Classifications

• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07F—COIN-FREED OR LIKE APPARATUS
  • G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
  • G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
  • G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
  • G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
  • G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
  • G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/38—Payment protocols; Details thereof
  • G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
  • G06Q20/409—Device specific authentication in transaction processing
  • G06Q20/4097—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
  • G06Q20/40975—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07F—COIN-FREED OR LIKE APPARATUS
  • G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
  • G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
  • G07F7/0806—Details of the card
  • G07F7/0813—Specific details related to card security
  • G07F7/0826—Embedded security module

Definitions

• the present invention relates to the field of transmissions by means of secure data communications.
• the invention relates in particular to the services provided by communications based on the internet protocol ("WWW”), and relates to an integrated circuit card (s) making it possible to secure such transmissions, a suitable communication device to cooperate with such a card, a device formed by the association of the aforementioned device and card and a communication system comprising at least one such device.
• WWW internet protocol
• the term integrated circuit (s) or chip (s) card applies to any support, in particular a plate-shaped support made of thermoplastic material, containing at least one integrated circuit of the microprocessor type. associated with a memory and contact terminals on the surface.
• These cards have a size adapted to the receiving slot of the host unit or of the connection module associated with the latter and intended to temporarily receive said card.
• These cards are generally each assigned in a personal and unique way to an individual owner and user and each accompanied by a confidential code known to the user alone. 0 Typical, but non-limiting examples of such cards are payment cards or bank cards.
• “smart” as a removable accessory component for authenticating or securing data transmitted or received by a host unit, such as a computer, cell phone, personal electronic assistant, or data processing and communication unit or the like .
• These cards fulfill either only a purely slave role of supplier of a session key, or in addition an active role as a slave unit under the control of the software means installed in the 0 host unit and implemented by the latter. to provide the user with the services required by him In the latter case, the card performs a certain number of cryptographic calculation procedures (verification of certificates, calculation of a session key, generation of signature, hashing, coding, decoding. ..) at the request and according to the needs, by for example, a browser, browser, email software, or a communications or security layer software entity.
• the aforementioned resident software of the host unit makes the card perform cryptographic calculations which they need for the security layer implanted in the host unit, so that the latter can perform all of the required security operations.
• FIG. 1 An example of a general architecture of such a host unit / card association is shown diagrammatically in FIG. 1 (resident software 2 ′).
• all security operations is understood to mean all the operations necessary for exchanging secure data with a so-called secure remote unit. This is, in particular, all of the algorithm functions that are currently found in the security layer of an internet-type communication protocol.
• This layer of security or security can be, for example, of the type SSL (Secure Sockets Layer - layer of secure connection), TLS (Transport Layer Security - layer of secure transport) or even WTLS (Wireless Transport Layer Security - layer of radio transport safe).
• SSL Secure Sockets Layer - layer of secure connection
• TLS Transport Layer Security - layer of secure transport
• WTLS Wireless Transport Layer Security - layer of radio transport safe
• the transmission protocols implemented at the level of the communication interface 3 could, for example, be of the type known under the designation UDP (for User Datagram Protocol) or under the designation TCP (both linked to the IP layers).
• UDP User Datagram Protocol
• TCP both linked to the IP layers.
• UDP User Datagram Protocol
• TCP both linked to the IP layers.
• a major risk results from these uses due to the export of the session key to the host unit (for example for encryption), namely that said session key can be pirated by software of known type under the designation "Trojan Horse” and that erroneous information may be generated.
• the security layer in the host unit its possible evolution, to take into account the necessary evolution of security techniques, is directly linked to a more general modification of the installed software or even to a change of the host unit, in particular with regard to consumer products. There can be a significant delay between the rapidly evolving hacking techniques and the obsolete security layer installed in - J - the host unit, making the latter extremely vulnerable in the event of communication with the outside.
• the present invention aims in particular to overcome at least some of the limitations and to overcome some of the aforementioned drawbacks.
• the main object of the present invention is an integrated circuit card (s) comprising a connection and communication interface intended to establish communication with a host unit in the form of a communication device and cryptographic software means for performing cryptographic calculations, card characterized in that the integrated circuit (s) also includes a security or safety software layer capable of cooperating with said cryptographic software means a set of secure operations on the data received and to be transmitted via the connection and communication interface of said card.
• FIG. 2 is a schematic representation (block diagram) of a possible architecture of a host unit and of the card which can be associated with the latter according to a first variant embodiment of the invention
• Figure 3 is a schematic representation similar to that of Figure 2 incorporating a second alternative embodiment of the card according to the invention
• FIG. 4 is an alternative embodiment of the architecture of a host unit forming part of a device similar to those represented in FIGS. 1 and 2
• FIG. 5 is a flowchart showing an example of setting procedure communication based on the WAP protocol (Radio application protocol).
• WAP protocol Radio application protocol
• the present invention relates firstly to a card 1 with integrated circuit (s) 1 ′ comprising a connection and communication interface 3 ′ intended to establish communication with a host unit 2 in the form of a communication device and cryptographic software means 4 'for performing cryptographic calculations.
• This card is characterized in that the integrated circuit (s) further comprises a security or safety software layer 4 capable of cooperating with said cryptographic software means 4 ′ to produce a set of 'secure operations on the data received and to be sent via the connection and communication interface 3' of said card 1.
• a security or safety software layer 4 capable of cooperating with said cryptographic software means 4 ′ to produce a set of 'secure operations on the data received and to be sent via the connection and communication interface 3' of said card 1.
• the card according to the invention has the advantage of avoiding the export of the session key to the outside, since said card itself comprises the security software layer which was generally found in the unit. host. As a result, communications are more secure.
• the card 1 advantageously includes a memory for storing the session key (or encryption / decryption key), the read access of which is only authorized for said security layer 4 of the card 1 so as to avoid access by means external to the card.
• the security software layer 4 comprises a function or a group of functions allowing negotiation of an algorithm and of a key, as well as an encryption and decryption function and, where appropriate, in addition a certificate authentication function.
• said security software layer 4 is, in cooperation with said cryptographic software means 4 ′, capable of carrying out a set of security operations allowing communication security of the "internet" type.
• this layer 4 is preferably chosen from the group formed by layers of the SSL, TLS, WTLS or similar type.
• said security software layer 4 is able to process all, or if necessary at least part, of the incoming and outgoing data flows by at least one communication interface 3 of said host unit 2 ensuring the connection from the latter to a communication network, by performing the required security operations on said data.
• This card 1 can therefore take into account the data flow at the output of the client software 2 ′ residing in the host unit 2 to subject it to secure operations and then transmit it, secure, to the software layers ensuring, in association with the interface 3, transport of the same host unit 2. Symmetrically, this card 1 can also take into account the data flow at the output of the transport software layers of the host unit 2 (in association with the interface 3) to subject it to secure operations and then transmit it, secure. , to the 2 'resident client software concerned.
• the speeds can reach several Megabits per second, which implies that the internal architecture of the card must be designed to slow down minimum data flows (cryptographic solutions of the DES wheat type, RAM memory 16 or 32 Kbytes, CPU cache and 32-bit CPU are to be considered).
• the card 1 will therefore constitute a removable security buffer of the host unit 2, the functionalities of which can be personalized according to the owner of the card (possibility of creating different security levels with the same host unit 2) and the rupture of which connection with the host unit 2 can, according to an alternative embodiment of the invention (see FIG. 2), lead to total isolation, hardware and software, between the communication interface 3 and the resident software 2 '.
• said server can transmit a determined form which the user must fill out and validate by electronic signature to confirm the transaction .
• a known act of piracy consists in modifying the form at the time of the signature step.
• the user does not sign the form he is viewing or which is displayed, but makes a false form, substituted for the first, and representing for example a payment in another name, to another bank and / or another amount.
• Such an attack is generally carried out by pirating software of the "Trojan horse" type.
• the invention proposes, according to an alternative embodiment, represented in FIG. 3 of the appended drawings, that said card 1, or in any case the integrated circuit (s) l it door, features also a software means 5 for verifying forms or deeds of payment or validation of transaction, capable of keeping in memory the form or deed received from the server or from the remote host unit.
• This software means 5 checks at the time of the signature step that there has been no modification and that the client effectively validates by his signature what has been submitted to him visually for signature.
• This verification operation can be carried out by extracting static elements from said act or form, carrying out a control calculation on these elements and verifying said calculation when the resident software 2 'client returns said form or act to said remote server.
• the invention proposes that the card 1 also includes software means 6 for automatically generating an encrypted or encrypted signature.
• the automatic signature operation (valid for the data to be signed from the authenticated server with which a secure / encrypted session is in progress), takes place for example as described below.
• the server sends the client (smart card and its host unit) a document which must be signed by the client.
• a software component scans the received document to detect a need for a signature (a particular tag can for example allow this detection).
• the software component can then presign the document and present it to the user for confirmation.
• the signed document can then be returned to the server. It can be noted that at no time was the host unit required to generate the signature.
• the signature software detected when the document was transferred to the card 1, this document coming from a remote server authenticated and no other document can be signed during this connection, even on the order of the host unit.
• This mechanism can be extended to operations other than transactions with a remote server, for example to e-mails sent by the host unit 2, when the client resident software 2 is reliable.
• the card 1 can additionally comprise a software means 5 'for automatically filling in the corresponding forms or documents sent by a server or a remote host unit as part of a transaction in progress with the latter. ).
• this information and data are stored in a suitable 5 "register, are automatically read and are used to complete the fields recognized by the authenticated document as coming from a secure server or host unit.
• a communication device 2 comprising a connection interface 3 and communication with a communication network, a 3 "interface for connection and communication with an integrated circuit card (s), so as to constitute a host unit for the latter, and a security software layer, device characterized in that it includes switching means 10 capable of directing all or part of a stream of data received or of transmitting on its network interface 3 to said card interface 3.
• said switching means 10 consist of software means and are capable of directing said data flow automatically to said card interface 3 "when certain predetermined conditions are met.
• one of said predetermined conditions may reside in the detection of a more recent version of security software layer 4 available at the level of the card 1.
• this function allows the user to benefit from a newer and more sophisticated version of a security software layer by simply changing the card rather than the host device.
• one or another of said predetermined conditions may lie in the detection of an address prefix indicating that it is a secure communication or to be secured.
• the communication device 2 can be devoid of its own security layer.
• it comprises an interface 3 for connection and communication with a communication network and a 3 "interface for connection and communication with a card 1 with integrated circuit (s) l 'according to the invention so to constitute a host unit for the latter.
• This device is then characterized in that it comprises means of forced transmission 10 ′, for example wired, directing the entire flow of data received or to be transmitted on its network interface 3 to said 3 "card interface.
• the card 1 constitutes an essential component and necessary for its operation. Indeed, the absence of a card 1 according to the invention completely isolates the resident software 2 'of the device 2 from the interface 3 and the transport layers which are associated with it.
• the communication device 2 can for example consist of a mobile radiocommunication terminal, in particular a cellular telephone, in a personal digital assistant or in a communication module forming part of an electronic or computer device, in particular a portable computer.
• the present invention also relates to a device for establishing secure communications via at least one communication network, characterized in that it consists of the association of a card 1 as described above. with a communication device 2 as described above, forming a host unit for said card 1.
• the card 1 integrates a security software layer 4 capable of carrying out all of the security operations required by the host unit 2, in particular for the data received and transmitted by said at least one communication interface 3, without the session key or the key negotiated between the card 1 and the remote unit in communication with the host unit 2, is not transmitted to the host unit 2.
• the card 1 implemented preferably has at least some of the additional characteristics mentioned above.
• the card 1 is connected to said host unit 2 by at least two separate transmission channels, namely at least one network channel 8 and at least one application channel 9 , passing through the complementary interfaces 3 'and 3 "cooperating during the connection of the card 1 with the communication device 2 forming the host unit.
• the host unit 2 can, if necessary, have two parallel communication channels between the resident software 2 ′ and the interface and the communication protocols 3, namely a secure channel passing through the card 1 and a non-secure channel directly connecting the software 2 'to the interface 3, which can correspond respectively to two different transmission protocols, namely a protocol of the HTTP type (transfer protocol in hypertext mode) and a protocol of the type SHTTP (secure transfer protocol in hypertext mode).
• a protocol of the HTTP type transfer protocol in hypertext mode
• SHTTP secure transfer protocol in hypertext mode
• the software of the host unit 2 must be modified in such a way that, upon detection of the insertion of such a card 1, said unit can offer the user to use it. This detection can be done on a data area that can be recovered as soon as the card is powered up (response to reset or dedicated file).
• An example of implementation is the reservation of a port number. If we take the example of WAP, the different reserved port numbers all correspond to a type of connection. The transport layer will then only have to send the packets to the card as soon as the card has been chosen to achieve the security of connection and subsequent communication and that the port number indicates that said connection and communication have to implement such a layer.
• the latter When inserting the card or powering up the host unit 2 (with execution of the initializations specific to said unit), the latter is firstly powered up.
• the unit 2 analyzes this sequence and verifies that the card concerned indeed provides a layer of security for connections to secure servers. - The card does not react to power up (at least from the point of view of the host unit). In this case, said unit 2 will seek the information describing the functions and the specifics of the card inserted by means of a special command (file reading or the like).
• the host unit 2 can set a variable or set an analog indicator (flag) to 1, thus allowing it to signify to the layers or software concerned that communications with a secure server must rely on the security services of this card 1, that is to say direct the data and information originating from or intended for the connected secure server, to said card 1.
• This referral can either be carried out automatically (as explained above - preferred solution), or possibly at the decision of the user following a man-machine dialogue.
• the present invention additionally relates to a communication system for the exchange of secure data, said system comprising at least one device formed by the association of a cafte 1 and a communication device 2 as described above, connected via a communication network (radio, wired, mixed or other) to another similar device or to a server or a secure unit.
• a communication network radio, wired, mixed or other

Landscapes

• Engineering & Computer Science (AREA)
• Business, Economics & Management (AREA)
• General Physics & Mathematics (AREA)
• Physics & Mathematics (AREA)
• Accounting & Taxation (AREA)
• Computer Security & Cryptography (AREA)
• Strategic Management (AREA)
• General Business, Economics & Management (AREA)
• Theoretical Computer Science (AREA)
• Computer Networks & Wireless Communication (AREA)
• Microelectronics & Electronic Packaging (AREA)
• Finance (AREA)
• Mobile Radio Communication Systems (AREA)
• Computer And Data Communications (AREA)
• Storage Device Security (AREA)
• Data Exchanges In Wide-Area Networks (AREA)

Applications Claiming Priority (3)

Publications (1)

Family

ID=8859294

Family Applications (1)

Country Status (4)

Families Citing this family (11)

Family Cites Families (10)

• 2001
  • 2001-01-26 FR FR0101100A patent/FR2820231B1/fr not_active Expired - Fee Related
• 2002
  • 2002-01-25 US US10/470,192 patent/US20040065728A1/en not_active Abandoned
  • 2002-01-25 EP EP02700412A patent/EP1358641A1/de not_active Withdrawn
  • 2002-01-25 WO PCT/FR2002/000306 patent/WO2002059845A1/fr not_active Application Discontinuation

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events