WO2007010333A1 - Module de securite hote utilisant une serie de cartes intelligentes - Google Patents

Module de securite hote utilisant une serie de cartes intelligentes Download PDF

Info

Publication number
WO2007010333A1
WO2007010333A1 PCT/IB2005/052438 IB2005052438W WO2007010333A1 WO 2007010333 A1 WO2007010333 A1 WO 2007010333A1 IB 2005052438 W IB2005052438 W IB 2005052438W WO 2007010333 A1 WO2007010333 A1 WO 2007010333A1
Authority
WO
WIPO (PCT)
Prior art keywords
hsm
security
smartcards
secure
collection
Prior art date
Application number
PCT/IB2005/052438
Other languages
English (en)
Inventor
Hani Girgis
Nader Iskander
Original Assignee
Hani Girgis
Nader Iskander
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hani Girgis, Nader Iskander filed Critical Hani Girgis
Priority to PCT/IB2005/052438 priority Critical patent/WO2007010333A1/fr
Publication of WO2007010333A1 publication Critical patent/WO2007010333A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/77Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Definitions

  • HSM Host Security Module, which is a security equipment that enforces the critical security processes of a host computer. Relying on HSMs protects the system from server-side attacks. Server-side attacks are usually insider attacks, i.e. attacks from employees that work on the system such as system administrators, developers...etc. HSMs today are used primarily in military such as in nuclear command and control and in card payments, especially in PIN based card payment networks.
  • the HSM is usually made of a computer inside a physically secure enclosure, i.e. tamper-resistant or tamper-evident or tamper-proof or the like...
  • An HSM acts as a peripheral device to the host computer. See Figure 2 in the drawings section.
  • the host sends a command to the HSM through for example the serial port or Ethernet and receives a response back from the HSM.
  • the HSM technology is primarily used for military and card payments to ensure system security, but it can also be used for other fields to secure the server side operations, like for example the authentcation and authorization of clients.
  • HSMs radically prevent attacks on the server-side, especailly the insider- attacks. No developer or administrator can attack a system that relies on HSMs.
  • HSMs provide military-grade security, i.e. security equivalent to having a computer system inside a physically secure room made of very thick concrete walls and thick iron door with multiple strong locks that are under the control of multiple security officers, which are generally between two to twelve security officers but in most implementations they are three or four.
  • the HSM technology was a breakthrough because it brought equivalent security to military-grade physically secure rooms that cost a few million dollars with just a physically secure prephiral equipment, i.e. the HSM which costs a few tens of thousands of dollars. It is a two orders of magnitude cost reduction, i.e. hundred times less cost.
  • HSMs are based on the split-control concept where more than one security officer, usually three to twelve security officers, need to agree in order to perform an operation that may involve security hazards. Each security officer proves his identity to the HSM through at least two-factor authentcation, usually a physical key or a smartcard and a PIN.
  • a security hole can not happen unless all the security officers cooperate and agree to make such a security breach.
  • HSMs are equivalent to a computer inside a physically secure safe. Having levels of critial operations is like having a critical safe inside another bigger safe; the inner safe requires further keys and secrets to open.
  • HSMs are field specific, i.e. there is an HSM for card payments, an HSM for 3D Secure, an HSM for nuclear command and control... etc.
  • HSM is in use, the security of the host computers cannot affect the security of the system.
  • AU the developers of the host computer and all the administrators of the host computer cannot break the security, because the operands of the operations that the HSM performs are encrypted under keys known only by the HSM and other HSMs or other tamper resistant security modules in the system, like for example PIN pads which are also physically secure.
  • the operations that an HSM performs are critical operations related to the field in which it is used for, they are not the generic encrypt or decrypt commands. These operations are usually implemented as firmware in the HSM.
  • the firmware of the HSM is not changeable during the normal field operation of the HSM.
  • the main feature that distinguishes an HSM from a hardware cryptographic accelerator or a PKCS#11 device is that the HSM has business logic that executes inside the secure enclosure, while cryptographic devices simply does generic cryptographic operations.
  • Cryptographic devices protects the secret keys inside it, but HSMs does more than protecting the keys; HSMs protect the critical operations and critical data, by making the critical data encrypted under its local keys and having all the operations that are needed for processing the critical data implemented as firmware inside the HSM. So, the critical data never needs to be clear outside the HSM.
  • the HSM is not a big database for data or keys.
  • the HSM rely on protecting only a small set of keys inside it, called the local master keys, while keeping all the other keys and critical data, which need protection, in encrypted form outside the HSM. They are usually kept encrypted under the local master keys, so only the HSM can decrypt these keys and critical pieces of data. So, the only keys that the HSM stores inside it are the local master keys, by which it can decrypt the data and the other keys and perform the needed operations inside the HSM itself.
  • the clear data is never clear or available to the host computer.
  • the HSM never brings back the clear data to the host computer.
  • the HSM does the processing on the critical data inside it; this is why the HSM is field specific, because each field deals with different set of data and requires specific operations.
  • a backup copy of the HSM local master keys are stored on the officers' keys, which can be smartcards or whatever crypto device; they are stored in split form, i.e. no single officer has the complete local master keys; all the security officers must agree together to form the full local-master-keys inside a new HSM device. This process is needed for both replacing an old HSM with a new one, and in case of an HSM lost its local keys due to theft prevention counter measures or physical shocks. It is important to note that neither local master keys nor its components are ever in clear outside an HSM, because the local master keys are the most critical thing for an institution that relies on the HSM.
  • HSMs operate in online transaction processing mode, where it receives commands and replies with responses to the host; security officers need not to intervene during this time. This is the most common use of the HSM.
  • Host Security Modules need to have high throughput that is usually measured in Transactions Per Second, TPS, which is the number of transactions that the HSM can process in one second.
  • TPS Transactions Per Second
  • an HSM processes between IOTPS to a few hundered transactions per second depending on whether the HSM is an entry-level HSM or a high-end HSM.
  • HSMs normally operate in online transaction processing environments, where the host computer sends commands to the HSM and receives a reply back.
  • the critical parameters of these commands are generated by other tamper resistant security modules, so even the host cannot decrypt it or tamper with it.
  • Interaction with the security officers is usually an occasional task, like for example, creation of a new key agreement that need to be made or a critical batch task need to be performed; but the normal operation is usually online transaction processing from the host without the need for the intervention of security officer.
  • HSMs are also used for secure printing of secrets, keys and PINs. It is extremely important to note that an HSM is not a mere cryptographic device in a physically secure enclosure. An HSM provides a much higher security logic than a cryptographic device or token. An HSM executes the secure business logic inside its physically secure enclosure, but a cryptographic device executes only the cryptographic operations inside its physically secure enclosure.
  • An HSM protects the keys, processes and ensures data security. But a cryptographic device protects only the keys.
  • the HSM does not assume that the host system is trusted in any way. While in an environment where a normal cryptographic device is used, the host system must be trusted for th data, because the host will have access to the clear data. But systems that rely on HSMs, the data is in clear form only inside the HSM.
  • a person skilled in the art of HSMs understandands that the HSM provide true military grade security service to a system and that any attack on the host computer cannot break the security of the system, because the critical data is never in clear outside the HSM. It is the HSM that does the processing, i.e. the business logic, of the critical data. This processing can be done inside the HSM only, so the host has no way to break the security of the system; as a result, the attacks on the server side are eliminated.
  • an HSM is not a mere hardware cryptographic accelerator.
  • An HSM provides security service, while a hardware cryptographic device provides just cryptographic services.
  • a Host Security Module is a very different product than a hardware cryptographic device for acceleration of cryptographic operations and protecting keys. Also the pricing is very different. Only very few companies produce Host Security Modules, but hardware cryptograhpic devices like SSL accelerators and PKCS#11 devices are commodity products.
  • An HSM implements business logic related to a certian field, like card payments for example, inside it.
  • a cryptographic device provide general purpose cryptographic operations like encrypt, decrypt, sign...etc.
  • HSMs provide only high-level operations related to the field inwhich it is made for, e.g. card payments or nuclear command and control... etc.
  • Host Security Modules must have means for interaction with security officers in a sufficiently secure way
  • a Host Security Module usually secures a host that is part of a bigger system that also relies on other HSMs and/or Tamper Resistant Security Modules, TRSMs.
  • TRSMs Tamper Resistant Security Modules
  • the system can be composed of other terminals that has TRSMs in it, like secure PBSf pads, in addition to other hosts that rely on other HSMs. See Figure 3.
  • the HSM is a TRSM suitable for host systems. But not every TRSM is an HSM.
  • An HSM can directly communicate with other devices, like secure printers for printing secure PIN mailers and other critical secrets, or smartcard personalization devices, or terminal key injectors...etc. This communication does not happen through the host, it is rather communicated directly in a secure way with the HSM.
  • a console which can either be a dummy console, i.e. a screen and a keyboard, or a secure console like for example a physically secure PIN pad device with screen and keypad
  • smart cards are used as the security module of low-throughput transaction systems, like a transaction terminal such as an ATM machine, or a POS terminal or a PIN pad.
  • the smartcard is embedded in the ATM machine or POS terminal, for adding security to it, but not to the host. They are usually called a SAM, i.e. Security Access Module.
  • the HSM technology is a great technology for securing the server side of computer systems against numerous attacks, especially internal attacks from developers and administrators on the host systems or server computers. But until today, it is used in very limited domains, like nuclear command and control, card payments and lately in the server side of 3D Secure systems; 3D Secure is a method introduced by Visa for securing Internet credit-card transactions. In systems where HSMs are used, no employee can ever break the security of the system. Only the security officers must all agree in order to make security-critical operations.
  • HSMs are expensive, but primarily because the use of HSMs is standardized only for critical fields like card payments, but for the web-applications field, the HSMs are not even heard of because they are too expensive for that domain.
  • the vendors of the web application servers technologies like .NET and Java 2 Enterprise Edition are not adapted to use the HSM technology; they are not even aware of the HSM technology, because the HSM technology is too expensive for the e-business domain.
  • the HSM is not a general purpose cryptographic facility.
  • the HSM executes critical business logic related to a specific field inside the HSM.
  • the HSM provide security service, which is far much more than mere cryptography, but a cryptographic accelerator provides only cryptographic service.
  • cryptographic accelerators are very common, like SSL accelerators and hardware cryptographic service providers, but these are not HSMs. When HSMs would enter these fields, they would add military-grade security to those fields, by ensuring that only certified secure business processes, not just cryptography, to execute inside the military-grade physically secure environment of the HSM, under the split- control of the security officers.
  • Hardware costs the HSM is made of a computer inside a physically secure enclosure. This physically secure enclosure costs a lot and hence causes the cost of the HSM to be high.
  • HSMs are usually a bottle-neck to throughput. If slightly more throughput is needed, there is no way other than adding another HSM to the system or replacing the existing HSM with a new high-speed one. In both cases, another big expense is made. Because even the low-end HSMs are expensive.
  • HSMs have business logic inside it that is implemented on the firmware. This firmware logic is usually implemented by the HSM manufacturer. If the institution owning the HSM has a new operation or a customization that it wants to add to the HSM internal operations, then it will have to go to the manufacturer to custom develop it; which is usually a very expensive and time consuming task. Some HSM manufacturers in fact made available for their customers the development kit for writing the HSM code, but still these development kits are very expensive and require at least one spare HSM for development; they are also written in low-level programming languages like assembly and C. Also a lot of custom security logic is needed by those HSMs to ensure that only authorized code can be loaded on it; otherwise developers can write malicious code and load it on real HSMs that are used for life operation and hence break the security.
  • the security module smartcard software which is the software that implements the HSM business logic on each smartcard of the collection
  • the communication handler software which is computer software that facilitates communication with the smartcards, because the smartcards cannot communicate with multiple devices directly due to its limited interface.
  • the communication handler software also load-balances the operations on the smartcards.
  • a computer able to communicate with these smartcards, running with the communication handler software
  • the communication handler software can reside on any computer that is not necessarily secure. From the security point of view, this communication handler software is exactly like the cable between the host computer and the traditional HSM. Tapping the cable between the HSM and the host computer does not affect security, because no critical-data is sent in clear over this line at all; Any person skilled in the art of the HSM technology knows that attacking the whole host computer, not just the communication cable between the host and the HSM, cannot break the security of the system in any way; this is because the critical processes and data are protected inside the HSM. This is the main essence behind the prior-art HSM technology, which is preserving security while not assuming the host computer to be secure in any way.
  • the host sends the command to the communication handler as if he is sending it to a traditional HSM.
  • the communication handler selects an idle security module smartcard, i.e. one of the smartcards in the collection, and sends the command to it to be processed and the reply is sent back to the host through the communication handler.
  • the communication handler supports multiple concurrent host computers to connect in parallel to this inventive HSM, and can dispatch multiple commands to the idle smartcards in the collection in parallel and brings the reply back to the corresponding host.
  • the smartcard or token of the security officer or the smartcard reader of the security officer must have a key agreement with all the HSM's smartcards, which can be based on public key cryptography or pre-injected symmetric keys, both are very practical.
  • the secure communication protocol must ensure both confidentiality and integrity, through encryption and MACing or digital signature enveloping or any other protocol that ensure condifentiality and integrity, because the clear local master key components will be transferred over this channel.
  • the smartcard or token of the security officer must have secure access to the identities of the smartcards in the collection. This can either happen by keeping the list of the ID's of the HSM's smartcards collection inside the smartcard or token of each security officer or keeping a digitally signed copy of this list.
  • the other authentication factors can either be provided directly to the smartcard on the reader itself, or have a key agreement between the reader of that authentication factor and the HSM, as was done in the case of the "something that you have” factor.
  • the PIN of the security officer can be the PIN of the smartcard of the security officer and can be provided directly on the smartcard reader of the security officer with an integrated PIN pad, or a separate PIN pad with a key agreement with the HSM.
  • the console can either be a personal computer that is assumed to be secure.
  • One way of doing this is using the inventive idea in our previous patent application: SECURE PIN ENTRY USING PERSONAL COMPUTER: PCT/ IB2004/050628, through the idea of booting the computer that will host the console applicatoin, which can be the same as the communication handler software, from a secure bootable source. This is a low-cost alternative to a dedicated secure PIN entry device.
  • the communication with the host is not so critical with regards to security, and does not essentially need key agreement or encryption, because the critical pieces of data exchanged with the host is already encrypted; only the HSM, i.e. any of the security module smartcards in the collection can understand and use it.
  • HSMs of the current invention are easily programmable and more secure than traditional HSMs, because smartcards programming environments are currently very well established, like Global Platform for secure loading of smartcards appliations and the JavaCard technology and even the .NET smartcards technology. They are much well established and easier and far much cheaper to develop software for it.
  • HSM and have it signed by the security officers and loaded on all the smartcards, through the communication handler software.
  • the code can be normal smartcard code or scripts interpretable by an engine in the security module software that is already on every smartcard in the HSM collection.
  • the physically secure enclosure that encapsulates the traditional HSM represents the most significant portion of the hardware cost of an HSM.
  • the cost of the physically secure enclosure is directly proportional to the dimension of the volume being secured; in other words it is proportional to surface area of the volume being secured; this is because of the cost of the material and manufacturing process required to achieve this physical security.
  • HSMs are already produced in millions for use in other industries; using smartcards brings mass production benefits to the HSM industry that the HSM industry itself did not create. HSMs are usually produced in very small quantities compared to smartcards, because the market for HSMs is considered much smaller than smartcards.
  • the communications handler can run on very low-cost non-secure computers; it can even work without a dedicated computer altogether. For example it can run as an auxiliary process on the host computer itself.
  • Using modern smartcards like USB smartcards, iButton smartcards, SD-Memory smartcards, smartcard-like tokens, high-speed smartcards...etc rather than the old traditional smartcards brings other further cost reductions to the hardware of this inventive HSM:
  • Modern smartcards utilize advanced cryptographic processors with extremely optimized architectures for cryptographic operations. So, even at a very low clock-rate the cryptographic operations would execute in much less time than on a normal processor running at a much higher clock-rate.
  • the 'security module' application that runs on the smartcard is usually a cryptographic operations intensive application, hence having it run on a smartcard with a good cryptographic processor results in a much higher performance; sometimes even higher performance than executing it on normal processor running at a much higher clock rate. This directly affects the throughput of the smartcard and consequently less number of smartcards is needed in order to achieve a certain total throughput of this inventive HSM.
  • Smartcards platforms like JavaCard on Global Platform are usually considered very secure and already acquire the highest level of security certifications, like FIPS-140 level 3 or higher and Common Criteria CAL 5+ and is already accepted as the most secure security element by military, governments and the wholesale and retail financial industry, i.e. ANSI X9.9 and ANSI X9.24
  • the communication handler can run on normal computers, hence the cost of developing it is much lower than writing software for a special dedicated computer, like in the case of traditional HSMs. Also, customizing and enahancing it is very easy and does not introduce any security hazards.
  • One excellent benefit of this flexibility is that the HSM can support a wide variety of communications and messaging protocols for the communication with the host; the communication controller software can do this translation without any security hazard.
  • the cost of the physical enclosure the physically secure enclosure constitutes a very considerable part of the cost of an HSM.
  • the cost of this expensive enclosure is proportional to the spacial dimensions of the HSM.
  • the actual silicon of the processor, EEPROM and RAM is actually very small, then manufacturing tiny HSMs brings dramatic cost reduction.
  • HSMs today use normal processors with lots of ceramics for the pinouts, boards, fans, memory chips with lots of ceramics, pinouts and boards. If only the silicon is tied together and be put in a very small physically secure enclosure then the cost of the physically secure enclosure will be very cheap because it is very small, hence the HSM cost will be dramatically cheaper.
  • smartcard is not necessarily a credit-card shaped or SEVI-sized smartcard, it can be any programmable security token that is nomally intended for mass-production for use for client-side security or terminal security rather than server-side security.
  • e-Gate USB smartcards the iButton from dallas semiconductors, SD Memory with embedded smartcards...etc.
  • the key point is that these tiny crypto devices are already certified for high-security like FIPS and common criteria, and are physically secure, i.e.
  • tamper- ⁇ proof or tamper-evident or so and the most important thing is that they are already manufactured in mass production for use in other industries, like client authentication or client or terminal security like in SAM cards of POS terminals.
  • This invention makes a collection of these tiny devices, i.e. the smartcards or the like, to function as a true reliable, full-fledged HSM, for securing host computer systems, i.e the server side.
  • Figure 1 The Invention: 'HSM using a collection of smartcards' and a communication handler.
  • FIG. 2 (prior art) a typical deployment of an HSM: An HSM connected as a peripheral to a host.
  • the typical HSM which is basically an equipment with physically secure enclosure, where critical processes that are burnt inside the HSM as firmware execute inside it.
  • the host connects to the HSM through TCP/IP or serial port or SNA or any other communication protocol.
  • Some HSMs support more than one communication protocol for the host to connect to it.
  • the "other device” can be any other critical equipment that the HSM is designed to directly interact with.
  • a key injection device that injects keys in secure PIN pads that are used in POS terminals.
  • a smartcard personalization machine is another example, and it can even be a an actuator that would start a nuclear reactor.
  • the printer is usually either a dot-matrix printer without a ribbon and uses special carbonated PIN mailer paper for secure printing of PINs, keys and other secrets, OR a laser printer with a secure DBVIM that has key agreement with the HSM.
  • the Secure DEvIM technology is a secure printing technology that is available in the market today through multiple vendors.
  • the console is like the printer, there are two options, either a dummy console with no processing in it, so there is no fear that it would capture the critical key components and security officer "something that you know" factor that are entered on it, OR a secure PIN pad used as a secure console, where the data between this secure console and the HSM is encrypted through special key agreement.
  • the security officer's device is usually a smartcard, that authenticates the security officer to the HSM, and also carries a component of the local master key. AU the security officers must agree together to load their components on a certian HSM, so that the HSM would be loaded with the complete local master keys. No single security officer has the complete local master keys. Usually, the security officers authenticate themselves to the HSM, one after the other, not in the same instance, so the HSM would normally have a single smartcard reader in its physically secure enclosure.
  • Figure 3 (prior art) a sample system that relies on HSMs: a card payments network.
  • a customer would enter his confidential PIN on the secure PIN entry device; the secure PIN entry device would encrypt the PIN using the key which the acquirer bank injected in it; the ATM terminal would send the encrypted PIN along with the requrested operation to the host computer of the acquirer bank; the host computer will discover from the card number, that this cardholder is an international visa customer, not his customer, so he forwards the transaction to the inter-bank switch, but with the PIN encrypted under the key between the acquirer host and the inter-bank switch; now the inter-bank switch, i.e.
  • Figure 4 (prior art) a normal HSM: 'based on physically secure enclosure'
  • FIG. 5 (prior art) Part A of the diagram shows a SIM-sized USB-enabled smartcard having the 'security module' application installed in it. Part B of the diagram shows a connector that enables the USB-smartcard to have a USB connector; this connector usually does not have any electronic circuits in it. Part C shows a USB SIM- sized smartcard inserted in the connector.
  • Figure 6 Best Mode: the collection can be up to about 120 USB 'Security Module 1 smartcards. Because the USB standard has a limit of up to 127 USB devices connected to a single computer. The host computer runs its normal processes in addition to the 'communication handler' without any fear of security problems, as clarified earlier.
  • the laser printer with Secure DIMM is a known way for making a key agreement between a computer and the printer's memory to have all the communication between them to be encrypted, in the case of this invention, the key agreement is between the 'security module' and the printer.
  • tamper-evident secure PIN mailer paper which gets folded and closed securely inside the printer.
  • Hydalam laser printable secure paper Another example of commercial tamper-evident secure paper is the Hydalam laser printable secure paper.
  • the security officers' smartcards usually they do not need to be all inserted in the HSM at the same time; the security officers use their smartcards to do critical operations like loading the local master keys or changing a critical setting in the HSM or starting a critical command like printing a batch of PINs on secure PIN mailer paper or setting a key agreement with another institution. Less critical operations does not require all the officers to be present, just two are usually enough, while high-critical operations require all the security officers to be present and authenticate themselves to the HSM.
  • 'security module' application which is an HSM firmware adapted to run inside a smartcard and has secure key agreement with the secure console and with the security officers' devices.
  • Each smartcard in the collection will have the 'security module' application installed on it.
  • the initial Key agreement between each smartcard having the 'security module 1 application and the secure PIN pad and the officers' devices can be based on public key cryptography or initial pre-injected symmetric keys.
  • the PIN pad would display the ID of the 'security module' that is handling the communication with it, based on the certificate of the 'security module'.
  • FIG. 8 (Best Mode continued)
  • Each security officer's device can be a smartcard loaded with a 'security officer' smartcard application that is able to authenticate the 'security module' smartcard being communicated with, and add/remove 'security module' smartcards from the collection that represents the HSM; in addition to the standard operations done by security officers' devices, like for example keeping a component of the local master keys; other functions are not shown in figure.
  • Part (A) in the diagram shows the main blocks of the 'security officer' application: which is a smartcard application that runs on the smartcard of the security officer.
  • Part (B) represents the list that contains the ID's of the 'security module 1 smartcards in the collection that forms the HSM, should be digitally signed by all the main security officers, who have local master key components. This list prevents fraudulent smartcards to be placed in the collection and also enables the 'security module' smartcards to do initial self-check that all the smartcards in the collection are present.
  • Figure 9 Invention mode:
  • 1. is an i-Button or USB smartcard or the like, in a collection spanning from 1 to n.
  • Communication port for host, printer or other devices this can be an Ethernet adapter, or a collection of serial or parallel ports or any other communication port with no special security requirement
  • This embedded computer needs not to have a physically secure enclosure, because the smartcards inside it are already tamper-proof and all the critical processes are done only inside it and there is no way to fake or bypass it.
  • the HSM vendor brings a number of smartcards that should be securely loaded with the "security module" application, from a smartcard vendor. He will also receive the keys for secure loading of applications on the cards in a secure way and have these secure keys accessible to his secure smartcards personalization system. Exactly, like what is done in for example the personalization of EMV smartcards.
  • the personalization involves ensuring a unique ID for every smartcard, and signing a digital certificate for each smartcard using the private key of the secure personalization system, i.e. the vendor's private key. That's in addition to having the public of the personalization system stored securely in each card, to ensure that the card can securely authenticate other cards and devices whose certificates are signed by the secure personalization system or any subkey thereof.
  • the vendor also personalizes another much smaller number of smartcards to be used as "security officer” keys, i.e. security officer devices. This is done by securely loading them with the "security officer” application
  • the personalization of the "security officer” cards involves ensuring a unique ID for every smartcard, and signing a digital certificate for each of them using the private key of the secure personalization system; exactly like what was done with the "security module” cards. That's in addition to having the public of the personalization system stored securely in each card, to ensure that the card can securely authenticate other cards and devices whose certificates are signed by the secure personalization system or any subkey thereof.
  • the vendor also personalizes a much smaller number of PIN pads, by having its public key stored securely in the PIN pads, this enables the PIN pad the securely authenticate the "security module” cards and also the "secuity officer” cards.
  • the PIN pad can also be personalized with a secure ID and a certificate, exactly like the "security officer” cards; this enables the "security module” cards and the “security officer” cards to authenticate the PIN pad.
  • the PIN pad can create a secure encrypted channel with any "security module” card and with any "security officer” card.
  • Modern PIN pads are based on smartcards to drive them, so all these personalizations are usually done to a smartcard, and a secure HSM console application is loaded on the secure PIN pad, or the card inside it, depending on the programming model of the PIN pad.
  • a customer would normally buy a number of a "security module” smartcards, like for example twenty or thirty, and a smaller number of security officers' cards, like for example five or six.
  • the customer will also get one or two personalized PIN pads from the vendor.
  • USB hub to enable the connection of a USB smartcards in this example Best Mode. If smartcards that use other technologies, like iButton or even normal smartcards were used, the corresponding reader communication equipment will be required. These things will either be provided by the vendor or the customer would buy it by himself.
  • the customer would install the communication controller software on a comptuer and start the software.
  • the PIN pad and the "security officer" cards will ensure they trust each other by verfiying each other certificates, in case of mutual authentication.
  • the security officer can now set or change the PIN for his smartcard and generate an LMK component
  • the "security module" cards can be added one by one and be added to the securely signed list of collection and loaded with the LMK components of each security officer. 15. The list is kept secure, by having it signed by all the security officers.
  • the communication controller can now be configured with the TCP/IP port on which it will serve the host interface
  • This process also ensures that no one can add a malicious smartcard to the collection, because the list that contains the ID's of the smartcards in the collection is signed.
  • Figure 9 is just another packaging of the same idea in the best mode, where the communication handler is a prepackaged computer that houses the smartcards inside it; so, the end product would look exactly like a normal HSM; of course this packaging need not to be the expensive physically secure packaging, because the current invention eliminated the need for this very expensive packaging.
  • This mode uses normal un-secure packaging, yet delivers the same security level as traditional HSMs at a very small fraction in cost.
  • a secure PIN pad is also shiped with the product, that has key agreement with the security module smartcards in the HSM. This PIN pad functions mainly as a secure console for the HSM, to enable the security officers to interact securely with the HSM.
  • HSM manufacturers will greatly want to use this invention to manufacture their next generation HSMs, rather than manufacturing the HSM in the normal way. The most important reason is the two orders of magnitude cost reduction. Additional benefits are the ease of software customization because smartcards are programmable in secure high-level languages like Java and the simplicity of the ceritifcation process because smartcards are already FIPS and common criteria evaluated and certified for physical security and also the operating systems of smartcards are extremely secure and trusted.
  • HSMs Mobile operators today do not use HSMs to prevent insider attacks of their subscribers lines; The authentication keys are kept in databases that are not military-grade secure; i.e. administrators and applications have access to it! HSMs will radically eliminate the possiblity of server-side attacks. HSMs will also enable mobile operators to provide secure identity service to service providers, rather than the un-guaranteed caller ID. The reason is that the identity is already protected from the client side by smartcards, i.e. the SIM cards, and now by using an HSM in the server side which is this invention, the identity will be also protected from the server side. Now since the protection is complete from both the client side and the server side, then the secure identification of the user can be sold as a secure user identification service to third parties, like banks to enable mobile banking for example and other service providers.

Abstract

Module pratique de sécurité hôte à part entière, utilisant une série de cartes intelligentes, selon des modalités d'élaboration nouvelles qui permettent de réaliser un tel module à une très faible part du coût d'élaboration d'un module classique de ce type, pour le même rendement, et sans compromis. Du point de vue matériel, le module est constitué d'une série de cartes intelligentes et d'un système de traitement des communications capable de communiquer avec les cartes en question, ce système pouvant d'ailleurs prendre la forme d'un processus lancé sur l'ordinateur hôte utilisant lui-même le module. Du point de vue logiciel, il comprend un logiciel de module de sécurité résidant sur chaque carte intelligente de la série de cartes et un logiciel de système de traitement des communications appelé à résider sur l'ordinateur qui assure la gestion de la série de cartes au niveau des communications. On se passe ainsi des enceintes physiquement sécurisées très onéreuses propres aux modules considérés et on apporte bien d'autres avantages spécifiés en détail dans la description. Il s'agit d'un module pratique de sécurité hôte à part entière dans la mesure où ce module présente toutes les caractéristiques d'un du module classique de ce type, comme l'impression sécurisée de secrets et de clés, l'interaction sécurisée avec les officiers de sécurité, l'interaction avec d'autres dispositifs critiques, l'interaction avec l'ordinateur hôte, etc. On décrit enfin le procédé relatif à la gestion d'une série éventuellement très importante de minuscules dispositifs de sécurité, par le biais d'une liste sécurisée signée d'identificateurs (ID) correspondant aux dispositifs. Tous les officiers de sécurité doivent apporter leur approbation pour ajouter ou retirer un « module de sécurité » sur la liste, ce qui évite l'adjonction de cartes intelligentes frauduleuses à la série. Enfin, si on dérobe une ou plusieurs cartes intelligentes dans la série, diverses techniques antivol permettent d'en éviter l'utilisation, et dans tous les cas aucune clé maître locale n'est jamais mise en évidence en clair à partir de l'une quelconque des cartes intelligentes de la série.
PCT/IB2005/052438 2005-07-20 2005-07-20 Module de securite hote utilisant une serie de cartes intelligentes WO2007010333A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/IB2005/052438 WO2007010333A1 (fr) 2005-07-20 2005-07-20 Module de securite hote utilisant une serie de cartes intelligentes

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IB2005/052438 WO2007010333A1 (fr) 2005-07-20 2005-07-20 Module de securite hote utilisant une serie de cartes intelligentes

Publications (1)

Publication Number Publication Date
WO2007010333A1 true WO2007010333A1 (fr) 2007-01-25

Family

ID=35385059

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2005/052438 WO2007010333A1 (fr) 2005-07-20 2005-07-20 Module de securite hote utilisant une serie de cartes intelligentes

Country Status (1)

Country Link
WO (1) WO2007010333A1 (fr)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2437193A1 (fr) 2010-09-09 2012-04-04 Simulity Labs Ltd Rangée de SAM
US8230233B2 (en) * 2006-06-05 2012-07-24 Felica Networks, Inc. Information processing terminal and program for use therewith
EP2757737A1 (fr) * 2013-01-16 2014-07-23 Gemalto SA Procédé de construction d'une structure d'approbation de données publiques
NO335081B1 (no) * 2012-08-02 2014-09-08 Cypod Tech As Fremgangsmåte, system og anordning for smart tilgangskontroll for e-handelbetaling
WO2017011888A1 (fr) * 2015-07-20 2017-01-26 Cielo S.A. Système et procédé d'autorisation de transactions de paiement par carte
WO2018218349A1 (fr) * 2017-05-31 2018-12-06 Crypto4A Technologies Inc. Module de sécurité matériel
WO2020107098A1 (fr) * 2018-11-29 2020-06-04 Crypto4A Technologies Inc. Dispositif et ressources matériels de confiance pour interconnexion de réseau, et appareil, plate-forme et système intégrés de gestion de sécurité de réseau multiniveau ou inter-domaines
US11132665B2 (en) 2012-02-29 2021-09-28 Apple Inc. Method and device for conducting a secured financial transaction on a device
US11310198B2 (en) 2017-05-31 2022-04-19 Crypto4A Technologies Inc. Integrated multi-level or cross-domain network security management appliance, platform and system, and remote management method and system therefor
US11321493B2 (en) 2017-05-31 2022-05-03 Crypto4A Technologies Inc. Hardware security module, and trusted hardware network interconnection device and resources
WO2022101405A3 (fr) * 2020-11-13 2022-07-21 Assa Abloy Ab Réseaux d'éléments sécurisés dans des systèmes de l'internet des objets

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0422310A1 (fr) * 1989-10-10 1991-04-17 International Business Machines Corporation Méchanisme distribué pour la planification rapide d' objets partagés
WO2001056248A2 (fr) * 2000-01-26 2001-08-02 Prompt2U Inc. Technique et systeme de mise en correspondance adaptative a repartition symetrique de partenaires ayant des interets reciproques dans un reseau d'ordinateurs
US6412079B1 (en) * 1998-10-09 2002-06-25 Openwave Systems Inc. Server pool for clustered system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0422310A1 (fr) * 1989-10-10 1991-04-17 International Business Machines Corporation Méchanisme distribué pour la planification rapide d' objets partagés
US6412079B1 (en) * 1998-10-09 2002-06-25 Openwave Systems Inc. Server pool for clustered system
WO2001056248A2 (fr) * 2000-01-26 2001-08-02 Prompt2U Inc. Technique et systeme de mise en correspondance adaptative a repartition symetrique de partenaires ayant des interets reciproques dans un reseau d'ordinateurs

Non-Patent Citations (6)

* Cited by examiner, † Cited by third party
Title
CHAUMETTE S ET AL: "Secure Distributed Computing on a Java CardŸ#8482; Grid", PARALLEL AND DISTRIBUTED PROCESSING SYMPOSIUM, 2005. PROCEEDINGS. 19TH IEEE INTERNATIONAL DENVER, CO, USA 04-08 APRIL 2005, PISCATAWAY, NJ, USA,IEEE, 4 April 2005 (2005-04-04), pages 186b - 186b, XP010785741, ISBN: 0-7695-2312-9 *
FRIEDMAN R ET AL: "Load balancing schemes for high-throughput distributed fault-tolerant servers", RELIABLE DISTRIBUTED SYSTEMS, 1997. PROCEEDINGS., THE SIXTEENTH SYMPOSIUM ON DURHAM, NC, USA 22-24 OCT. 1997, LOS ALAMITOS, CA, USA,IEEE COMPUT. SOC, US, 22 October 1997 (1997-10-22), pages 107 - 115, XP010254989, ISBN: 0-8186-8177-2 *
P. RECHENBERG, G.POMBERGER: "Informatik-Handbuch", CARL HANSER VERLAG, 2002, München, XP002356620, ISBN: 3-446-21842-4 *
RANKL W ED - RANKL W ET AL: "Handbuch der Chipkarten, PASSAGE", HANDBUCH DER CHIPKARTEN. AUFBAU - FUNKTIONSWEISE - EINSATZ VON SMART CARDS, MUENCHEN : CARL HANSER VERLAG, DE, 1999, pages 171 - 177, XP002322130, ISBN: 3-446-21115-2 *
S.CHAUMETTE: "The Smart Cards Grid Project", 2003, Cartes, XP002356616, Retrieved from the Internet <URL:http://www.labri.fr/perso/chaumett/recherche/cartesapuce/smartcardsgrid/documents/poster.pdf> [retrieved on 20051129] *
V.A.: "Smart Card", WIKIPEDIA, 19 July 2005 (2005-07-19), XP002356617, Retrieved from the Internet <URL:http://en.wikipedia.org/w/index.php?title=Smart_card&oldid=19181808> [retrieved on 20051129] *

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8230233B2 (en) * 2006-06-05 2012-07-24 Felica Networks, Inc. Information processing terminal and program for use therewith
EP2437193A1 (fr) 2010-09-09 2012-04-04 Simulity Labs Ltd Rangée de SAM
US11132665B2 (en) 2012-02-29 2021-09-28 Apple Inc. Method and device for conducting a secured financial transaction on a device
US11756021B2 (en) 2012-02-29 2023-09-12 Apple Inc. Method, device and secure element for conducting a secured financial transaction on a device
US11397936B2 (en) 2012-02-29 2022-07-26 Apple Inc. Method, device and secure element for conducting a secured financial transaction on a device
US11301835B2 (en) 2012-02-29 2022-04-12 Apple Inc. Method, device and secure element for conducting a secured financial transaction on a device
NO335081B1 (no) * 2012-08-02 2014-09-08 Cypod Tech As Fremgangsmåte, system og anordning for smart tilgangskontroll for e-handelbetaling
EP2757737A1 (fr) * 2013-01-16 2014-07-23 Gemalto SA Procédé de construction d'une structure d'approbation de données publiques
WO2014111236A1 (fr) * 2013-01-16 2014-07-24 Gemalto Sa Procédé de construction de structures d'approbation de données publiques
WO2017011888A1 (fr) * 2015-07-20 2017-01-26 Cielo S.A. Système et procédé d'autorisation de transactions de paiement par carte
US10467437B2 (en) 2017-05-31 2019-11-05 Crypto4A Technologies Inc. Integrated multi-level network appliance, platform and system, and remote management method and system therefor
US11310198B2 (en) 2017-05-31 2022-04-19 Crypto4A Technologies Inc. Integrated multi-level or cross-domain network security management appliance, platform and system, and remote management method and system therefor
US11321493B2 (en) 2017-05-31 2022-05-03 Crypto4A Technologies Inc. Hardware security module, and trusted hardware network interconnection device and resources
US10417455B2 (en) 2017-05-31 2019-09-17 Crypto4A Technologies Inc. Hardware security module
WO2018218349A1 (fr) * 2017-05-31 2018-12-06 Crypto4A Technologies Inc. Module de sécurité matériel
US11803666B2 (en) 2017-05-31 2023-10-31 Crypto4A Technologies Inc. Hardware security module, and trusted hardware network interconnection device and resources
US11916872B2 (en) 2017-05-31 2024-02-27 Crypto4A Technologies Inc. Integrated network security appliance, platform and system
WO2020107098A1 (fr) * 2018-11-29 2020-06-04 Crypto4A Technologies Inc. Dispositif et ressources matériels de confiance pour interconnexion de réseau, et appareil, plate-forme et système intégrés de gestion de sécurité de réseau multiniveau ou inter-domaines
WO2022101405A3 (fr) * 2020-11-13 2022-07-21 Assa Abloy Ab Réseaux d'éléments sécurisés dans des systèmes de l'internet des objets

Similar Documents

Publication Publication Date Title
WO2007010333A1 (fr) Module de securite hote utilisant une serie de cartes intelligentes
US6328217B1 (en) Integrated circuit card with application history list
CA2838763C (fr) Procedes et systemes d&#39;authentification de references
US6694436B1 (en) Terminal and system for performing secure electronic transactions
EP2143028B1 (fr) Gestion securisee d&#39;un pin
US7707408B2 (en) Key transformation unit for a tamper resistant module
US7302703B2 (en) Hardware token self enrollment process
CA2026739C (fr) Methode et dispositif de securite pour systeme transactionnel
CN110249586B (zh) 用于在智能卡上安全存储敏感数据的方法和智能卡
EP0821508B1 (fr) Organe cryptographique avec logique de point de contact
US7526652B2 (en) Secure PIN management
US7861015B2 (en) USB apparatus and control method therein
US20020112156A1 (en) System and method for secure smartcard issuance
US9355277B2 (en) Installable secret functions for a peripheral
US20020129261A1 (en) Apparatus and method for encrypting and decrypting data recorded on portable cryptographic tokens
US20140188732A1 (en) Secure provisioning manifest for controlling peripherals attached to a computer
EP1763760A1 (fr) Unite et procede d&#39;utilisation de dispositifs cryptographiques pour lutter contre le vol d&#39;identite d&#39;une institution en ligne
WO2005109360A1 (fr) Saisie securisee de nip au moyen d&#39;un ordinateur personnel
WO2007106187A2 (fr) Terminal internet sécurisé pour ordinateurs personnels
WO2003023686A2 (fr) Mandataire de certificat numerique
WO2009149715A1 (fr) Module de liaison sécurisé et système de transaction
WO2001084768A1 (fr) Procede d&#39;authentification d&#39;un utilisateur
Petri An introduction to smart cards
EP1252560B1 (fr) Procede d&#39;auto-inscription de jetons de materiel
Khan et al. Tamper-resistant security for cyber-physical systems with eTRON architecture

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct application non-entry in european phase

Ref document number: 05771500

Country of ref document: EP

Kind code of ref document: A1