Classifications

• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07F—COIN-FREED OR LIKE APPARATUS
  • G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
  • G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
  • G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
  • G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/08—Payment architectures
  • G06Q20/10—Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
  • G06Q20/105—Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems involving programming of a portable memory device, e.g. IC cards, "electronic purses"
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
  • G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
  • G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
  • G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
  • G06Q20/355—Personalisation of cards for use
  • G06Q20/3558—Preliminary personalisation for transfer to user
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/38—Payment protocols; Details thereof
  • G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
  • G06Q20/409—Device specific authentication in transaction processing
  • G06Q20/4097—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
  • G06Q20/40975—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07F—COIN-FREED OR LIKE APPARATUS
  • G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
  • G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
  • G07F7/0806—Details of the card
  • G07F7/0813—Specific details related to card security
  • G07F7/0826—Embedded security module
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
  • H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
  • H04L9/0625—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
  • H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
  • H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
  • H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
  • H04L9/0844—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
  • H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
  • H04L9/0897—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
  • H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
  • H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
  • H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
  • H04L9/3273—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication

Definitions

• the invention relates to a method for securing a predetermined operation, in particular the pre-initialization phase of an on-board system with an electronic chip, by the secure loading of an encryption key for dedicated use. It applies more particularly to a smart card.
• the invention also relates to an on-board system for implementing the method.
• pre-initialization is understood in a general sense. It relates in particular to the manufacturing phase of a traditional smart card or to the phase preceding the initialization phase of a so-called open smart card.
• on-board system refers to various systems or devices having in common the fact of having an electronic chip comprising memory and data processing means, generally constituted by a microprocessor or a microcontroller. Such an on-board system can be constituted in particular by a smart card.
• the manufacturing of a smart card is carried out in two main phases.
• an electronic chip is manufactured by a first entity, which will be called “founder” below.
• this electronic chip is placed in a module and then integrated into a support, namely a substantially rectangular piece of plastic, constituting the smart card itself.
• This operation is generally carried out by a second entity, distinct from the first, which will be called hereinafter "inserter”.
• pre-personalizer performs the aforementioned pre-initialization operation.
• the manufacturing key securing all the stages of pre-initialization of a smart card is written in clear and without prior authentication by the card designer.
• This operating mode poses several problems: if cards are stolen during their transport from the founder to the inserter, no software security (“software”) is ensured: the cards can be fraudulently pre-initialized and used in a malicious manner by the following ; a fraudster making a card at any cloned point can insert it into the carding chain without being spotted; and - a simple line espionage makes it possible to obtain the manufacturing key transmitted in clear.
• the invention aims to overcome the drawbacks of the devices of the known art, some of which have just been mentioned.
• the writing of the manufacturing key is protected by mutual authentication between a body known by the acronym "SAM” (for "Security Access Module” or “ Secure Access Module ”) and the smart card, so as to take advantage of the use of a false" SAM “module or a cloned smart card or else having a non-volatile memory,” ROM “or other ", falsified.
• SAM Secure Access Module
• this module will be called” SAM ". It can be hosted in a microcomputer or a smart card, for example.
• SAM as being a” key-carrying "organ. This in fact stores a secret key which is never disclosed, in the sense that it is not communicated to the outside world. It is used to calculate other keys allowing the aforementioned mutual authentication.
• the authentication of the "SAM” by the smart card uses an asymmetric type encryption algorithm. It may be, for example, the algorithm widely used in the field of banking applications and known by the acronym "RSA” (for “Rivest, Shamir and Adieman", inventors designated in US Patent 4,405,829 A) .
• RSA for "Rivest, Shamir and Adieman", inventors designated in US Patent 4,405,829 A
• a smart card being provided only with limited computer resources, it will be preferable to use, for this purpose, the so-called “Rabin” algorithm. Indeed, in the latter case, the necessary computing power is less, which is better suited to the characteristics specific to a device of the chip card or similar type.
• the asymmetric type algorithm used is the "Rabin” algorithm.
• this is advantageously based on a symmetrical algorithm, preferably of the type called “triple DES” (for "Data Encryption System”).
• the method according to the invention then allows the authenticated "SAM" to load the manufacturing key securely to the smart card itself authenticated.
• the main object of the invention is therefore a method of securely loading a key dedicated to securing a predetermined operation in memory means of an electronic chip of an on-board system, said dedicated key being contained in a device.
• said security device comprising bidirectional communication means with said electronic chip, characterized in that, said memory means of said electronic chip storing a symmetric secret encryption key and an asymmetric public key and said security device storing the same secret encryption key symmetrical and the asymmetric secret key corresponding to the public key of said electronic chip, it comprises: - a first phase consisting in the authentication of said security device by said electronic chip and comprising the steps of generation by the electronic chip of a first random number and its transmission n to the security device, the generation by the latter of a second random number and of a first cryptogram, from said first and second random numbers, by the application of a signature algorithm of asymmetric type, to the using said secret key asymmetrical, and its transmission to said electronic chip so as to carry out therein said authentication by verification using said public key;
• a second phase consisting in the authentication of said electronic chip and comprising the steps of generation, by the electronic chip and said security device of a secret key known as a session key from said first random number, by the application of a symmetric type encryption algorithm, using said secret encryption key, followed by the generation of a second cryptogram by the application of a symmetric type encryption algorithm, using said secret key session and its transmission to said security device so as to perform said authentication by verification using said session key;
• the invention also relates to an on-board electronic chip system for implementing the method.
• FIG. 1 schematically illustrates an example of configuration of the memory of a chip card according to one aspect of the invention, for the registration of a public key
• FIG. 2 schematically illustrates the main exchanges of information for the mutual authentication of a so-called "SAM" module, key holder, and of a smart card, according to the method of the invention
• FIG. 3 illustrates an example of concatenated data used for the calculation of a Rabin signature on random numbers generated respectively by the smart card and the "SAM" module, according to one aspect of the method of the invention
• FIG. 4 illustrates, in one example, the generation of a session key in the smart card, according to one aspect of the invention
• FIG. 5 illustrates, in one example, the generation of a cryptogram in the smart card, using the session key, according to one aspect of the invention
• FIG. 6 illustrates an example of concatenated data used for the calculation of a Rabin signature, calculated by the "SAM", on the command for loading the manufacturing key to be transferred encrypted in the smart card.
• the method according to the invention requires, from the point of view of the smart card and of the "SAM” module, a symmetrical secret key, which will be called hereinafter master key K M.
• This key K M must be present as soon as the electronic chip or "chip” leaves the entity which has been called “founder”.
• This key K M is carried out in a non-volatile part of the memory with which the electronic chip is provided: fixed memory of “ROM” type or semi-fixed of “EEPROM” type or the like.
• the key K M is written "under point" in "EEPROM” by the founder.
• the bytes making up the K M key are extremely sensitive data and should be treated as security bytes. Storage in "EEPROM” allows a possible diversification of this K M key for several batches of cards.
• the method according to the invention also requires, from the point of view of the smart card, an asymmetric public key, which will be called hereinafter asymmetric public key n.
• This key n fixed for all cards, must be present as soon as the electronic chip or "chip” leaves the entity which has been called “founder”.
• the storage of this key n is carried out in a non-volatile part of the memory with which the electronic chip is provided: fixed memory of “ROM” type and / or semi-fixed of “EEPROM” type or similar
• the non-volatile memory of the electronic chip has a hybrid, physical and logical, particular configuration.
• a fixed part is provided, of the "ROM” type and a semi-fixed re-programmable part, for example of the "EEPROM” type.
• the bytes of the aforementioned public key are distributed between these two memory areas in the particular way explained below. The bytes must be present as soon as the chip leaves the home of the founder.
• FIG. 1 schematically illustrates such a memory configuration of a chip card CP.
• the memory means M comprise in particular a memory part 1, of the "ROM” type, and a memory part 2, of the "EEPROM” type.
• eight blocks of twelve bytes of digital data, B ⁇ to B a representing the aforementioned public key n, are recorded in the memory “ROM” 1.
• B ⁇ to B s there is an intentionally wrong byte, arbitrarily the bytes, O ⁇ to O ⁇ .
• Eight correct bytes, 0 to 0 ' 8 corresponding to these erroneous bytes Oi to O ⁇ , are recorded in the memory "EEPROM" 2.
• the first phase of the method according to the invention consists in authenticating the "SAM" vis-à-vis the smart card CP.
• This phase notably includes a step of calculation by the "SAM" of a cryptogram by making use of an asymmetric secret key corresponding to the asymmetric public key n contained in the card.
• the key is composed of two prime numbers, which will be called arbitrarily p and g.
• K pq the asymmetric secret key of the "SAM.
• the SAM "identifies itself vis-à-vis the smart card CP and the latter recognizes its interlocutor with the public key n.
• SAM 3 recovers from the chip card CP a random number N aC over sixteen bytes.
• the number N aC will be called hereinafter “card random number” and can be generated, for example, by the calculation means of the chip card CP, in the example illustrated, a microprocessor CPU.
• the "SAM” 3 generates also a random number of sixteen bytes which will be called “SAM random number" N aS .
• a Rabin signature which will be called SR below, is calculated by the "SAM" 3 on ninety-six bytes of data, referenced DSR.
• This DSR data can be in accordance with the concatenation illustrated in FIG. 3, so as to reach the aforementioned ninety-six bytes:
• DSR ⁇ a sequence of fifty nine bytes of filling, DSR ⁇ , having for example the following fixed configuration: 01, FF, ... FF, in hexadecimal; - a series of five bytes, DSR 2 , known as the header of the mutual authentication command; and
• DSR3 thirty two bytes, DSR3, constituted by the concatenation of the numbers N aS and N aC above.
• the sequence of five bytes from the header of the mutual authentication command, DSR 2 can advantageously consist of the content of a command of a type called "APDU", if the chip card CP is read by a smart card reader according to a protocol conforming to the standards "ISO 7816-1" to "ISO 7816-4". More specifically, it may be the code associated with a loading instruction.
• the Rabin signature SR and the random number N aS are sent to the smart card CP, by means of an incoming-outgoing order 0 E s, indicating mutual authentication.
• the "SAM” 3 is the only one capable of generating this SR signature, since the secret key which it stores is never disclosed.
• the smart card CP verifies the Rabin signature using the asymmetric public key n which it stores, which makes it possible to authenticate the "SAM” 3.
• the second phase of the method consists in authenticating the smart card CP vis-à-vis the "SAM" 3, so as to complete the mutual authentication of the two entities.
• the smart card CP From the master secret key K M and the aforementioned random number of sixteen bytes, N aC , the smart card CP generates a secret symmetric key so-called session, K s , of sixteen bytes, making it possible to calculate a cryptogram specific to the smart card CP.
• this secret session key, K s is obtained by carrying out an encryption by a triple type algorithm "DES" on the two parts, ⁇ / aC ⁇ and ⁇ / aC 2, of the random number card N aC ,
• DES triple type algorithm
• an encryption by a triple DES type algorithm comprises, in cascade, a first encryption, using a key (in this case the master secret key K M ), by a "DES "direct, a second reverse” DES “and a third” DES ", also direct.
• the triple “DES” is carried out directly using three cascaded modules, referenced Du, D 2 ⁇ and D 31 .
• the modules D and D 31 receive, on their key inputs, the same key value, in this case the "most significant" part of eight bytes, K M , of the key K M , while the module D 2 ⁇ receives , on its key entry, the "least significant” part, K M2 , always on eight bytes.
• the “most significant” part of eight bytes, K S ⁇ , of the secret session key K s is obtained.
• This eight-byte word, K Sl can be temporarily stored in a memory register or in a part of the random access memory with which the chip card CP is usually provided.
• the part " S1 is re-injected on a first input of a logic circuit of the" OR-exclusive “type referenced XOR. This receives, on a second input, the part” most significant "of eight bytes, N aC2 , of the random number smart card, N aC .
• the output of this logic circuit XOR is transmitted to the input of an encryption chain in triple "DES". This triple "DES” is carried out using three modules in cascade, referenced D 12 , D 22 and D 32.
• the modules D 12 and D 32 receive, on their key inputs, the same key value, in this case the "most significant” part of eight bytes , Km, of the key K M , while the module D 22 receives, on its key input, the "least significant” part, K M2 , always on eight bytes.
• the “least significant” part of eight bytes, K S2 of the secret session key K s is obtained.
• This eight-byte word, K S2 can also be temporarily stored in a memory register or in a part of the random access memory.
• the secret key K M can be present in "ROM”, or written “under point” in "EEPROM”, as it was recalled previously.
• the "SAM" 3 is able to calculate the same secret session key K s , as has just been described, since the latter also stores the master secret key K M.
• the smart card CP In an additional step, the smart card CP generates a series of bytes which will be called hereinafter "card cryptogram" CC.
• card cryptogram CC.
• the latter is obtained by encrypting the random number "SAM” transmitted to the smart card CP using the secret session key K s which has just been calculated.
• Figure 5 illustrates the process. The latter is similar to that which made it possible to calculate the secret session key K s . It notably uses "OR-exclusive" functions and encryption according to the triple "DES" algorithm.
• the random number "SAM”, N aS has been received from “SAM” 3 and is temporarily stored in a memory, register or other location.
• the most significant part on eight bytes, ⁇ / aS ⁇ , of this random number, N aS is subjected to a triple "DES" by the chain Du to D 31 .
• the encryption key is the secret session key K s calculated in the previous step. More precisely, the key entries of the "DES” Du and D 31 receive the eight most significant bytes, K S ⁇ , of this key K s , and the key entry of the "DES” D 2 ⁇ , the eight least significant bytes, K S2 .
• This process calculates the eight most significant bytes, CC, of the CC cryptogram.
• CC bytes ⁇ are re-injected at the input of the triple encryption chain "DES", D 12 to D 32 , for the least significant bytes, N aS2 , of the random number "SAM" N aS , more precisely on a inputs of a second XOR 2 "OR-exclusive" circuit, the first input receiving the eight least significant bytes of the random number N aS . Is this the output of this XOf circuit? 2 which is transmitted to the above-mentioned channel.
• the key entries of "DES” D 12 and D 3 receive the eight most significant bytes, K S of this key K s , and the key entry of "DES” D 22 , the eight most significant bytes , K S2 .
• the output of "DES” D 32 generates the eight least significant bytes CC 2 of the CC card cryptogram.
• This cryptogram is transmitted to the "SAM” 3, by means of the OES input-output order (FIG. 2) of mutual authentication.
• the "SAM” 3 can authenticate the smart card CP from the cryptogram card CC, since it has also calculated the session key K s , as recalled above.
• the last step consists of loading the so-called manufacturing key K F into the memory of the chip card CP., Using a loading command C cn .
• This key K F is secured by encryption using the secret session key K s , in so-called "CBC" mode (for "Concatened Blocks Ciphering"). If the load command fails, the session key K s is lost and a new mutual authentication is necessary, with the calculation of a new session key.
• FIG. 6 schematically illustrates the DSR data used to calculate a Rabin signature SR '.
• DSR ie x bytes, for example of configuration: 01, FF ... FF, in hexadecimal (the value of x is chosen so that the total number of bytes of DSR 'is equal to four twenty sixteen).
• the invention achieves the goals it has set for itself.
• the loading of the manufacturing key used subsequently for securing the pre-initialization steps of the chip card CP is carried out with a very high level of security.
• the method makes it possible to load into each chip card CP its own key, or in other words a key different from the other chip cards.
• the method does not necessarily require the use of long and costly operations, of the reported type known as "under the tip of the founder".
• the precise numerical values, number of bytes or others, have been indicated only for the purpose of fixing ideas and cannot in any way limit the scope of the invention.
• the length of the encryption keys depends on the degree of security that is expected to be achieved and can result from technological choices, linked for example to de facto standards and / or to the types of algorithms chosen.
• the invention is not limited to only applications based on smart cards. It can find application within the framework of any on-board system comprising an electronic chip or a similar member, in which it is necessary to load a key for securing predetermined operations.
• the operations in question may be pre-initialization operations, as described in detail, but also other types of operations.

Landscapes

• Engineering & Computer Science (AREA)
• Business, Economics & Management (AREA)
• Computer Security & Cryptography (AREA)
• Computer Networks & Wireless Communication (AREA)
• Accounting & Taxation (AREA)
• Physics & Mathematics (AREA)
• General Physics & Mathematics (AREA)
• Signal Processing (AREA)
• Strategic Management (AREA)
• General Business, Economics & Management (AREA)
• Theoretical Computer Science (AREA)
• Finance (AREA)
• Microelectronics & Electronic Packaging (AREA)
• Development Economics (AREA)
• Economics (AREA)
• Storage Device Security (AREA)
• Credit Cards Or The Like (AREA)

Applications Claiming Priority (3)

Publications (1)

Family

ID=8851071

Family Applications (1)

Country Status (7)

Families Citing this family (43)

Family Cites Families (32)

• 2000
  • 2000-06-08 FR FR0007319A patent/FR2810139B1/fr not_active Expired - Fee Related
• 2001
  • 2001-06-08 TW TW090113952A patent/TW513681B/zh not_active IP Right Cessation
  • 2001-06-08 WO PCT/FR2001/001774 patent/WO2001095274A1/fr active Application Filing
  • 2001-06-08 US US10/049,025 patent/US7602920B2/en not_active Expired - Fee Related
  • 2001-06-08 JP JP2002502735A patent/JP3773488B2/ja not_active Expired - Fee Related
  • 2001-06-08 EP EP01943588A patent/EP1234284A1/de not_active Withdrawn
  • 2001-06-08 CN CNB018019501A patent/CN1172477C/zh not_active Expired - Fee Related

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events