Abstract: Method and apparatus for securely transporting data onto an IC card. The method is used, for example, to transport data, including application programs, in a secure manner from a source located outside the IC card. At least a portion of the data is encrypted using the public key of a public/secret key pair of the intended IC card unit. The encrypted data is then sent to the IC card and the IC card verifies the key transformation unit using its unique secret key. The data can then be stored on the IC card. A copy of the public key signed by a certification authority can be used to verify that the card is authorized to be part of the overall authorized system.

Abstract: A multi-application IC card which processes two or more applications using an Application Abstract Machine architecture. The AAM architecture only allows one application to be executed at a time and allows for shared processing by performing a delegation function to a second application. A data space for each application is allocated when the application is selected to be executed. The data space includes a volatile and non-volatile region. The delegation function temporarily interrupts the execution of the first application, saves the temporary data of the first application, shares any data needed with the second application and the second application is executed until the delegated task is competed. The first application then retrieves the saved data and completes its execution. A delegator stack is used to keep track of the delegator's identity when multiple delegations occur. The AAM model allows for a high level of security while transferring data between applications.

Abstract: There is provided an integrated circuit card having an associated operating mode. The integrated circuit card includes: a microprocessor; a memory coupled to the microprocessor; data stored in the memory representative of the operating mode; an operating system stored in the memory for processing selected information in a first IC card format; a shell application stored in the memory for processing the selected information in a second IC card format; and means for routing the selected information to either the operating system or the shell application responsive to the operating mode. The selected information may be a command, such as a file access command.

Abstract: A microprocessor-based device having a memory unit and a processing unit operatively coupled to the memory unit. The memory unit has one or more risk parameters stored therein, and the processing unit is capable of performing real-time risk management analysis of transactions performed by the IC card using the risk parameters. Preferably, the microprocessor-based device is an IC card.

Abstract: A value transfer system for transferring value in transactions between electronic purses as electronic cash has a transaction failure recovery procedure whereby a pending log stores transaction messages after they are sent. On detection of an error an interface device (IFD) can issue a payment resume command to re-send the last transaction message and resume the transaction.

Abstract: A system for toll payment by electronic cash identifies an electronic purse and effects value transfer over a communication system without stopping the mobile (vehicle or person). Mobile identity MID is temporarily correlated with purse identity PID and one or another identity is erased on satisfactory or non-satisfactory completion of the transaction thereby allowing non-payers to be pursued while preserving the principle of anonymity.

Abstract: A value transfer system which allows value to be transferred between electronic purses comprises computer which controls the loading of purses with value and the redemption of value from purses, a special bulk purse or purses and a value meter securely linked thereto which registers the total net value issued to the bulk purse or purses. Draw-down of value and redemption of value transactions are effected with the bulk purses.

Abstract: A method of writing data to non-volatile memory such as electrically erasable programmable read only memory (EEPROM) in a smart card provides a write status region of EEPROM which is examined on each reset of the card. If the preceding write operation was unsuccessful, perhaps because of deliberate manipulation of the card, a recovery procedure is implemented. If recovery is successful, the card operation can be run. Otherwise the card is unusable.