 CA CA002220279A patent/CA2220279C/en not_active Expired - Fee Related
- 1997-02-19 WO PCT/CH1997/000063 patent/WO1997034265A1/en active IP Right Grant
- 1997-02-19 CN CNB97190507XA patent/CN1133959C/en not_active Expired - Fee Related
- 1997-02-19 AU AU15883/97A patent/AU711240B2/en not_active Ceased
- 1997-02-19 JP JP53214897A patent/JP4071285B2/en not_active Expired - Fee Related
- 1997-02-19 AT AT97902146T patent/ATE256902T1/en active
- 1997-03-05 ZA ZA9701894A patent/ZA971894B/en unknown
- 1997-03-07 MY MYPI97000961A patent/MY121279A/en unknown
- 1997-03-10 AR ARP970100939A patent/AR006168A1/en unknown
- 1997-03-11 ID IDP970776A patent/ID18760A/en unknown
Also Published As
| Publication number | Publication date |
|---|---|
| KR100526752B1 (en) | 2006-03-22 |
| AU1588397A (en) | 1997-10-01 |
| EP0824743B1 (en) | 2003-12-17 |
| JP4071285B2 (en) | 2008-04-02 |
| US6126078A (en) | 2000-10-03 |
| EP0824743A1 (en) | 1998-02-25 |
| KR19990014693A (en) | 1999-02-25 |
| CA2220279A1 (en) | 1997-09-18 |
| ID18760A (en) | 1998-05-07 |
| ZA971894B (en) | 1997-09-09 |
| ATE256902T1 (en) | 2004-01-15 |
| CN1193401A (en) | 1998-09-16 |
| MY121279A (en) | 2006-01-28 |
| JPH11505650A (en) | 1999-05-21 |
| WO1997034265A1 (en) | 1997-09-18 |
| AU711240B2 (en) | 1999-10-07 |
| ES2213204T3 (en) | 2004-08-16 |
| CN1133959C (en) | 2004-01-07 |
| AR006168A1 (en) | 1999-08-11 |
| BR9702167A (en) | 1999-12-28 |
| DE59711125D1 (en) | 2004-01-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2220279C (en) | Identification medium with passive electronic data carrier | |
| US6021494A (en) | Electronic micro identification circuit that is inherently bonded to someone or something | |
| US8566588B2 (en) | Method of authentication and secure exchange of data between a personalised chip and a dedicated server, and assembly for implementing the same | |
| JP4611504B2 (en) | Method for allowing access to a computer application | |
| US4985921A (en) | Portable data carrying device | |
| US7845567B2 (en) | Contactless card reader and information processing system | |
| EP0955603B1 (en) | Ic card and method of using ic card | |
| US9135761B2 (en) | Method of migrating RFID transponders in situ | |
| US20020174336A1 (en) | Information protection system and information protection method | |
| AU4781590A (en) | Secure data interchange system | |
| EA001415B1 (en) | Conditional access method and device | |
| CN101599134A (en) | Contact/non-contact type hybrid IC card, communication means, program and communication system | |
| CN101783040B (en) | Smart card swipe machine and information exchange method | |
| US20030088777A1 (en) | Method and system for generating security access key value for radio frequency card | |
| US6507535B2 (en) | Portable object, in particular a watch, including multiple selectable electronic modules | |
| Ranasinghe et al. | RFID/NFC device with embedded fingerprint authentication system | |
| CN101119423A (en) | Electronic label intelligent finance self-help payment telephone terminal | |
| KR20040092669A (en) | A rfid terminal and a tag with security function | |
| JPH10312445A (en) | Proximity and remote type non contacting ic card | |
| US20070226151A1 (en) | Method for Processing a Cashless Payment Transaction | |
| JP2004527854A (en) | Method of controlling use of service providing device | |
| KR19990038700A (en) | Multi smart card using Java chip |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| MKLA | Lapsed |
Effective date: 20150219 |