The present invention relates to systems utilising programmable devices such as so-called 'smartcards', including systems which use such devices for financial transactions.

One such system is described in our published International Patent Application WO03/049056 entitled 'Smartcard System'. That system utilises files formatted in a web (internet) standard language for self-describing messages as the on-card file system and the card is also provided with means for running a script derived from the XML file - a script engine - so as to allow the file structure and commands to be modified.

The system described in the earlier application referred to above is a component- based architecture framework which interacts with ISO 7816 compliant smartcard applications. This architecture allows both new applications and existing applications to interact with information stored on a smartcard without any knowledge of how or where that information is sourced. The system uses a set of security policies and conditions to determine the access rights to the files and objects stored on the cards and modifies the behaviour of the system accordingly.

The file system, structure and content, the commands for accessing the file system and the security conditions associated with the files in the file system can all be described uniquely by means of a file formatted in extensible Markup Language ('XML1), a web standard for self-describing messages.

In the basic system described above, it was intended that the file system and security environment conditions would be created, future card applications built and modifications to existing applications made in a centralised 'backroom' using an appropriate configurator tool to generate the necessary Application Protocol Data Unit ('APDU') commands.

For complex multi-function smartcard schemes where the nature of the services the card facilitates could change frequently after the card is issued, the existing systems would burden the scheme operators and card issuers with centralised processes involving the recalling of cards so that software on the cards themselves or in terminals can be modified at pre designated terminals. This is somewhat inconvenient for cardholders, card issuers and scheme operators.

In accordance with the invention, there is provided a system, and a method for use in a system, comprising

• a programmable device carrying a file system and operating software enabling the on-device file system to interface with at least one off-device file and/or application; the structure and content of the file system, the commands to be used for accessing the file system and any security conditions associated therewith being defined by at least one file formatted in a web (internet) standard language for self -describing messages; the device including means for running a script derived from the said at least one file to modify structure and content of the file system, or the commands to be used for accessing the file system or any security conditions associated therewith • an interface device comprising means for upgrading the on-device file system by loading to the programmable device a script derived from at least one file formatted in a web (internet) standard language for self - describing messages so as to modify definitions of the structure and content of the on-device file system, or the commands to be used for accessing the file system or any security conditions associated therewith, and • a software tool for creating or modifying a file formatted in a web (internet) standard language for self -describing messages and defining the structure and content of a file system, the commands to be used for accessing the file system and any security conditions associated therewith, and • a secure software distribution means between the software tool and the interface device to provide secure distribution of the file formatted in web (internet) standard language for self-describing messages or any script or file derived therefrom; • the software tool including at least one input form accessible on-line over a computer network or the internet to allow the holder of a programmable device to input data to be used to modify definitions of the structure and content of the on-device file system, or the commands to be used for accessing the file system or any security conditions associated therewith.

Thus, the invention provides a degree of self-management of the card and terminal applications by the cardholders themselves.

An embodiment of the invention will now be described in detail, by way of example.

Based on the technology described in International Patent Application No WO03/049056, in which the card and terminal application behaviour is modelled in an XML document, the invention proposes that fragments of XML templates are accessed by the cardholder via web forms available at one or more websites available on the internet or other similar computer network. Thus, the form comprises a file or a portion of a file formatted in web (internet) standard language for self-describing messages, for example an XML document or template.

When the card software is to be modified, the cardholder logs into a web site using the smartcard previously issued to them under a scheme of the kind described in described in International Patent Application No WO03/049056 to verify or authenticate their identity and selects a form to complete. This form could be chosen with a view, for example, to registering with a medical specialist or to applying for school meals.

Undertaking an operation of this kind requires a change to the data stored on the cardholder's card and to the security policies to be enforced by it. For example, the right to access certain data might be enforced by a remote authentication from a third party using the key assigned to a professional role holder or service provider, eg. a medical specialist or a benefits officer. By completing the web form and selecting the name of the professional role holder, fragments of previously prepared XML documents are accessed by the card holder and specific data added. The resulting XML document, with the specific data added by the card holder through the medium of the web form, then goes through the rest of the application generation process described in International Patent Application No WO03/049056, fetching the appropriate key-material and preparing a secure script to download to the card holder's card when the card holder next interacts with one of the scheme's interface devices.

The system may then also distribute the terminal or interface component of the XML to a predefined terminal base relevant to the specific service to be provided by the professional role holder, for example, a message might also be sent to a selected medical specialist's terminal to interoperate with that terminal so that it will provide the newly required service to the card holder as requested when the web form was completed.