(Field of the invention)

The present invention relates to methods for managing a smart card . It relates particularly to methods of managing communication between a smart card and the cardholder .

(Background of the invention)

Smart cards are portable small devices comprising a memory, a microprocessor and an operating system for computing treatments . They may comprise services applications like payment applications . Such secure elements may comprise a plurality of memories of di f ferent types , like non-volatile memory and volatile memory . They are considered as tamper-resistant ( or " secure" ) because they are able to control the access to the data they contain and to authori ze or not the use of data by other machines . A smartcard may also provide computation services based on embedded cryptographic components . In general , smartcards have limited computing resources and limited memory resources and they are intended to connect a host machine which provides them with electric power either in contact mode or contactless mode .

During a transaction, a terminal connected to a smart card may display a message according to the result of a treatment performed by the card . Some terminals may be designed to provide the cardholder with a message belonging to a list of prede fined messages related to the transaction .

(Summary of the Invention)

When the card needs to present a di f ferent message (which may be not directly linked to the transaction) to the user, an issue may occur . There is a need to enhance the mechanism in charge of managing communication between a smart card and the cardholder .

The invention aims at solving the above-mentioned technical problem .

An obj ect of the present invention is a method for managing a card that comprises a user output interface . The method comprises a control operation of the card including the steps of :

- Getting, by the card, a parameter which can evolve dynamically during card li fespan;

- Generating, by the card, a decision which may be positive or negative by executing a preset function applied to the parameter ; and

- Only i f said decision is positive , identi fying, by the card, a message and noti fying a user of the card directly through said user output interface that the card has the message to deliver to the user .

Advantageously, the card may connect a terminal comprising a man machine interface and the terminal may retrieve an identi fier of the message from the card and present the message to the user through the man machine interface . Advantageously, the card may comprise a fingerprint sensor, the parameter may be an indicator reflecting a level of dirt of the fingerprint sensor, the card may generate the indicator from a captured data acquired by the fingerprint sensor and the message may indicate the user that the fingerprint sensor should be cleaned .

Advantageously, the card may record the indicator and the fingerprint sensor may acquire a new captured data . The card may compute a new indicator reflecting a new level of dirt of the fingerprint sensor from the new captured data and the card may generate a new decision that may be positive or negative by executing said preset function applied to both said indicator and said new indicator . Only i f said new decision is positive , the card may identi fy a new message and noti fy the user directly through said user output interface that the card has a new message to deliver to the user .

Advantageously, the card may comprise a biometric reference pattern and the indicator may be generated each time a comparison between an image extracted from said captured data and the biometric reference pattern fails .

Advantageously, the control operation may be executed at each power-up of the card or may be randomly triggered .

Advantageously, the card may be a payment card and the control operation may be performed each time a payment transaction occurs .

Advantageously, the user output interface may be a light source ( e . g . LED) , a sound generator, a display or a pictogram illuminated by an associated light source . Another obj ect of the present invention is a card comprising a user output interface , a processor and instructions that cause said card to execute a control operation in which :

- The card gets a parameter having a value that can evolve dynamically during card li fespan;

- The card generates a decision which may be positive or negative by executing a preset function applied to said parameter ; and

- Only i f said decision is positive , the card identi fies a message and notifies a user of the card directly through said user output interface that the card has the message to deliver to the user .

Advantageously, the card may be configured to send an identi fier of said message to a terminal connected to the card .

Advantageously, the card may comprise a fingerprint sensor, said parameter may be an indicator reflecting a level of dirt of the fingerprint sensor, the card may be configured to generate the indicator from a captured data acquired by the fingerprint sensor and the message may indicate the user that the fingerprint sensor should be cleaned .

Advantageously, the card may be configured to record the indicator and the fingerprint sensor may be able to acquire a new captured data . The card may be configured to compute a new indicator reflecting a new level of dirt of the fingerprint sensor from the new captured data and the card may be configured to generate a new decision which may be positive or negative by executing said preset function applied to both said indicator and said new indicator . Only i f said new decision is positive , the card may be configured to identi fy a new message and to noti fy the user directly through said user output interface that the card has a new message to deliver to the user .

Advantageously, the card may comprise a biometric reference pattern and the card may be configured to generate the indicator each time a comparison between an image extracted from said captured data and the biometric reference pattern fails .

(Brief description of the drawings)

Other characteristics and advantages of the present invention will emerge more clearly from a reading of the following description of a number of preferred embodiments of the invention with reference to the corresponding accompanying drawings in which :

- Figure 1 shows a first exemplary flow diagram for managing a smart card according to an example of the invention;

- Figure 2 shows a second exemplary flow diagram for managing a smart card embedding a biometric sensor according to an example of the invention; and

- Figure 3 shows a diagram of architecture of a smart card according to an example of the invention .

(Detailed description of the preferred embodiments)

The invention may apply to any type of smart card embedding a user output interface which is di f ferent from the card communication interface allowing the card to communicate with another hardware machine like a card reader. In this document, the user output interface allows the card to directly provide the cardholder with an information.

The card may be a banking card, a ticket providing access to a mass transit, an access badge or an identity document for instance.

The invention is well-suited for cards which are designed to communicate through at least one contactless protocol. The invention also applies to cards which are designed to communicate through a contact protocol only or through both contact and contactless protocols.

Figure 1 depicts a first exemplary flow diagram for managing a card according to an example of the invention.

In this example, the card 10 is a banking smart card intended to be used by its associated user (i.e. bank customer) for payment or cash withdrawal.

The method comprises a control operation of the card. As shown at Fig. 1, the control operation may include the steps described below.

At step S10, the card 10 gets a parameter 51 whose value can change dynamically during the card lifespan. This parameter may be a parameter (or a variable) internal to the card or specific to a hardware (or software) component embedded in the card. For instance, the parameter may be a counter stored in a memory of the card or a physical characteristic of a hardware component of the card which is measured by the card itself.

At step S20, the card 10 generates a decision 55 which may be positive or negative by executing a preset function applied to the parameter 51. The preset function may be a comparison function which checks if the parameter is above a predefined threshold or belongs to a preset range. For instance the decision may be positive only if the parameter is below a predefined threshold.

If the decision is negative at end of step S20, the card may not notify the user (step S60) or notify the user that there is no message to get from the card.

At step S30, only if the decision is positive, the card identifies a message 52, then at step S40, the card notifies the cardholder (i.e. the user of the card) directly through the user output interface that the card has the message 52 to deliver to the cardholder.

For example, the identified message 52 may be "The number of transactions performed by the card is near the maximum authorized number, please contact your bank."

Due to physical and cost constraints, the user output interface embedded in the card may be limited and not allow the transmission of such a long (or complex) message. However, the user output interface may transmit to the cardholder a piece of information reflecting the fact that the card has a message (i.e. the identified message 52) to deliver to the cardholder. The user output interface may be a LED, which, when it lights up, indicates the availability of a message to be retrieved from the card.

The user output interface may be a light source, a sound generator, a display or a pictogram illuminated by an associated light source.

At step S50, the cardholder may connect the card 10 to a terminal equipped with a man machine interface so as to get the message 52 through this man machine interface . For example , the user may couple the card 10 to a smartphone (via a NFC or Bluetooth connection for instance ) and activate a mobile application which retrieves the message from the card (vie a NDEF message for instance ) and displays this message through the screen of the smartphone . The user may also connect the card to a card reader equipped with a screen or a speaker to get access to the content of the message 52 .

The terminal may retrieve an identi fier 72 of the message 52 from the card 10 and present the message to the user through the man machine interface accordingly . The identi fier 72 may be the content of the message or an index of the message provided that the message has been preregistered in the terminal .

The control operation may be done according to di f ferent policies . For example , the control operation may be done at each power-up of the card or may be randomly triggered .

When the card is a payment card, the control operation may be done each time a payment transaction occurs .

It is to be noted that when the decision generated by the card is positive , the card emits two separate pieces of information linked to each other ( i . e . the direct noti fication of existence of a message to be retrieved and the reference 72 of the message ) through two distinct communication interfaces of the card ( i . e . the user output interface 60 and the communication interface 15 ) .

It should be noted that the card 10 may be coupled to a first hardware device during step S 10 ( time of identi fication of the parameter 51 ) then coupled to another hardware device ( i . e . separate from the first hardware device ) for retrieving the message 52 during step S50 . Thus steps S 10 and S50 may be several minutes , hours or days apart .

Figure 2 depicts a second exemplary flow diagram for managing a smart card embedding a biometric sensor according to an example of the invention .

The card 10 embeds a biometric sensor 40 designed to capture fingerprint data . The smartcard may embed a secure element coupled to the biometric sensor and configured to act as a controller of the biometric sensor . The secure element may be adapted to get data captured by the sensor and to apply treatments on the captured data . For instance , the secure element may be configured to perform an anti-spoofing algorithm to detect fraud attempts based on a fake fingerprint system . The secure element comprises a hardware processing unit , memory and an operating system designed to contribute to applicative services . The smart card may comprise a reference biometric data which has been enrolled by the card user .

The method comprises a control operation of the card . As shown at Fig . 2 , the control operation may include the steps described below .

At step S 12 , the fingerprint sensor acquires an image of a finger presented to the fingerprint sensor . The acquired image is also called captured image .

At step S 14 , the card 10 gets a parameter whose value can change dynamically during the card li fespan . In the example of Figure 2 , the parameter is an indicator reflecting a level of dirt o f the fingerprint sensor . The card may generate the indicator from the captured image (raw data) or from biometric data extracted from the captured image .

In some embodiments, the card may generate the dirt indicator by detecting the presence of artif acts/items placed at a fixed position on a series or sequence of images captured by the biometric sensor. For example, the card may locate an area where the contrast is often or always different from the rest of the captured image or locate a particular element that is regularly presents in a particular area of the captured images.

In some embodiments, the card may generate the dirt indicator by monitoring the image quality of an image captured by the biometric sensor. The contrast or the brightness of the captured image are quality characteristics that may be analyzed to monitor the image quality .

In some embodiments, the card may generate the dirt indicator by considering the sensor is dirty as the result of a sequence of a preset number (e.g. four or five) consecutive failing match operations.

At step S20, the card 10 generates a decision 55 that may be positive or negative by executing a preset function 56 applied to the indicator. The preset function may be comparison function which checks if the indicator is above a predefined threshold or belongs to a preset range of values. For instance the decision may be positive only if the indicator is above a predefined threshold.

If the decision is negative at end of step S20, the card may not notify the user (step S60) or notify the user that there is no message to get from the card. At step S32, only if the decision is positive, the card identifies a message that request the user to clean the fingerprint sensor.

Then, the card notifies the cardholder (i.e. the user of the card) directly through the user output interface that the card has the message to deliver to the cardholder at the step S40.

For example, the identified message may be "Please clean the fingerprint sensor of your card" or "The fingerprint sensor of your card is dirty."

The user output interface may be a Light-Emitting Diode (LED) , which, when it lights up, indicates the availability of a message to be retrieved from the card. For instance a blinking red LED (or a particular sequence of light signals) may inform the user of the availability of a message to be retrieved from the card.

At step S50, the cardholder may connect the card 10 to a terminal equipped with a man machine interface so as to get, through this man machine interface, the message that has been identified by the card. For example, the user may couple the card 10 to a portable card reader comprising a screen and designed to retrieve a reference of the message from the card and to present the message to the user. When the card is banking card, the user may decide to connect the card to an automated teller machine (ATM) designed to retrieve the identifier (i.e. the message itself or an index of the message) of the message from the card 10 and to present the relevant message to the cardholder.

The control operation may be done according to a preset policy. For example, when the card is a payment card, the control operation may be done each time a payment transaction occurs . In another example , assuming the card comprises a pre-registered biometric reference pattern 54 ( enrolled in a previous stage the card may generate a dirt indicator each time a comparison between data extracted from image captured by the fingerprint sensor and the biometric reference pattern fails .

Figure 3 depicts a diagram of architecture of a card according to an example of the invention .

In this example , the card 10 is a biometric smart card allocated to a user 30 .

The biometric card 10 comprises a secure chip 50 ( also called secure element ) and a fingerprint sensor 40 connected to the secure chip . The smart card 10 comprises a communication interface 15 which is designed to exchange data with outside in contactless mode . The communication interface 15 is linked to the secure element 50 .

The secure chip 50 comprises a processor and a nonvolatile memory (not shown) . The non-volatile memory stores an operating system which includes software instructions that are executed by the processor to perform the features of the secure chip .

In the example of Figure 3 , the card 10 is coupled to a reader 20 which may be embedded in an applicative apparatus ( like a Point-Of-Sale device or gate for access control for example ) and the secure element 50 is a conventional smart card chip with additional features . The secure element 50 is able to contribute to an applicative transaction with an external machine . For instance , the transaction may be a payment transaction or cash withdrawal i f the card is a banking card .

The secure element 50 may comprise a biometric reference pattern 54 previously enrolled by the user 30 .

The secure element 50 may comprise a biometric algorithm (matching algorithm) aiming at comparing the biometric reference pattern 54 with biometric data captured by the sensor 40 .

The card is configured to get a parameter 51 having a value which can evolve dynamically during the card li fespan . The parameter may be an internal variable or a physical characteristic measured by the card . For example , the parameter 51 may be a physical characteristic of a hardware component embedded in the card .

The parameter 51 may be a physical characteristic measured by the card . For example , the parameter 51 may be the power level retrieved by the card from a connected card reader, or the internal current consumption during a particular treatment .

The secure element comprises a preset function 56 configured to generate a decision which may be positive or negative . The preset function 56 may be designed to compare the value of a data with a preset reference that may be a threshold or a range of values .

The preset function 56 may be designed to detect the presence of speci fic items in an image captured by the fingerprint sensor . The preset function 56 may be adapted to detect the presence of speci fic items located in a particular area of the captured image . The card 10 comprises a user output interface 60 which may be a light source ( like a LED) , a sound generator ( e . g . buz zer ) , a small display or a pictogram intended to be illuminated by an associated internal light source .

In some embodiments , the smartcard 10 may embed a controller (not shown at Figure 3 ) coupled to both the secure element and the biometric sensor and which is configured to get data captured by the sensor and to apply treatments on the captured data . For instance , the controller may be a microcontroller unit (MCU) which is configured to perform an anti-spoofing algorithm .

The card is adapted to generate a decision 55 that may be positive or negative by executing a preset function applied to the parameter 51 .

In response to a positive decision generation ( i . e . only i f the generated decision is positive ) , the card is configured to identi fy a message 52 and to noti fy the user 30 directly through the user output interface 60 that the card has the message 52 to deliver to the user .

The card may be configured to send an identi fier 72 of the message 52 to a connected terminal only i f a message is to be delivered to the user ( cardholder ) . The card may record a track 57 of the existence of the need to deliver the message 52 to the user and delete this track when the card has sent a reference of the message to the connected terminal or when the connected terminal informs the card that the message 52 has been presented to the user .

In some embodiments , the parameter 52 is an indicator reflecting a level of dirt of the fingerprint sensor 40 . The card is configured to generate the indicator from a captured data 61 acquired by the fingerprint sensor . The message 52 indicates the user that the fingerprint sensor should be cleaned .

It is to be noted that the card may store a reference of the message (which may be coded on one or two digits for instance ) and that the card does not need to store the entire text of the message .

In one embodiment , the card may be configured to perform the control operation each time a comparison between a data extracted from the captured image 61 and the biometric reference pattern 54 fails .

In some embodiments , the card may be configured to perform the control operation each time a predetermined number ( ex : 4 , 9 or 17 ) of transactions using the fingerprint sensor have been executed .

In some embodiments , the card may be a payment card configured to perform the control operation each time a payment transaction occurs .

In some embodiments , the card may be configured to store the indicator 51 and to compute a new indicator reflecting a new level of dirt of the fingerprint sensor from a new data captured by the fingerprint sensor . The card may be configured to generate a new decision which may be positive or negative by executing the preset function applied to both the stored indicator and the new indicator . Only i f the new decision is positive , the card may be configured to identi fy a new message 53 and to noti fy the user directly through said user output interface that the card has a new message to deliver to the user . Thus by taking into account the measured quality of a previous extracted image , the card may be able to generate a positive decision based on the history . The card may be configured to select a threshold depending on a progressive degradation of the quality of the captured images . It should be noted that the indicator 51 may lead to a negative decision ( generated by the preset function) while the new indicator (which is the next indicator ) may lead to a positive decision .

As mentioned before , the card may be configured to record a track 57 of the existence of the need to deliver a message to the user . The card may be configured to store more than one track and to delete each track when the card has sent a reference of the corresponding message to the connected terminal or when the connected terminal informs the card that the corresponding message has been presented to the user .

Thanks to some embodiments of the invention, it is possible to dynamically warn the cardholder that the card has a long or complex message to deliver to them .

Thanks to some embodiments of the invention, the card may measure the level of dirt of its own biometric sensor and prompt the user to retrieve , via another device , a message that explains that the sensor should be cleaned . Thus failures to use card biometric sensor can be avoided or at least limited thanks to some embodiments of the invention .

Thanks to some embodiments of the invention, the card may dynamically monitor an internal critical parameter or a physical characteristic of an embedded hardware component and warn the cardholder of a corresponding corrective or preventive action . The invention is not limited to the described embodiments or examples . In particular, the described examples and embodiments may be combined .

The invention is not limited to biometric smart cards and may apply to any smart cards allocated to a user .