PORTABLE ELECTRONIC SYSTEM WITH POWER CONSUMPTION

CONTROL

Technical field of the invention:

This invention generally relates to a portable electronic system with power consumption control. The system includes at least one power consuming element and at least one removable security token.

This invention also relates to such a removable security token. In this patent document, the expression "removable security token" is a token with means for processing and checking data and means for communicating with a system equipped with a reader that supports it. Typically, the removable security token is a smart card, but other form factors such as USB keys or other memory card formats may be used as well.

State of the technique:

The use of a terminal that is connected through a host personal computer via a wired Internet network to a bank transaction authorisation server, for instance, is known.

The terminal is used by a merchant selling a product (or a service). The terminal is particularly equipped with an information display screen, a keypad and a smart card or magnetic stripe card reader.

The keypad is used to enter data and start the bank payment application and data specific to a transaction, such as the value of the product (or service) to buy.

The user of the terminal inserts a smart card or a magnetic stripe card into the card reader so that the terminal can collect and save the bankcard data specific to the buyer after authenticating them. Once the transaction data specific to the bankcard payment application are collected and the application has completed processing them, the terminal sends,

in some cases, an authorisation request via the host personal computer and the Internet network to the authorisation server. The authorisation server authorises or prohibits the bankcard payment transaction from the buyer's bank card, by sending back a corresponding response to the terminal. In order to secure the transactions, the terminal must be a secure terminal.

However, a secure terminal has the drawback of being relatively expensive. The use of low-cost non secure terminals is known. Such low-cost terminals require the use of secure operations within the smart card. Further, this type of system is a standalone system that is powered by a battery and it is of use to minimise the power consumed by the payment terminal.

Smart card reading terminals are not limited to bankcard payment terminals. They may also be terminals that can read healthcare cards or other cards, depending on the application associated with the card. Regardless of the type of terminal, a low-cost terminal may be envisaged, and the power consumption problem is the same.

Description of the invention:

The invention is aimed at reducing the consumption of a portable electronic system of the low-cost terminal type, cooperating with a removable security token.

More particularly, the invention is a portable electronic system comprising a power source, at least one power consuming element and at least one removable security token. The removable security token comprises means to communicate with all the elements of the said system. The removable security token is capable of controlling and managing the power consumption of at least one power consuming element.

According to the invention, the removable security token is capable of controlling and managing the power consumption of at least one power consuming element of the system.

The general principle of the invention thus relies on the use of a removable security token that is adapted for controlling and saving the energy consumed by one or more elements that equip the system.

It must be noted that the system in the invention cooperates with a removable security token that may be an element that is either added on and thus external to the system or integrated within the system.

In that way, the system has a longer power life in relation to the solution offered by the anterior art described above. The system can thus be used longer in operation and/or for a larger number of electronic transactions. It must be noted that the invention does not impose any constraint as regards the nature of the transaction. In other words, the system according to the invention may be used for all types of transaction.

It can be understood that the removable security token is an added element that is used to handle the management of the power consumed by one or more outside components.

Preferentially, the removable security token may be connected to the said at least one power consuming element through a communication bus internal to the system, of the serial or parallel type. The removable security token may be capable of commanding a switching device, which switching device is connected, on one side, to a power terminal of the power source, and on the other side, to at least one power terminal of the at least one power consuming element, the switching device allowing or prohibiting the supply of power to the at least one power consuming element. The removable security token may be capable of controlling the communication bus internal to the system, in order to control and manage access to the said at least one power consuming element, at the initiative of the removable security token. The internal communication bus may be connected to the power source. The system may comprise a device for the selection of at least one power consuming element from all of the at least one power consuming element, to enable or disable the power supply to the said at least one power consuming element.

According to different preferred modes of embodiment, the removable security token is at least one element selected out of: a smart card in a format of the ISO 7816 type, a card of the SIM card type, a key of the USB type or a memory card with a microcontroller. Similarly, the said at least one power consuming element is an element selected out of: a display, a keypad, a printer or a biometric reader.

According to another aspect, the invention is a removable security token designed to cooperate with an electronic system. The removable security token is capable of controlling and managing the power consumption of at least one power consuming element of the electronic system external to the removable security token.

Description of drawings:

The other characteristics and benefits of the invention will appear in the description of the two preferential modes of embodiments of the invention, given as mere indicative non-limitative examples and the enclosed drawings, where:

- figure 1 is an overview of a host personal computer connected on one side to a system according to the invention and on the other to a server; - figure 2 is a detailed schematic diagram of a first mode of embodiment of the system in figure 1 communicating with the host personal computer through an interface of the contactless type;

- figure 3 is a detailed schematic diagram of a second mode of embodiment of the system in figure 1 communicating with the host personal computer through an interface of the contact type;

- figure 4 is a detailed schematic diagram of the system in figure 3 cooperating with a smart card, as the removable security token; and

- figure 5 is a block chronogram that shows the command signals from the removable security token to enable or disable the power supply to a peripheral device internal to the system in figure 4.

Description of two particular modes of embodiment:

As shown in figure 1 , a system 10 is connected through a host personal computer 12 and a communication network 14 to a server 16. In this patent document, the word "server" means an electronic device comprising means to process and check data and memorising means that can save at least one applicative computer program or application and is accessible from the outside.

Access from the system 10 to the server 16 enables the server to carry out processing that is specific to the application to run.

The server 16 is connected via a wired or wireless link 15 to the communication network 14 that may be public or private, Internet or Intranet.

It must be noted that the system 10 is an electronic transaction system, for example of the payment terminal type. As a system, it may take many forms.

For instance, it may consist in a dongle with a contactless communication interface, for example of the ISO 14 443 or Zigbee or USB (Universal Serial Bus) contactless type and/or equipped with a contact communication interface, for example of the USB type. The terminal 10 is connected to the personal computer 12 or PC through a wired or wireless link 11.

The PC 12 is connected to the communication network 14 through a wired or wireless link 13.

In an alternative embodiment, the terminal is connected to a mobile telephone or a personal digital assistant (or PDA), itself connected through a radiotelephone network to the server.

The terminal 10 has a keypad 17 and a display screen 18.

In a variant of embodiment (not illustrated), the terminal has a biometric reader instead of a keypad, to authenticate a user of the terminal, such as a buyer of a product or service offered through the communication network, such as the Internet. The terminal 10 may also be equipped with a printer to print out a

payment receipt. These elements are optional and are not represented, in order not to overload the drawings unnecessarily.

Further, the terminal 10 has at least one data media reader such as a reader for cards in the ISO 7816 format, a reader of cards of the SIM (Subscriber Identity Module) card type, a biometric reader such as a fingerprint reader, an eye iris reader and/or a face reader.

Optionally, the terminal 10 may have one or more connectors of one or more types, such as a USB (acronym of Universal Serial Bus) type connector, SD (acronym of Secure Digital) type connector or MMC (acronym of Multi Media Card) type connector.

Also optionally, the terminal 10 may have one or more proximity contactless communication interfaces of the radiofrequency type, for instance of the Bluetooth type, the NFC (acronym of Near Field Communication) type, the infrared or IR (acronym of Infra Red) type and/or one or more remote contactless communication interfaces, such as an antenna for accessing a GSM (acronym for Global System for Mobiles) network, a GPRS (acronym for General Packet Radio Service) network, a CDMA (acronym for Code Division Multiple Access) network or an equivalent network.

In this patent document, the phrase "secure system or device" means a system or device comprising at least one integrated element, and access to any integrated element or to the data exchanged between two integrated elements is particularly difficult or even impossible from the outside without leading to the destruction, disruption of working or malfunctioning of the device or system.

Three levels of security may thus be defined: - level 0: any standard PC, possibly connected to a communication network, which has not been the subject of a particular security measure, such as for instance a desktop or laptop PC;

- level 1 : a PC or network of several PCs specifically designed and/or prepared for carrying out some measures requiring access rights known to the authorised user or users. Access to processed data and/or data to be processed is restricted from the outside. Such PCs are not open to the

outside world and have no drives such as a CD or DVD drive that do not require access control. Such PCs may be located in controlled access sites, for example requiring access rights presented via a medium for identifying its holder; - level 2: a smart device or system, such as a data medium of the smart card type or an equivalent type, which is completely shut off from the outside world, and offers the highest level of security known to date. That consideration is valid from the start to the end of the life of the system or device. To achieve that aim, hardware and software steps are taken to design and/or prepare the smart device or system. In particular, one may mention physical and/or logical locks that strongly restrict unauthorised access to data that is processed or is to be processed by the smart device or system.

An environment with level 0 security does not make it possible to sign and/or verify processed data. Such an environment is an unsecured environment. An environment with level 1 security is not sufficiently secure to sign and/or verify processed data. The cryptographic keys required for the signature constitute excessively sensitive data. Such an environment does not thus make it possible to display and possibly edit and print the data to be signed and/or verified. Such an environment is an environment that may be trusted in part. An environment with level 2 security is specifically designed to process sensitive data, such as one or more cryptographic keys. In addition, such an environment is the subject of one or more security measures from the time it is designed to the end of its life. Such an environment is an environment that may be trusted fully. A secure terminal 10 is preferably considered to be a secure system. The terminal 10 is a device operating in a secure environment, particularly one that is physically enclosed in a housing and logically accessible with predetermined particular rights.

The terminal 10 may or may not comprise a smart data media reader. The smart medium constitutes a removable security token.

The system 10 cooperates with the removable security token, as explained in detail below, particularly in relation with figures 2 and 3.

The removable security token in itself constitutes a secure device such as a smart card or an equivalent data medium. The removable security token is an added element that is connected via an appropriate medium reader to the system 10.

The terminal 10 is used below, for instance, for a bankcard payment application, in relation with a particular application that is executed by the removable security token. Of course, it is clear however, that one or more other applications may be supported by the removable security token.

In particular, these may include:

- a data storage application;

- a healthcare application; - a data viewing application;

- a loyalty scheme application;

- an application for the payment and/or validation of a transport ticket; and/or

- an application for the management of at least one interface for communicating with the outside of the removable security token, and, possibly, the system with which the removable security token cooperates.

It must be noted that the application or applications supported by the removable security token may or may not require interaction with at least one peripheral device of the system 10, such as the keypad 17, the screen 18, and/or others that are not shown, such as for instance a receipt printer or a fingerprint sensor.

The removable security token, as an element added on to the system 10, is the central core of the system 10.

According to the invention, the removable security token is adapted for controlling and managing, at least in part, the power consumption of at least one peripheral device of the system 10.

In that way, the removable security token may enable or disable, totally or in part, the power supply of a peripheral device that is involved or not during the bankcard application that is executed.

The system 10 switches to a so-called power saving mode. Optionally, the PC 12 sends a control signal for the removable security token so that the removable security token switches to the power saving mode of the system 10, by disabling the power supply to at least one of the elements of the system 10.

The removable security token integrates and supports a resident application that manages the power consumed by all or part of the elements or peripheral devices that are part of the system 10 in addition to the bankcard payment application in the example described. The application that manages the power consumed is executed when the bankcard payment application is executed.

As the removable security token knows one or more of the tasks executed by it, the removable security token can authorise or, on the contrary, prohibit access to one or more internal and/or external sources of power by one or more of the peripheral devices involved.

In that way, the system 10 consumes less than if all its peripheral devices were powered, while at least some of them are not in use while the bankcard application is being executed.

As shown in figure 2, the secure terminal 10, as a system, comprises in a first mode of embodiment a keypad 17, a screen 18, a smart card 20, a power management device 22 and a chip 26 that manages contactless communication with the outside. The keypad 17, the screen 18, the smart card 20, the power management device 22 and the chip 26 that manages contactless communication with the outside, which is called the contactless chip, are connected to each other through a communication bus 24 internal to system 10.

The smart card 20, as a removable security token, is the central core of the system iO.

The removable security token preferably contains the elements that make it up within only one compact unit, in order to offer maximum security for the data processed by the removable security token.

The smart card 20 is incorporated in the system through an internal reader. The smart card 20 is for example in the SIM card format.

The smart card 20 mainly comprises a microcontroller that includes data processing and checking means, data storage means that include at least one memory of the non volatile type and possibly at least one memory of the volatile type and at least one input/output interface from/to the outside. The data processing and checking means include at least a logical processing unit, for example a microprocessor. Such means are active and enable the use of advanced functions, particularly the recognition of keys and/or cryptographic calculations.

One or more encoding and decoding programs, a PIN (Personal Identification Number) code and/or secrets are stored in the non volatile memory and are inaccessible from the outside of the smart card 20.

The encoding and decoding program or programs, the PIN code and/or the secrets make it possible to achieve level 2 security.

The non volatile memory or memories are of the ROM (acronym for Read Only Memory) type and/or the Flash type. The non volatile memory particularly stores an operating system that enables the functioning of the smart card 20. The non volatile memory also stores a program for saving the power consumed by one or more peripheral devices of the system 10.

The smart card 20 integrates one or more protective measures that limit access to the data in it. As a result, any intrusion into the smart card 20 is made difficult or even impossible. No malicious program can break into the smart card 20.

The smart card 20 is protected physically from the outside by one or more layers of electrically insulating material to prohibit physical access to the smart card 20.

Optionally, the smart card 20 also includes a crypto-processor to generate and save one or more private keys. As a result, the authentication and electronic signature of the data to reinforce the level of protection of the data are made possible. The system 10 is accessible from the outside through an external communication bus 28.

The external communication bus 28 is not secure, because it is open to the outside of the system 10 and thus accessible from an entity external to the system 10. On the other hand, the communication bus 24 is exclusively accessible from the smart card 20. The smart card 20 is adapted to control (a) the communication bus 24 that is internal to the system 10, and (b) the communication bus 28 that is external to the system 10.

The smart card 20 is connected, via the internal communication bus 24, to the power supply management device 22.

The smart card 20 further controls and manages, through the power supply management device 22, at least part of the power supply to the keypad 17, the screen 18 and/or the contactless chip 26.

The power supply management device 22 is connected to each power consuming element that is to be managed within the system 10. More precisely, the power supply management device 22 is connected, through a first connection

210 to the keypad 17, through a second connection 212 to the screen 18, and through a third connection 214 to the contactless chip 26.

It is clear that in the embodiment variants, one and/or more other peripheral devices are also controlled and managed as regards their power supply. In that case, such peripheral devices are also connected, through the power management device 22, to the smart card 20.

The smart card 20 manages an interface 11a for contactless communication with the environment outside the system 10, through the contactless chip 26. Advantageously, the smart card 20 cooperates with the power supply management device 22 to activate the power supply of each peripheral device

concerned. The power supply to a peripheral device is only activated when, in a first situation, the peripheral device is involved during the execution by the smart card 20 of the application or, in a second situation, the peripheral device is about to be used by a user of the system 10. In the second situation, use by a user who is about to use peripheral device is anticipated by appropriate detection by the involved peripheral device.

The smart card 20 preferably activates the power supply to each peripheral device only before it carries out a task.

In that way, the smart card 20 activates the power supply to the screen 18 only when data are to be displayed by the application executed by the smart card 20. Such activation takes place just before the involvement of the screen 18 in a task executed by the application. The smart card 20 activates the power supply to the keypad 17 only when the application to execute requires the entry of data on the keypad 17 by a user. The smart card 20 activates the power supply to the contactless chip 26 only when the application to execute requires contactless communication with the outside, either because that is required by the application or because entry within an electromagnetic field is detected in order to wake up the system 10.

Optionally, the system 10 includes a battery (not represented), which supplies at least two levels of voltage. The battery is connected, via the internal communication bus 24, to the device 22 that manages the power supply to each power consuming peripheral device such as the keypad 17, the screen 18 and/or the contactless chip 26.

Optionally, the system 10 includes a control system that reinitialises the system 10 externally, such as a pushbutton (not represented) or other system.

Optionally, the system 10 is connected to an external source of power through the external communication bus 28.

The contactless chip 26 is connected to an antenna (not represented) to exchange data via a radiofrequency link with the outside of the system 10. The contactless chip 26 is a chip that manages proximity contactless communication, and preferably a power saving chip.

The contactless chip 26 may for instance be a chip that manages proximity contactless communication of the Bluetooth, Wibree, Wifi, Zigbee, NFC (acronym of Near Field Communication) or infrared type and/or wireless USB type.

The system 10 is enclosed in a single housing. Only some peripheral devices such as the keypad 17 or the screen 18 are accessible from outside the system 10 by a user.

Here now is a description, in relation with figure 3, of a second mode of embodiment of the system 10, where the removable security token is not integrated into the system as in the first mode, but is an added element made up of a removable security token 31.

The system 10 comprises a keypad 17, the screen 18, a reader 30, a device 32 for managing power supply and a connector 310 of the contact type for exchanging data with the environment outside the system 10.

The system 10 is capable of receiving the removable security token 31 by means of the slot of reader 30.

The removable security token 31 constitutes a medium, such as a smart card. The removable security token 31 comprises a chip and a module 33 with contacts to access the chip. The chip, as a removable security token, comprises the same elements of intelligence as those explained for the smart card 20 of the first mode of embodiment. The removable security token is external to the system 10.

The reader 30 comprises contacts (not represented) that are opposite the contact module 33 of the removable security token 31 after it is inserted.

The reader 30 is adapted for exchanging data, first of all internally between the chip of the removable security token and one of the peripheral devices internal to the system 10, and secondly between the chip of the removable security token and the contactless chip 26, to communicate with the environment outside the system 10.

When the removable security token 31 is inserted, the chip of the removable security token is connected to each peripheral device, namely the keypad 17 and

the screen 18, which may be involved during the execution of the bankcard application.

The bankcard application is supported by the chip of the removable security token 31. Preferably, the bankcard application is executable through a server located within the removable security token 31. In that way, the application may be activated from a client outside the system 10, through a communication network of the contactless type, from a mobile telephone or a PC connected to that network. The removable security token 31 , once inserted, is connected through a communication bus 34 internal to the system 10, the keypad 17, the screen 18, the power supply management system 32.

The removable security token 31 has the driver required for the management of the signals of the communication bus 34 internal to system 10. The communication bus 34 internal to the system 10 is of the serial type, for example of a type known in itself.

It must be remembered that the internal communication bus 34 requires selecting the element or peripheral device of the system 10 before sending it data, of a type known in itself. It may be a bus of the SPI (acronym of Serial Peripheral Interface) type.

In an alternative embodiment (not represented), the internal communication bus is of the parallel type.

The communication bus 34 internal to the system comprises two communication lines between the removable security token 31 and the peripheral devices, one for the transmitted data and the other for a data transmission speed clock. The line for the transmitted data is called DA (for Data). The clock line is called CL (for Clock).

The removable security token 31 , once inserted, is connected through a communication bus 312 external to the system 10, and a USB connector 310 that constitutes a contact interface 11 b with the outside of the system 10.

If a USB connection is detected, the removable security token 31 multiplexes the control signals of the internal communication bus 34 with the allocations required by ISO 7816, for example PAD I/O signals and PAD VPP signals with the serial DA data and CL clock signals. When the removable security token 31 is not inserted, its functions of the

ISO 7816 type are accessible.

Optionally, the system 10 and the removable security token 31 are further accessible through at least one other contact and/or contactless (not represented) communication interface. The removable security token 31 is adapted to control and manage such another communication interface or other communication interfaces. In such a case, several interfaces are available for communication with the outside of system 10 and thus of the removable security token 31 , the removable security token 31 defines a communication interface with priority over the other co-existing communication interfaces. For example, if two communication interfaces coexist, and one is of the contact type and the other is of the contactless type, the priority communication interface is the contactless interface.

As shown in figure 4, the system 10 comprises a device 41 for selecting one or more power consuming elements, including the keyboard 17 and the screen 18 and a switching device 42.

The elements already described in relation with figure 3 have the same references.

The device 41 for selecting one or more power consuming elements out of the keypad 17 and the screen 18, and the switching device 42 make up the device 32 that manages the power supply in figure 3.

The removable security token 31 is connected, by means of a communication bus 34 internal to the system, to the device 41 that selects one or more power consuming elements from the keypad 17 and the screen 18.

The device 41 for selecting one or more power consuming elements from the keypad 17 and the screen 18 is controlled and driven by the removable security token 31.

The device 41 that selects one or more power consuming elements from the keypad 17 and the screen 18 is connected, via a first link @1 , to the switching device 42, via a second link @2, to the screen 18, and, via a third link @3, to the keypad 17. The selection device 41 makes it possible to select one power consuming element from all the power consuming elements.

The selection device 41 is a router 41 of a type known in itself. The router 41 selects an address relating to a recipient to send data to it, and routes data to the selected recipient. In a variant of embodiment, the selecting device 41 is a packet sniffer of a type known in itself, which is connected to and associated with one power consuming element, the consumption of which is to be reduced. It must be remembered that a packet sniffer is a type of device that eavesdrops on information transmitted and recovers the information that is of interest to it on the fly, when the information is not encrypted.

The router 41 is an address decoder and carries out the task of routing data. The router 41 manages three distinct addresses. The router 41 selects one first address @1 to address the switching device 42, a second address @2 to address the screen 18 and a third address @3 to address the keypad 17. The router 41 is connected, through the address @1 , with the switching device 42.

The router 41 makes it possible to transmit the control signals from the removable security token 31 to the switching device 42, to enable or disable the power to the screen 18, as a power consuming element. The switching device 42 is based on a transistor T.

The switching device 42 comprises two resistors R1 and R2 and a transistor T of the PNP type.

A base of the transistor T is connected to a first resistor R1 to router 41. The value of R1 is for instance 2.2 KOhm. A collector of the transistor T is connected to one of the two power supply terminals of the screen 18.

A second resistor R2 is connected, on one side, to the base of the transistor T and on the other side, to an emitter of the transistor T. The value of R2 is for instance 100 KOhm.

The emitter of the transistor T is connected to the power supply terminal of a power source.

The power source is external. The power source supplies two power terminals, namely one zero (in Volts) reference GND voltage terminal and one VBUS voltage terminal, for instance with a value of 5 Volts, to power all the elements of the system 10, through the USB connector 310. The zero reference GND voltage power terminal is connected to each element of the system 10, namely the keyboard 17, the screen 18, the removable security token 31 , the router 41 , and the transistor T of the communication device 42.

The collector of the transistor T is preferably connected, through two capacitors C1 and C2 to the zero reference GND voltage power terminal.

The emitter of the transistor T is preferably connected through two capacitors C3 and C4 to the zero reference GND voltage power terminal.

The task of capacitors C1 , C2, C3 and C4 is to decouple the power supply voltage to do away with interference on the supplied VBUS voltage signal. The value of C1 and C3 is, for example, 10 μF. The value of C2 and C4 is, for example, 100 nF.

The VBUS voltage power terminal is connected only to a part of the element or elements of the system 10, that is those for which the control and management of the power supply is not considered, such as the keypad 17, the removable security token 31 , the router 41 and the transistor T of the switching device 42.

The VBUS voltage power supply terminal is indirectly connected to part of the element or elements of the system 10, that is those for which the control and management of the power is supply is considered, for example the screen 18. The switching device 42 operates as follows:

- when the removable security token 31 selects the switching device 42 and sends a level 1 command signal, the transistor T is blocked. The screen 18 is not powered at one of its Vdd power terminals by the VBUS voltage.

- when the removable security token 31 select the switching device 42 and sends a level 0 control signal, the transistor T conducts, and the voltage at the emitter of the transistor T is transferred to the collector of the transistor T. The screen 18 is powered at its Vdd power terminal by the VBUS voltage. The base of the transistor T is at a stable voltage level of R1/(R1 +R2) of the VBUS voltage. In that way, at a time considered to be appropriate by the removable security token 31 , the removable security token 31 controls and manages the power to the screen 18 by enabling or disabling it. For instance, as long as the screen 18 is not to be used by the bankcard application executed by the removable security token 31 , the power to the screen 18 is put in sleep mode. As soon as the screen 18 is to be used by the bankcard application executed by the removable security token 31 , the power to the screen 18 is woken up.

The system 10 specific to the invention is simple to make and thus has a low cost, while offering reduced overall power consumption by the system and a high level of security for the processing of data by the system 10. In relation with the chronogram of the figure 5, a chronological example 50 of the VBUS power voltage signal, the DA data signal, the CL clock signal, the @1 addressing signal and at the Vdd power terminal of the screen 18 is represented.

The VBUS power signal, the DA data signal, the CL clock signal, the @1 addressing signal are controlled and managed by the removable security token 31 through the communication bus 34 internal to the system 10, to enable or disable the power voltage of the element or elements of the system 10 that are managed by the removable security token 31.

The time t is plotted as the abscissa. The low level at 0 and high level at 1 of the voltage for each signal represented is plotted as the ordinate.

The removable security token 31 controls and manages the voltage levels of the VBUS power signal, the DA data signal, the CL clock signal, the @1 addressing signal, in order to enable or disable the power voltage, for example at the Vdd power terminal of the screen 18. The different main events 51 to 55 that appear over time have been explained below.

Upon starting up, all the signals are at a low level.

First of all, the VBUS voltage signal switches to high at the first time t1.

At the second time t2, the removable security token 31 switches the DA data voltage signal to high.

Then, at a third time t3, the removable security token 31 switches the CL cock voltage signal to high.

At a fourth time t4, for example following the initialising or reinitialising of the system 10, the voltage signal at the Vdd power terminal switches to high. The screen 18 is then powered and can operate.

At a fifth time t5, the removable security token 31 switches the DA data voltage signal and the CL clock data signal to low, then switches them back to high at a sixth time t6, without having any effect on the Vdd power terminal of the screen 18. The screen 18 thus remains powered. Then, at a seventh time t7, the removable security token 31 switches simultaneously the DA data and CL clock voltage signals to low.

The switch 51 to low of the DA data voltage signal and the CL clock voltage signal leads, after a certain short duration that is mainly due to the internal transmission time, to the switching 52 of the @1 addressing signal from low to high.

Then, at an eighth time t8, the router 41 addresses the switching device 42 by changing its status. The base of the transistor T of the switching device 42 switches from low to high, controlling the switching of the transistor T from the conductive state to the blocked state.

The switch 52 of the @1 addressing signal from low to high leads, after a certain short duration that is mainly due to the internal transmission time, to the switching 53 of the voltage signal at the Vdd power terminal from high to low.

Then, at a ninth time t9, that switch 53 then disables the power to the screen 18. The screen 18 is no longer powered.

Then, at a tenth time t10, the removable security token 31 switches the DA data voltage signal and the CL clock voltage signal back to high.

The switch 54 back to high of the DA data voltage and the CL clock voltage signals leads, after a certain short duration that is mainly due to the internal transmission time, to the switching 55 of the @1 addressing signal from high to low.

The switch 55 of the @1 addressing signal from high to low leads, after a certain short duration that is mainly due to the internal transmission time, to the switching 56 of the voltage signal at the Vdd power terminal from low to high. At a twelfth time t12, such a switch 56 re-enables the power to the screen

18 once again. Power is once again supplied to the screen 18.

During a sleep period that is equal to the time interval t9 to t12, the screen 18 is no longer powered and does not consume power, thereby reducing the overall consumption by the system 10. The system 10 is then in the "power saving" mode.

Only the removable security token 31 and the router 41 consume energy when asleep.

The keypad 17 consumes power only when it is used by the user of the system 10.