WO2018119852A1 - Method for mutual authentication between device and secure element - Google Patents

Method for mutual authentication between device and secure element Download PDF

Info

Publication number
WO2018119852A1
WO2018119852A1 PCT/CN2016/112969 CN2016112969W WO2018119852A1 WO 2018119852 A1 WO2018119852 A1 WO 2018119852A1 CN 2016112969 W CN2016112969 W CN 2016112969W WO 2018119852 A1 WO2018119852 A1 WO 2018119852A1
Authority
WO
WIPO (PCT)
Prior art keywords
secure element
key
secure
digest
nonce
Prior art date
Application number
PCT/CN2016/112969
Other languages
French (fr)
Inventor
Shunhua ZHAO
Yongsheng QI
Ren Liu
Original Assignee
Gemalto Smart Cards Technology Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gemalto Smart Cards Technology Co., Ltd. filed Critical Gemalto Smart Cards Technology Co., Ltd.
Priority to PCT/CN2016/112969 priority Critical patent/WO2018119852A1/en
Publication of WO2018119852A1 publication Critical patent/WO2018119852A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • the present invention relates to telecommunications and proposes a method for mutual authentication between a device and a secure element. This mutual authentication allows to establish a secure communication channel between the device and the secure element.
  • a secure element is for example a UICC (Universal Integrated Circuit Card) or an embedded UICC (eSE for embedded Secure Element or eUICC for embedded UICC) .
  • a secure element such as a eSE is a secure box to which entities can trust.
  • Software and hardware of eSE are certified to proper security level, for example CC (Common Criterium) or EMVCo certification for payment.
  • IoT Internet of Things
  • eSE Internet of Things
  • unsecure device In an authentication or payment use case, the unsecure device has the requirement to store or process the data or transaction securely.
  • An eSE embeds naturally secure storage and process characteristics.
  • an eSE is introduced into an unsecure device system, to improve the security of the whole system, there is a lack of security protection for the communication between the eSE and the unsecure device.
  • An unsecure device is for example a SoC device (System on Chip) and it has to communicate with the eSE.
  • the SoC device communicates over Internet with the Cloud.
  • unsecure device may need secure element to do those sensitive process and then communicate with Cloud server. Thus a protection of the communication between unsecure device and secure element is important.
  • the present invention proposes a solution to these drawbacks.
  • the invention proposes a method for mutual authentication between a device and a secure element, the device being pre-personalized with secure’s element public key, the secure element being pre-provisioned by a private and a public key and a digest of the device, the method comprising:
  • the secure element is preferably embedded in the device.
  • the secure element can be a UICC.
  • - Fig. 1 an unsecure device cooperating with a secure element through a secure channel to be established
  • - Fig. 2 an example of a workflow of the method according to the present invention.
  • Fig. 1 represents an unsecure device cooperating with a secure element through a secure channel to be established.
  • an unsecure device 10 has to communicate with a secure element 11 such as an eSE.
  • a secure communication channel 18 has therefore to be established between these two entities.
  • the device 10 comprises a boot loader 12 to load Rich OS on SoC, and the data integrity and authenticity of this boot loader may need to be checked with a digest present in the eSE as it will be seen later.
  • the device 10 also comprises an Operating System (OS) 13, for example Android.
  • OS Operating System
  • the secure element 11 comprises secret data 14 that can be communicated to the device 10.
  • the secure element 11 is pre-personalized with:
  • This pre-personalization permits to implement the different steps of the method of the invention, represented in figure 2.
  • the first two steps of the invention consists in generating in the device 10 two ephemeral keys, a public key and a private key. These ephemeral keys are generated for each communication that the device 10 wishes to establish with the secure element 11.
  • the advantage to use ephemeral keys is that a shared secret can be generated differently since each time the ephemeral keys are different. And there is no need to store sensitive ephemeral private key, because it’s used only one time.
  • the device 10 After having generated this ephemeral key pair, the device 10 computes (third step) a shared secret ShS from its ephemeral private key and secure element’s public key 15.
  • This shared secret ShS can for example be generated by Diffie-Hellman or EC Diffie-Hellman Key Agreement algorithm as defined by Javacard standard KeyAgreement class.
  • the fourth step of the invention consists in deriving by the device 10 a session key from the shared secret (through a reversible function) .
  • the sixth and seventh steps of the invention consists in encrypting by the device 10 with the session key a digital digest from part of its code (OS) .
  • the seventh step of the invention consists in generating a nonce.
  • the eight step consists in sending from the device 10 to the secure element 11 a secureTransport command carrying the ephemeral public key, the encrypted digital digest and the generated nonce.
  • the secure element 11 regenerates the shared secret with device’s ephemeral public key and secure’s element private key (step 9) , and derives the session key from the shared secret (step 10) .
  • the secure element then extracts the digest with the session key and verify it with the digest pre-personalized in the SE in order to authenticate the device (step 11) .
  • the secure element 11 signs the nonce with its private key (step 12) and encrypts the signature with the session key (step 13) .
  • the secure element 11 then sends the encrypted signature of the nonce to the device 10 as a response to the reception of the secureTransport command.
  • the device 10 decrypts the encrypted signature of the nonce with the session key to extract signature of the nonce and at step 19, it verifies the signature of the nonce to authenticate the secure element.
  • the device 20 can then send sensitive data to the secure element 11 and the secure element answers at step 21.
  • the invention supports the update of the digest and secure transport of a new digest to the secure element 11. This can be done by establishing (as seen above) a secure channel with the old digest and transport a new digest from the device 10 to the secure element 11. The next establishment of a secure channel will then be done thanks to another digest.
  • the nonce and sensitive data which the device intends to retrieve are signed by the secure element 11 with its private key;
  • step 13 there is an encryption by the secure element 11 of these signatures with the session key, and a transmission of them to the device 10 as a response;
  • the session key is used for decryption to extract the signature of the nonce, signature of the sensitive data and the sensitive data;
  • the device 10 verifies the signature of the nonce to authenticate the secure element, and verifies the signature of the sensitive data to ensure data integrity.

Abstract

A method for mutual authentication between a device (10) and a secure element (11), the device being pre-personalized with secure's element public key, the secure element (11) being pre-provisioned by a private and a public key and a digest of the device (11), is provided. The method comprising: generating by the device (10) for each communication to be established between the device (10) and the secure element (11) an ephemeral private key and an ephemeral public key pair; computing by the device (10) a shared secret from its ephemeral private key and secure element's public key; deriving by the device (10) a session key from the shared secret; encrypting by the device (10) with the session key a digital digest from part of its code; sending from the device (10) to the secure element (11) a secureTransport command carrying the ephemeral public key, the encrypted digital digest and a nonce; on reception of the secureTransport command by the secure element (11), regenerating the shared secret with device's ephemeral public key and secure's element (11) private key, and deriving the session key from the shared secret; extracting by the secure element (11) the digest with the session key and verifying it with the digest pre-personalized in the secure element (11) in order to authenticate the device (10); signing by the secure element (11) with its private key the nonce; encrypting by the secure element (11) the signature with the session key, and sending them to the device (10) as a response; on reception of response by the device (10), decrypting them with the session key to extract signature of the nonce; verifying by the device (10) the signature of the nonce to authenticate the secure element (11).

Description

A method for mutual authentication between a device and a secure element
The present invention relates to telecommunications and proposes a method for mutual authentication between a device and a secure element. This mutual authentication allows to establish a secure communication channel between the device and the secure element.
A secure element is for example a UICC (Universal Integrated Circuit Card) or an embedded UICC (eSE for embedded Secure Element or eUICC for embedded UICC) . For authentication purposes of a user of a device or in a mobile payment scenario, a secure element such as a eSE is a secure box to which entities can trust. Software and hardware of eSE are certified to proper security level, for example CC (Common Criterium) or EMVCo certification for payment.
On another hand, IoT (Internet of Things) devices embedded in the home appliances such as washing machines, TVs, fridges or doors, do not provide the same level of security than eSEs.. These can be considered as being unsecured devices. The data storage and processing in a unsecure device can be compromised. In an authentication or payment use case, the unsecure device has the requirement to store or process the data or transaction securely.
An eSE embeds naturally secure storage and process characteristics. When an eSE is introduced into an unsecure device system, to improve the security of the whole system, there is a lack of security protection for the communication between the eSE and the unsecure device.
An unsecure device is for example a SoC device (System on Chip) and it has to communicate with the eSE. The SoC device communicates over Internet with the Cloud.
In particular, tthere may be needs for sensitive data storage such as key and transaction data, or sensitive computation like cryptographic calculation at unsecure device side. Since secure element is naturally a secure storage and execution environment, unsecure device may need secure element to do those sensitive process and then communicate with Cloud server. Thus a protection of the communication between unsecure device and secure element is important.
In order to establish a secure channel between a eSE and a device, it is known to deploy an asymmetrical key inside and outside of the eSE, to build the secure channel for the transmission. But the key stored outside of eSE can be compromised  from security protection, and also the secure channel defined from GP or ETSI today is heavy.
The present invention proposes a solution to these drawbacks.
More precisely, the invention proposes a method for mutual authentication between a device and a secure element, the device being pre-personalized with secure’s element public key, the secure element being pre-provisioned by a private and a public key and a digest of the device, the method comprising:
- Generating by the device for each communication to be established between the device and the secure element an ephemeral private key and an ephemeral public key pair;
- Computing by the device a shared secret from its ephemeral private key and secure element’s public key;
- Deriving by the device a session key from the shared secret;
- Encrypting by the device with the session key a digital digest from part of its code;
- Sending from the device to the secure element a secureTransport command carrying the ephemeral public key, the encrypted digital digest and a nonce;
- On reception of the secureTransport command by the secure element, regenerate the shared secret with device’s ephemeral public key and secure’s element private key, and derive the session key from the shared secret;
- Extract by the secure element the digest with the session key and verify it with the digest pre-personalized in the secure element in order to authenticate the device;
- Sign by the secure element with its private key the nonce ;
- Encrypt by the secure element the signature with the session key, and send them to the device as a response;
- On reception of response by the device, decrypt them with the session key to extract signature of the nonce;
- Verify by the device the signature of the nonce to authenticate the secure element.
The secure element is preferably embedded in the device.
The secure element can be a UICC.
The method according to the invention will be better understood in regard of the following description of figures 1 and 2 that represent:
- Fig. 1 an unsecure device cooperating with a secure element through a secure channel to be established;
- Fig. 2 an example of a workflow of the method according to the present invention.
Fig. 1 represents an unsecure device cooperating with a secure element through a secure channel to be established.
In this figure, an unsecure device 10 has to communicate with a secure element 11 such as an eSE. A secure communication channel 18 has therefore to be established between these two entities.
The device 10 comprises a boot loader 12 to load Rich OS on SoC, and the data integrity and authenticity of this boot loader may need to be checked with a digest present in the eSE as it will be seen later.
The device 10 also comprises an Operating System (OS) 13, for example Android.
The secure element 11 comprises secret data 14 that can be communicated to the device 10.
The secure element 11 is pre-personalized with:
- A public key 15
- A private key 16
- A digest 17 of the OS of the device 10.
while the device 10 is pre-personalized with secure’s element 11 public key 15.
This pre-personalization permits to implement the different steps of the method of the invention, represented in figure 2.
The first two steps of the invention consists in generating in the device 10 two ephemeral keys, a public key and a private key. These ephemeral keys are generated for each communication that the device 10 wishes to establish with the secure element 11.
The advantage to use ephemeral keys is that a shared secret can be generated differently since each time the ephemeral keys are different. And there is no need to store sensitive ephemeral private key, because it’s used only one time.
After having generated this ephemeral key pair, the device 10 computes (third step) a shared secret ShS from its ephemeral private key and secure element’s public key 15.
This shared secret ShS can for example be generated by Diffie-Hellman or EC Diffie-Hellman Key Agreement algorithm as defined by Javacard standard KeyAgreement class.
The fourth step of the invention consists in deriving by the device 10 a session key from the shared secret (through a reversible function) .
The sixth and seventh steps of the invention consists in encrypting by the device 10 with the session key a digital digest from part of its code (OS) .
The seventh step of the invention consists in generating a nonce.
The eight step consists in sending from the device 10 to the secure element 11 a secureTransport command carrying the ephemeral public key, the encrypted digital digest and the generated nonce.
Having received the secureTransport command, the secure element 11 regenerates the shared secret with device’s ephemeral public key and secure’s element private key (step 9) , and derives the session key from the shared secret (step 10) .
The secure element then extracts the digest with the session key and verify it with the digest pre-personalized in the SE in order to authenticate the device (step 11) .
If the device is authenticated, the secure element 11 signs the nonce with its private key (step 12) and encrypts the signature with the session key (step 13) .
The secure element 11 then sends the encrypted signature of the nonce to the device 10 as a response to the reception of the secureTransport command.
At step 18, the device 10 decrypts the encrypted signature of the nonce with the session key to extract signature of the nonce and at step 19, it verifies the signature of the nonce to authenticate the secure element.
Once these steps have been performed, a secure channel is established between the device 10 and the secure element 11.
At step 20 the device 20 can then send sensitive data to the secure element 11 and the secure element answers at step 21.
The invention supports the update of the digest and secure transport of a new digest to the secure element 11. This can be done by establishing (as seen above) a secure channel with the old digest and transport a new digest from the device 10 to the  secure element 11. The next establishment of a secure channel will then be done thanks to another digest.
In the precedent description, sensitive data are only exchanged during  steps  20 and 21 but an alternative can consist in:
- At step 12, the nonce and sensitive data which the device intends to retrieve are signed by the secure element 11 with its private key;
- At step 13, there is an encryption by the secure element 11 of these signatures with the session key, and a transmission of them to the device 10 as a response;
- At step 15, on reception of the response by the device, the session key is used for decryption to extract the signature of the nonce, signature of the sensitive data and the sensitive data;
- At step 16, the device 10 verifies the signature of the nonce to authenticate the secure element, and verifies the signature of the sensitive data to ensure data integrity.
Thus, a communication of sensitive data can already be done from the secure element to the device before establishment of the secure channel. The invention presents the following advantages:
- Secure protection of the sensitive data transmission between the secure element and unsecure device;
- Crypto requirements are limited;
- Communications between the unsecure device and the secure element are limited. This allows to limit traffic for future mass devices connections.

Claims (3)

  1. A method for mutual authentication between a device (10) and a secure element (11) , said device being pre-personalized with secure’s element public key, said secure element (11) being pre-provisioned by a private and a public key and a digest of said device (11) , said method comprising:
    a-Generating by said device (10) for each communication to be established between said device (10) and said secure element (11) an ephemeral private key and an ephemeral public key pair;
    b-Computing by said device (10) a shared secret from its ephemeral private key and secure element’s public key;
    c-Deriving by said device (10) a session key from said shared secret;
    d-Encrypting by said device (10) with said session key a digital digest from part of its code;
    e-Sending from said device (10) to said secure element (11) a secureTransport command carrying said ephemeral public key, said encrypted digital digest and a nonce;
    f-On reception of said secureTransport command by said secure element (11) , regenerate said shared secret with device’s ephemeral public key and secure’s element (11) private key, and derive said session key from said shared secret;
    g-Extract by said secure element (11) said digest with said session key and verify it with said digest pre-personalized in said secure element (11) in order to authenticate said device (10) ;
    h-Sign by said secure element (11) with its private key said nonce ;
    i-Encrypt by said secure element (11) said signature with said session key, and send them to said device (10) as a response;
    j-On reception of response by said device (10) , decrypt them with said session key to extract signature of said nonce;
    k-Verify by said device (10) said signature of said nonce to authenticate said secure element (11) .
  2. Method according to claim 1, wherein said secure element (11) is embedded in said device (10) .
  3. Method according to any of the claims 1 and 2, wherein said secure element (11) is a UICC.
PCT/CN2016/112969 2016-12-29 2016-12-29 Method for mutual authentication between device and secure element WO2018119852A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2016/112969 WO2018119852A1 (en) 2016-12-29 2016-12-29 Method for mutual authentication between device and secure element

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2016/112969 WO2018119852A1 (en) 2016-12-29 2016-12-29 Method for mutual authentication between device and secure element

Publications (1)

Publication Number Publication Date
WO2018119852A1 true WO2018119852A1 (en) 2018-07-05

Family

ID=62710084

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/112969 WO2018119852A1 (en) 2016-12-29 2016-12-29 Method for mutual authentication between device and secure element

Country Status (1)

Country Link
WO (1) WO2018119852A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112134694A (en) * 2020-08-11 2020-12-25 北京智芯微电子科技有限公司 Data interaction method, master station, terminal and computer readable storage medium
CN112673656A (en) * 2020-08-13 2021-04-16 华为技术有限公司 Vehicle-mounted network secure communication method, device and equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090313472A1 (en) * 2008-04-07 2009-12-17 Interdigital Patent Holdings, Inc. Secure session key generation
CN102315942A (en) * 2011-09-30 2012-01-11 福源立信(北京)科技有限公司 Security terminal with Bluetooth and communication method thereof of security terminal and client end
CN105245349A (en) * 2015-11-17 2016-01-13 王家城 User wearing equipment provided with embedded UICC card
CN105337977A (en) * 2015-11-16 2016-02-17 苏州通付盾信息技术有限公司 Secure mobile communication architecture with dynamic two-way authentication and implementation method thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090313472A1 (en) * 2008-04-07 2009-12-17 Interdigital Patent Holdings, Inc. Secure session key generation
CN102315942A (en) * 2011-09-30 2012-01-11 福源立信(北京)科技有限公司 Security terminal with Bluetooth and communication method thereof of security terminal and client end
CN105337977A (en) * 2015-11-16 2016-02-17 苏州通付盾信息技术有限公司 Secure mobile communication architecture with dynamic two-way authentication and implementation method thereof
CN105245349A (en) * 2015-11-17 2016-01-13 王家城 User wearing equipment provided with embedded UICC card

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112134694A (en) * 2020-08-11 2020-12-25 北京智芯微电子科技有限公司 Data interaction method, master station, terminal and computer readable storage medium
CN112134694B (en) * 2020-08-11 2024-01-23 北京智芯微电子科技有限公司 Data interaction method, master station, terminal and computer readable storage medium
CN112673656A (en) * 2020-08-13 2021-04-16 华为技术有限公司 Vehicle-mounted network secure communication method, device and equipment
CN112673656B (en) * 2020-08-13 2022-08-09 华为技术有限公司 Vehicle-mounted network secure communication method, device and equipment

Similar Documents

Publication Publication Date Title
US11757662B2 (en) Confidential authentication and provisioning
US11818681B2 (en) Methods and architectures for secure ranging
EP2639997B1 (en) Method and system for secure access of a first computer to a second computer
EP3082356A1 (en) Method to check and prove the authenticity of an ephemeral public key
CN107896147B (en) Method and system for negotiating temporary session key based on national cryptographic algorithm
EP3001598B1 (en) Method and system for backing up private key in electronic signature token
EP3695561B1 (en) Secure provisioning of data to client device
WO2015158172A1 (en) User identity identification card
CN112532393A (en) Verification method of cross-link transaction, relay link node equipment and medium
JP2020530726A (en) NFC tag authentication to remote servers with applications that protect supply chain asset management
US20210392004A1 (en) Apparatus and method for authenticating device based on certificate using physical unclonable function
CN112351037A (en) Information processing method and device for secure communication
GB2522445A (en) Secure mobile wireless communications platform
WO2018119852A1 (en) Method for mutual authentication between device and secure element
US9876774B2 (en) Communication security system and method
KR102415628B1 (en) Method and apparatus for authenticating drone using dim
CN114065170A (en) Method and device for acquiring platform identity certificate and server
KR101625036B1 (en) Simple Payment System for Improving Certification and Method thereof
WO2014005534A1 (en) Method and system for transmitting data from data provider to smart card
Meky et al. A novel and secure data sharing model with full owner control in the cloud environment
CN114240428A (en) Data transmission method and device, data transaction terminal and data supplier
JP2020205548A (en) Authentication system and authentication method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16925183

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16925183

Country of ref document: EP

Kind code of ref document: A1