EP1192795A2 - Procede de gestion de donnees par un module de securite et module de securite - Google Patents

Procede de gestion de donnees par un module de securite et module de securite

Info

Publication number
EP1192795A2
EP1192795A2 EP00931312A EP00931312A EP1192795A2 EP 1192795 A2 EP1192795 A2 EP 1192795A2 EP 00931312 A EP00931312 A EP 00931312A EP 00931312 A EP00931312 A EP 00931312A EP 1192795 A2 EP1192795 A2 EP 1192795A2
Authority
EP
European Patent Office
Prior art keywords
card
security module
memory location
logical channel
memory
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP00931312A
Other languages
German (de)
English (en)
French (fr)
Inventor
Frédéric MAYANCE
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Axalto SA
Original Assignee
Schlumberger Systemes SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Schlumberger Systemes SA filed Critical Schlumberger Systemes SA
Publication of EP1192795A2 publication Critical patent/EP1192795A2/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0866Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means by active credit-cards adapted therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/363Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes with the personal data of a user
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M17/00Prepayment of wireline communication systems, wireless communication systems or telephone systems
    • H04M17/02Coin-freed or check-freed systems, e.g. mobile- or card-operated phones, public telephones or booths

Definitions

  • the present invention relates to a data management method, by a security module, of a user card capable of being inserted into at least one terminal, said card being subjected to at least one authentication by said security module. It also relates to a security module adapted for its implementation.
  • the invention finds a particularly advantageous application in the field of telephony.
  • terminal administration systems which include an administration server and security modules generally embedded in hubs connected to said terminals.
  • a concentrator comprises a computer, several security modules and an electronic card with which said modules are connected.
  • the terminals are called public telephones.
  • a security module guarantees the validity of a user card inserted in a public telephone, in particular through authentication of said card. To this end, said card includes secret data making it possible to guarantee its validity.
  • Public telephone administration systems as well as secret data are managed by telephone operators.
  • the concentrator manages several security modules, generally around thirty.
  • a security module manages only one public telephone.
  • the electronic card is used to administer communication between the telephones and the administration server.
  • a technical problem to be solved by the object of the present invention is to propose a data management method, by a security module, of a user card capable of being introduced into at least one terminal, said card being subject at least one authentication by said security module, as well as a security module, which would make it possible to easily manage a fleet of terminals, at low cost, and this by reducing the administration device for said terminals.
  • a solution to the technical problem posed is characterized, according to a first object of the present invention, in that said data management method comprises the steps according to which:
  • this solution is characterized in that the security module comprises:
  • the data management method as well as the security module of the invention make it possible to manage several public telephones in parallel by means of a security module.
  • contextual data is stored defining the state in which a set of user cards is located at a given time during a connection session of said cards, for several telephones, the data being saved in a memory. of the security module.
  • FIG. 1 is a diagram showing a security module, a terminal and a user card for implementing the method according to the invention.
  • FIG. 2 is a diagram of the security module of FIG. 1 comprising several memory locations.
  • FIG. 3 is a diagram showing a first communication between the security module and the terminal of FIG. 1.
  • FIGS. 4a, 4b, 4c, 4d and 4e are diagrams representing a memory location of the security module of FIG. 2.
  • FIG. 5 is a diagram showing a memory location of the security module of FIG. 2.
  • FIG. 6 is a diagram showing a second communication between the security module and the terminal of FIG. 1.
  • the present description of the invention relates to the example of integrated circuit cards.
  • integrated circuit card is meant any portable object, card in ISO format or not, subscriber identification module, electronic label, badge, etc.
  • the term “introduction” of a card into a terminal generally means " cooperation ".
  • the invention relates both to a card with a contact interface which requires a physical introduction into the terminal, as well as a card with a contactless interface which are able to communicate with the terminal without physical contact with the latter (by radio frequency. ..) or a card with the two interfaces.
  • the SAM module comprises a memory comprising at least one memory location M.
  • the memory of the SAM security module is a non-volatile EEPROM memory.
  • the SAM security module comprises several memory locations M.
  • the memory locations M are placed contiguously in a CHANNEL file of the non-volatile memory EEPROM, and, a chronological counter RECMAN is associated at a memory location M as well as an allocation area CN.
  • the CN allocation area as well as the RECMAN chronological counter have respective initial values VI and V2.
  • the SAM security module also includes at least one ISSUER file comprising a MASTER master key and a cumulative CBCPT counter of units.
  • the module includes several ISSUER files. Each ISSUER file corresponding to a type of cards issued.
  • a user When a user wants to telephone, he introduces his CARD card into the public telephone P. Before initiating a communication, a first authentication A is carried out by means of the SAM security module, via the telephone P and then the communication.
  • the first authentication A comprises the steps described below, as shown in FIG. 3.
  • a first step an identifier ID of the user card is read, said identifier being unique for each card.
  • an available LC logical channel is sought and a logical channel for the public telephone P in which the user card CARD is located is allocated in the SAM security module.
  • an LC logical channel is sought by means of a first GETCHANNELSTATUS command sent from the public telephone P to the SAM security module.
  • a logical channel LC includes an identifier NB. Said module returns a list of all the channels used, advantageously their identifier NB. We deduce the channels that are available and choose one of the available channels.
  • a memory location M is associated with the logical channel LC by writing the identifier NB of the logical channel LC allocated in the area CN for allocation of the chosen memory location M. Thus, the memory location M is no longer free.
  • the lifetime of the non-volatile EEPROM memory depends on the number of registrations made.
  • the chronological counter RECMAN of each location is used. memory M as described below.
  • the value of the RECMAN chronological counter of the associated memory location M is incremented, relative to the maximum value of all the chronological counters of the memory locations M.
  • the oldest memory location M is the one with the smallest RECMAN time counter value.
  • the oldest free memory location M is associated with a logical channel LC.
  • the CHANNEL file comprises four memory locations M l, M2, M3 and M4 used. Their counters RECMAN chronological values have an initialization value V2 equal to zero.
  • the value of a RECMAN chronological counter is incremented by one.
  • the channel associated with the third location M3 is released. Its RECMAN3 counter is incremented by one and worth one.
  • the channel associated with the second location M2 is released. His counter
  • RECMAN2 is incremented by one compared to the third counter. Its value is two.
  • the channel associated with the fourth memory location M4 is released, its counter RECMAN4 is worth three, as shown in FIG. 4d.
  • a logical channel LC with identifier NB3 is allocated and the oldest free memory location M is associated, ie, as shown in FIG. 4e, the third memory location M3.
  • the method of the present invention allows, on the one hand, to avoid always choosing the same memory location M to write data there as we will see later, and, on the other hand, not to be restricted to the number of memory locations M for the choice of LC logical channel identifiers to be allocated. We can thus have the choice between, for example, two hundred and fifty five LC channel identifiers while having only ten memory locations M.
  • this memory management method described above can be applied to any application other than that of telephony.
  • the secret key KEY of the CARD card is recalculated, using the identifier ID of said card and a master key MASTER of said SAM module.
  • This step is also called the key diversification step.
  • an ISSUER file is selected during the step of reading the identifier of the user card, the correlation being made between the type of cards and the master key by means of the identifier of said user card.
  • the allocation of the LC logical channel and the diversification of the key are done by means of a second DIVERSIFYKEY command sent from the public telephone P to the SAM security module.
  • Said second command takes into account in particular the identifier NB of the channel allocated to the public telephone P, an identifier ALGOID2 of a diversification algorithm ALGO2, an identifier of the master key MASTER used and, where appropriate, a diversifier RAND.
  • the contextual data DATA relating to the authentication step A is stored in the memory location M associated with the allocated logical channel LC.
  • the contextual data DATA comprises an identifier ALGOID 1 an ALGO 1 signature algorithm, the identifier ID of the CARD user card, the identifier of the MASTER master key used, the diversified key KEY, an ABACUS abacus of the CARD user card, and, status data STATE ....
  • the ABACUS abacus has a first VO value.
  • the STATE state data makes it possible to manage in the SAM security module a sequence of commands in order to memorize the state of the SAM module at a given instant, and this for a LC logical channel given.
  • the SAM module comprises a table in which a number and a set of bytes are assigned to each state. An authorized command is represented by one of the bytes. The first quartet of the byte includes the number of the state in which we are after execution of the command, if there has been no error.
  • the second quartet includes the number of the state in which we are when there has been an error (not shown). If another user uses a second CARD in a second P-phone, the second card can be validated using the SAM module, for example, after a first authentication of a first user card. The contextual data of the first card is not lost, we can continue to manage the first card.
  • the method of said invention thus allows, thanks to this management of contextual data by the SAM security module, to execute different authentication sessions in parallel, an authentication session corresponding to a call duration and consequently manage multiple public telephones P by means of the security module SAM, a public telephone P having an allocated logical channel LC and an associated memory location M.
  • a random number RAND we send a random number RAND to the card, we store said random number in the memory location M associated with the allocated logical channel LC, we calculate in the card a cryptogram by encrypting the secret key KEY using in particular the ALGO 1 signature algorithm, the random number RAND, and, the cryptogram is sent to the security module SAM (not shown).
  • SAM security module
  • the value of the cryptogram is checked by means of the secret key KEY recalculated during the third step.
  • the communication can be established.
  • the ABACUS chart on the card is updated according to the number of units used during communication.
  • the value of the ABACUS abacus is read in order to verify that the abacus has been updated.
  • a second authentication A is carried out which corresponds to the last step of the first authentication A described above.
  • Said second authentication A takes into account the value of the abacus abacus read previously, the identifier ALGOID 1 of the ALGO 1 signature algorithm used and the ID identifier of the card, which have been saved in the memory location M. In the case where the same RAND random number is used, the steps concerning said random number are not useful since the latter is stored in the memory location M.
  • the contextual data DATA such as the new value VN of the abacus ABACUS, the new state data STATE, and, if necessary, the new RAND random number generated, said new state data replacing the old ones.
  • the new random RAND number if applicable. If a power off of the SAM module occurs, said second authentication A is performed again.
  • This second authentication A makes it possible to verify that no fraudster has used a pirate card to telephone.
  • the cryptogram calculated by said card and returned to the SAM module is erroneous since it is different from that calculated in said SAM module.
  • the identifier of the fraudulent card is different from that of the valid card previously inserted in the public telephone P, as is the value of the ABACUS chart.
  • the CARD card is removed from the public telephone P.
  • the allocated logical channel LC is no longer useful.
  • the logical channel LC associated with the terminal P is closed.
  • the area CN allocation of the memory location M associated with the initialization value VI is initialized and the chronological counter RECMAN is updated. If necessary, the contextual data DATA is deleted in the memory location M associated with the logical channel LC which is freed.
  • the method of the present invention has an advantage according to which the number of units used per type of card is counted in the SAM security module in an optimized manner.
  • a public telephone P comprises said security module SAM
  • the management of the channels described above does not apply since only one logical channel is used, and, the contextual data DATA are stored in a volatile memory. RAM.
  • the invention is in no way limited to the field of telephony, it can extend to other fields in which a terminal administration system is implemented, such as for example an administration system of parking meters.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)
  • Telephone Function (AREA)
  • Telephonic Communication Services (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
EP00931312A 1999-05-18 2000-05-18 Procede de gestion de donnees par un module de securite et module de securite Withdrawn EP1192795A2 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
FR9906308 1999-05-18
FR9906308A FR2793979B1 (fr) 1999-05-18 1999-05-18 Procede de gestion de donnees par un module de securite
PCT/FR2000/001354 WO2000070842A2 (fr) 1999-05-18 2000-05-18 Procede de gestion de donnees par un module de securite et module de securite

Publications (1)

Publication Number Publication Date
EP1192795A2 true EP1192795A2 (fr) 2002-04-03

Family

ID=9545727

Family Applications (1)

Application Number Title Priority Date Filing Date
EP00931312A Withdrawn EP1192795A2 (fr) 1999-05-18 2000-05-18 Procede de gestion de donnees par un module de securite et module de securite

Country Status (4)

Country Link
EP (1) EP1192795A2 (zh)
CN (1) CN1143517C (zh)
FR (1) FR2793979B1 (zh)
WO (1) WO2000070842A2 (zh)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4828809B2 (ja) * 2003-12-10 2011-11-30 株式会社東芝 Icカードおよびicカードにおける処理方法

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DK608684D0 (da) * 1984-12-18 1984-12-18 Gnt Automatic As Betalingstelefon
GB8522427D0 (en) * 1985-09-10 1985-10-16 Plessey Co Plc Credit transaction arrangments
DE4133149C2 (de) * 1991-09-30 1994-12-01 Elmeg Kommunikationstech Fernsprechendgerät
NL9301271A (nl) * 1993-07-20 1995-02-16 Nederland Ptt Werkwijze en inrichting voor het registreren van gebruiksgegevens van op een betaalkaart werkende toestellen.

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO0070842A3 *

Also Published As

Publication number Publication date
WO2000070842A2 (fr) 2000-11-23
FR2793979B1 (fr) 2001-06-29
CN1353905A (zh) 2002-06-12
FR2793979A1 (fr) 2000-11-24
CN1143517C (zh) 2004-03-24
WO2000070842A3 (fr) 2001-03-29

Similar Documents

Publication Publication Date Title
EP0426541B1 (fr) Procédé de protection contre l'utilisation frauduleuse de cartes à microprocesseur, et dispositif de mise en oeuvre
EP0055986B1 (fr) Procédé et dispositif de sécurité pour communication tripartite de données confidentielles
EP0950303B1 (fr) Procede et systeme pour securiser les prestations de service a distance des organismes financiers
EP1055203B1 (fr) Protocole de controle d'acces entre une cle et une serrure electronique
EP0950307B1 (fr) Procede et systeme pour securiser les prestations de service d'operateurs de telecommunication
EP0780012B1 (fr) Procede et agencement pour donner selectivement un acces dans un systeme de securite
WO2009050368A2 (fr) Communication securisee entre une etiquette electronique et un lecteur
FR2680892A1 (fr) Procede d'authentification de donnees.
EP3262553B1 (fr) Procede de transaction sans support physique d'un identifiant de securite et sans jeton, securise par le decouplage structurel des identifiants personnels et de services
EP2369780A1 (fr) Procédé et système de validation d'une transaction, terminal transactionnel et programme correspondants.
WO2016097650A1 (fr) Procede d'envoi d'une information de securite et dispositif electronique apte a mettre en oeuvre un tel procede
EP1192795A2 (fr) Procede de gestion de donnees par un module de securite et module de securite
FR3052895B1 (fr) Procede d'envoi d'une information de securite
EP1912182A1 (fr) Autorisation d'une transaction entre un circuit électronique et un terminal
EP3343487A1 (fr) Procédé de contrôle d'habitudes d'utilisation et dispositif électronique apte à mettre en uvre un tel procédé
WO2003023725A1 (fr) Protocole d'authentification a verification d'integrite de memoire
WO2019145620A1 (fr) Système sécurisé de transactions entre terminaux
FR2566155A1 (fr) Procede et systeme pour chiffrer et dechiffrer des informations transmises entre un dispositif emetteur et un dispositif recepteur
EP1269431A1 (fr) Procede de protection d'une puce electronique contre la fraude
FR3051276B1 (fr) Procedes de mise en oeuvre d'une transaction via un terminal mobile
FR2869702A1 (fr) Procedure d'acces a un service pre ou post-paye avec authentification d'un compte utilisateur et gestion dudit compte
EP1420373B1 (fr) Contrôle de code de carte pré-payée virtuelle
EP1779340B1 (fr) Systeme de paiement par suite de jetons
OA18272A (en) Methods of implementing a transaction via a mobile terminal.
WO2016034812A1 (fr) Sécurisation de clés de cryptage pour transaction sur un dispositif dépourvu de module sécurisé

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20011130

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: AXALTO S.A.

17Q First examination report despatched

Effective date: 20071122

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20071201