Patent 312794

<!-- -*-HTML-*- -->
<dtml-var standard_html_header>

<H1>Patent 312794</H1>

<P>
<A href="patent-stor"><img src="patent-liten" border=2
align=right></A>
Let it be known that His Royal Highness, the King of Norway, by means
of his delegation of power to the his Honorable Minister of Justice,
by his delegation of power to the Director of Patentstyret, has
awarded me Patent No. 312794: "Sikkert kort med kommunikasjonskanal
til brukeren".
</P>

<P>
As I am sure you are aware, a patent is a "deal" between the holder of
a novel device (invention), and the ruler of the land.
The Ruler argues as follows: It is good for the economy of my land if
as many new machines, and other inventions as possible are made
available.
Hence, I will offer inventors a deal.
If they make their idea public, I'll will grant them an exclusive
right to utilize the idea for 20 years (for example).
In this manner, the inventor has protection against others, but the
prize to pay is that he must make his idea public.
From this it is obvious why a "world-wide patent" doesn't exist.
<br>
Note: I am not a lawyer!
</P>

<P>
What the patent itself looks like can be seen on the right (if you
click on the image you will get a (very!) large (for the technicly
inclined: 200dpi) version.
</P>

<P>
Very briefly, the patent observes that it is very hard to make a good,
digital signature on some data with the help of a smart card.
The problem is the setting: The user inserts his card into a reader,
which is connected to the machine that holds the data that is to be
signed.
The data itself (or a transformation thereof, such as a digital hash)
is transfered to the card, which signs it with some sicret key stored
inside the card.
The problem is that the user himself has no means to control what is
actually given to the card to be siged.
Or, in other words, the entity that controls the reader decides what
the user is to sign: This is not the understanding the user have of
the secuirty model supported by the "higly secure smart cards".
<br>
Furthermore: when smart cards are used for authentication, the PIN has
to be given to some equipment and then subsequently to the card.
However, this means that the one who controls the equipment can steal
the PIN.
Whether the PIN can be used to steal something depends on the
protocols in play.
<br>
The patent discusses these problems, and offer a solution.
</P>

<P>
Notice that for a patent to be granted, the Patentstyret must be
convinced that the idea is new, that is has "real" applications, and
that it can be realized.
Or, in other words, Patentstyret believes that my idea can be applied,
and that it can be manufactured.
</P>

<P>
We <strong>could</strong> imagine that a smart card had a (small)
keyboard and a (small) screen on one side, and in this way making
communication between the user and the card possible.
In particluar, before signing some data, the data could be displayed
so that the user could be certain that the correct data will be
signed.
<br>
However, there is a big problem: The cards are designed to be
<strong>inserted</strong> into the reader.
Stop for a moment to recall what a smart card looks like: It has the
electrical contacts about 3/4 down on one side, and the card must be
firmly inserted in the reader for the contacts to be reachable.
This fact leaves very little, if any, space for the keyboard and
screen.
Also, when a card is inserted into a slot in the reader, there is no
support beneath the card, making a keyboard difficult to envision: the
card will bend if you try to press a key on the front.
Now, there are several ways to ment this.
We could, for example, envision a card with <strong>tiny</strong>
keyboard and screen on the lower part of the card, and a reader where
you slide the card in.
This is possible, but I believe the keyboard and screen would be too
small to be useful.
<br clear="right">
</P>

<P>
A different aspect, no less important, is that of compatability.
What we call smart cards are in fact standarized.
All mechanical aspects, such as size, stiffness and heat resitance,
are specified by ISO/IEC 7810; these are (more or less) the same as
the good old magnetic-stripe cards.
The electical aspects (such as placement of the points of contact, and
the protocols) are specified in ISO/IEC 7816.
It is hard to overestimate the impact of these standards: Just finding
a wallet that can hold cards of a different size is close to
impossible.
</P>

<P>
The challenge, then, is to design an implementation of the smartcard
that has the following properties:
<ul>
<li>Follow, as far as possible, the standard.</li>
<li>Embed a keyboard and a screen, as big as possible.</li>
<li>Ensure that the new card can be used in "old" readers.</li>
<li>Design a reader that will accept both the new (with keyboard) and
old cards</li>
</ul>
</P>

<P>
The main issue is by far the one of compatability.
After all, a PDA with a smart card embedded in it (for example a
mobile phone) would satisfy all our demands.
The PDA has a proper display, and a processor capable of dealing with
non-trivial protocols.
However, have you used any such solution lately?
<br>
Nor have I.
There are two reasons: The issuers (VISA, AmEx, Diners) have no
incentive to give their business to the carriers, and
standardisation.
What we need is the well proven consept of backward compatability.
</P>

<P>
<A href="kort.pdf"><img src="kort" border=2 align=right></A>
My idea is that a smartcard can be split in two.
The first half, called the smallest part, is a smartcard such as we
know them today.
In particular, it has the form factor of the smart cards.
This smalles part is connetced to the largest part of the card through
a hinge.
The result can be seen on the figure on the right of this paragraph.
If you click on the image, you will get a better look.
The numbers are as follows:
<ol>
<li>The hinge</li>
<li>The smallest part of the card.  The processor is embedded
here.</li>
<li>Teh electricalk contacts, as specified by the standard.</li>
</ol>
Please look at the drawing and consider the following crucial claim:
In this drawing, the hinge is placed in the middle of the card.
If the hinge is placed all the way to the end (to the left on the
drawing), the smalles part and the largest part becomes equally long.
And, the smallest part becomes identical to a smart card!
</P>

<P>
Let me digress to satisfy the technically inclined.
The drawing has been made in MetaPost.
I am sure you appreciate the manner in which the text on the screen
and on the keys are proper letters (in a proper font) which has been
projected correctly.
I am also sure you will appreciate that this is also the case with the
electical contacts.
'nuf said
</P>

<P>
Now there are a few things of interest:
<ul>
<li>The new card can be used in almost all old readers.
These old readers are used by first "opening" the card and then
inserting the smallest part into the reader.
Only those that "swallow" the card can not be used.
These are a minority (almost exclusively used by ATMs in banks).</li>
<li>A new reader can now be designed where the card rests horisontally
on the reder while the smallest part is fully inserted (and the reader
has access to the electrical contacts).</li>
</ul>

<P>
The text itself is <a href="patent.pdf">here</A>; notice that because
this is a Norwegian Patent it is obviolusly written in Norwegian.
The patent is "self contained" and you need not know anything about
security or smartcards to enjoy it.
<br clear="right">
</P>

<P>
The crucial question remains: Will this idea have an impact (and make
me soaking rich)?<br>
I believe the answer is no.
</P>

<dtml-var standard_html_footer>