SMART CARDS

The invention relates to the execution of a secure transaction using a smart card, particularly the performance of a transaction with a smart card of a type widely used and standardised, such as a smart bank card.

A secure transaction process between two smart cards and a smart card reader is known. For that purpose, a smart card reader has two communication interfaces designed to receive two respective smart cards, for example a smart bank card and the smart card of a merchant. The communication interfaces have metal strips designed to make electrical contact with the surface contacts of the smart cards.

During a transaction, the reader plays the part of master and the smart cards play that of slaves. In practice, the smart cards merely respond to a secure application of the reader that is querying them. The secure application is for instance executed in the reader to make it possible to enter the amount of a transaction and carry out authentication and holder verifications on each card before the transaction is validated.

The reliability of such a reader can in practice turn out to be relatively limited, because communication with one of the cards can be interrupted in a hostile or aggressive environment. Also the communication interfaces of the reader are relatively sensitive to degradation when the reader is permanently in a public place. Further, updating the secure applications of the reader may be tricky. Also, the cost of a reader with a dedicated application can put users off purchasing such a piece of equipment.

The invention is aimed at solving one or more of these drawbacks. The invention thus relates to a communication method between a master smart card and a slave smart card through a smart card reader, where the master smart card runs an application designed to carry out a secure transaction with the slave smart card. The method comprises the following steps:

- the said application of the master smart card transmits to the reader a command intended for the slave smart card;

- the reader transmits the command to the slave smart card;

- the slave smart card transmits to the reader a response to the command; - the reader transmits the response to the master smart card and signals that it is available for a new command;

- the said application of the master smart card processes the said response; - the said smart cards are contactless smart cards, the smart card reader has a contactless communication interface (1 ), the said transmissions are carried out from and to the contactless communication interface.

The invention also relates to a contactless smart card, comprising:

- a contactless communication interface;

- a memory that saves an application capable of determining, through the communication interface, that a reader is available for submitting a command intended for another smart card, submitting such a command to the reader and carrying out a secure transaction with the said other card;

- a processing module capable of running the saved application.

The invention further relates to a contactless smart card reader comprising a contactless communication interface and a processing module that is capable, through the contactless communication interface, of receiving commands from a first smart card running a secure master application, indicating that it is available for receiving commands from the first smart card, transmitting a command received from the first smart card to a second smart card, receiving a response from the second smart card and transmitting the response received to the first smart card.

In one variant, the reader comprises a display screen and a command interface for users, and the processing module is capable of offering the running of a secure application of a contactless smart card on the display screen, determining the selection by the user of a secure application through the command interface, and indicating that it is available for receiving commands to the smart card with the selected secure application.

The invention further relates to a system comprising:

- a smart card reader as described above;

- a smart card as described above;

- a contactless smart card capable of responding to commands sent by the reader.

Other characteristics and benefits of the invention will become clear in the description below, which is provided for information and not limitative in any way, by reference to the drawings attached, where:

- figure 1 is a schematic representation of a contactless smart card reader capable of applying the invention;

- figure 2 is a schematic representation of a master smart card;

- figure 3 is a schematic representation of a reader carrying out a contactless transaction with a master smart card and a slave smart card;

- figure 4 represents an example of exchange of messages between the reader and the smart cards;

- figures 5 and 6 represent a perspective view of a mode of embodiment of a reader associated with a master smart card and a slave smart card.

The invention is aimed at achieving communication between a contactless master smart card and a contactless slave smart card through a contactless smart card reader. The master smart card runs an application for carrying out a secure transaction with the slave smart card. The application transmits a command to the reader, which command is intended for the slave smart card. The reader transmits the command to the slave smart card. The slave smart card transmits to the reader a response to the command. The reader transmits the response to the master smart card and signals that it is available for a new command. The application of the master smart card processes the response to continue the transaction.

The contactless communication interface of the reader with the cards allows reliable communication in difficult environments, for example potentially soiled environments such as petrol pumps, highly humid environments or abrasive environments. That does away with the lack of reliability of communication of a contact type interface, where the deterioration of electrical contacts can lead to the impossibility to communicate. Also, the resistance of the reader in a hostile environment is increased. The reader in the invention is thus insensitive to the vandalism to which the reading interfaces of contact type smart cards are exposed (blocking or destruction of the smart card insertion rail, for instance) for example when they are installed in parking meters. Besides, the invention makes it possible to have a reader with a reduced cost and reduced functions, since it need not necessarily have a secure application. Also, the cost of the reader may be spread over several reader users without risking security flaws, since the secure application is stored in a distinct master card that is dedicated to each user. New dedicated secure applications may further be distributed easily by supplying a master card to each user, e.g. through the post. The reader no longer limits the number of secure applications that can be applied, since the reader may be used for as many secure applications as there are secure cards. The invention further makes it possible to implement the secure transaction with no need for modifying the slave cards that are already in circulation, such as the bank smart cards that are currently so largely widespread.

Near field contactless communication is generally known as NFC (Near Field Communication). Such communication is based on the modulation of a magnetic field produced firstly by the coil of the smart card reader and in return on the modulation of the current induced by coupling in the coil of a card. Modulation protocols for NFC transmission have particularly been defined in standards such as ISO 14443 and ISO 18092 as are the associated additional layers such as NFC Peer to Peer.

Figure 1 is a schematic representation of a smart card reader 1 . In a manner known in itself, the smart card reader 1 comprises a display 1 1 with a liquid crystal screen and a keypad 12 forming interfaces for communication with a user. The reader 1 further comprises a processing module 13 capable of managing the working of the display 1 1 and the keypad 12. The display 1 1 may for example display choices to the user, instructions or transaction amounts. The keypad 12 may for instance be used to enter a transaction amount, a personal identification number (PIN) or to select an option of reader 1 . The reader 1 further comprises, in a manner known in itself, a contactless communication interface 14 adapted for communicating with smart cards. The interface 14 is connected to the processing module 13. The processing module 13 is capable, in a manner known in itself, of managing the non collision of the smart cards present in the communication field of its interface 14. The processing module 13 comprises a so- called reflector application, the working of which is detailed below. That reflector application is generic and is used to route a command or a response from one smart card to another smart card. Figure 2 is a schematic representation of the structure of the integrated circuit of a smart card 2. The integrated circuit particularly comprises a processing module 21 , a RAM 22, a ROM 23, a rewritable non-volatile memory 24, a surface contact communication interface 25 and a contactless transmission interface 26. These different components are connected in a manner known in itself by appropriate circuits.

The master smart card 2 saves a software application that is designed to manage a secure transaction with another smart card, either in the ROM 23 or in the non-volatile memory 24. That secure application runs by means of a processing module 21 and the ROM 22.

The secure application carries out the functions usually carried out by a smart card reader to carry out a secure transaction. The secure application operates as the master in relation to the slave smart card, and the application generates the commands and requests to be applied on the slave smart card to carry out the transaction. The master smart card 2 may contain several different secure applications that may be used by the user of the reader 1 . The secure applications may be of different types - bank transactions, access control etc.

Due to the location of the secure application on the master smart card 2, the structure of the reader 1 may be greatly simplified. A simple non-dedicated reader that transfers commands and responses between the smart cards may be used. By using the secure application of the master smart card 2, a secure transaction may be carried out independently of the type of reader used. The reader may for example comprise a processing module made using wired logic and not designed to be updated. Of course, more complex readers with secure applications may also be used to implement the invention. The card 2 may be personalised with a secure application using any appropriate means, either in a personalisation centre or remotely using the so-called OTA process.

Figure 3 is a schematic illustration of the reader 1 used to carry out a secure transaction between the master smart card 2 and the slave smart card 3. The slave card 3 may be of any type that is already in service and that card may be used in the same way as part of the invention: the slave card 3 always receives commands, to which it merely responds. One example of secure transaction will now be detailed. The reader 1 initially carries out an anti-collision phase with the smart cards placed in its field of contactless communication. The reader 1 can ask the user to select a master card from several cards present in its field of communication, through the screen 1 1 and the keypad 12. The reader 1 may also select one secure application from a master smart card for carrying out a secure transaction when several secure applications are available.

One example of data routing between the reader 1 and the smart cards 2 and 3 is illustrated by reference to figure 4. In step 101 , the reader 1 first determines that a secure application of the smart card puce 2 is master in a transaction with the smart card 3. The reader 1 transmits a message to the smart card 2 to request a command.

In response, in step 102, the smart card 2 transmits a command to the reader 1 , which command is intended for the slave smart card 3.

In step 103, the reader 1 transmits the command to the slave smart card 3.

In step 104, the slave smart card 3 sends a response to the command from the reader 1 .

In step 105, the reader 1 sends the response to the master smart card 2 and signals to it that it is available for a new command. The secure application of the smart card 2 processes the response received and possibly sends a new command intended for the slave smart card 3 to the reader 1 , to allow the transaction to continue.

To implement the method, the reader 1 is capable of operating as a reflector to receive a command from the card 2 and send it on to the card 3. Further, the reader 1 is capable of receiving a response from the card 3 sending it on to the card 2. Besides, the reader 1 is capable of requesting a command from the card 2 or signalling to it that it is available for receiving a new command. The card 2 is capable of generating commands intended for the slave card 3. The card 2 is also capable of interpreting the messages from the reader 1 asking for a command or indicating that it is available for such a command.

The reader 1 selects a card with each exchange and suspends all the others. During communication between the master card 2 and the slave card 3, the reader thus sequentially selects each of the two cards. Thus, reader 1 communicates simultaneously with only one of the cards. The reader 1 can establish a communication tunnel with each card, the data exchanged being encrypted or otherwise, in a manner known in itself.

The smart cards 2 and 3 can communicate with the reader 1 through standardised communication protocols (such as ISO 14443, ISO 18092 or JIS X6319-4) or through a proprietary protocol. In respect of known standardised communication protocols, the invention may be implemented by defining new messages to ask for a new command from the master smart card or indicate that it is available for a new command. Figures 5 and 6 represent a perspective view of a mode of embodiment of a reader 1 alongside smart cards 2 and 3. The reader 1 advantageously comprises a slot for holding card 2 in place, enabling its holder to free their hands to manipulate the reader 1 and particularly the keypad 12. The slot takes the form of a slide made in the lower part of the reader 1 . The reader 1 can advantageously also include another slot to hold the card 3 in place.

The reader 1 can have a long-range connection to a server such as a payment server. That long-distance connection may be made through a GSM or GPRS link or through a link of the Bluetooth LAP type.

The reader 1 may for example be implemented in the form of a permanent public terminal that may be used by different users with their own master smart card comprising a secure application. Such a terminal could for example be used in a market, where different merchants would each have their master smart card to carry out secure cash transactions with customers.

The invention could be implemented with all types of contactless smart card, a SIM card inserted in a mobile telephone with an NFC function could particularly emulate the functioning of a contactless smart card.

Advantageously, the reader 1 can allow one or more smart cards 2 or 3 to operate as the master for one of the devices, the screen 1 1 or the keypad 12 in the illustrated example. The reader 1 can to that end comprise a reflector application responsible for retrieving a command from a smart card operating as the master, conveying the command to a peripheral device, collecting a response from the device and passing on the response to the smart card.