EP1904980A1 - Verfahren zum betreiben eines tragbaren datenträgers - Google Patents
Verfahren zum betreiben eines tragbaren datenträgersInfo
- Publication number
- EP1904980A1 EP1904980A1 EP06754379A EP06754379A EP1904980A1 EP 1904980 A1 EP1904980 A1 EP 1904980A1 EP 06754379 A EP06754379 A EP 06754379A EP 06754379 A EP06754379 A EP 06754379A EP 1904980 A1 EP1904980 A1 EP 1904980A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- file
- data carrier
- portable data
- specific key
- content
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/357—Cards having a plurality of specified features
- G06Q20/3576—Multiple memory zones on card
- G06Q20/35765—Access rights to memory zones
Definitions
- the invention relates to a method for operating a portable data carrier. Furthermore, the invention relates to a portable data carrier.
- a secret data can be stored in the portable data carrier, for example, a secret key, a personal secret number, a personal secret code for resetting the portable data carrier after its blocking, etc.
- the pointer is influenced by an attack, for example by a strong UV irradiation of the portable data carrier, in such a way that it points to a memory location other than the intended one, this has the consequence that data which are not intended for this purpose can be accessed via the Input / output process associated interface are output.
- a portable data carrier that has a multitasking operating system, several processes are simultaneously executed, such as input / output processes, cryptographic processes or applications. This may result, for example, in the event that manipulation of a pointer used by an input / output process causes data of an application to be output in an inadmissible manner. If these data are stored in plain text, there is a risk of misuse. However, this danger can also exist with data that is stored in encrypted form, since these are usually decrypted after reading from the memory.
- a plurality of files with an encrypted file content are created in a memory of the portable data carrier.
- the file contents of the individual files are encrypted in different ways, so that each decryption requires a file-specific key.
- a process running in the portable data carrier is given the associated file-specific key for accessing the file content of one of the files.
- the invention has the advantage that an access of the process to the data provided for it in a simple manner is possible and thereby access to other data is reliably prevented.
- the other data is reliably protected even if, as a result of a manipulation, access takes place at the storage location of this other data.
- the file-specific keys are preferably stored in the memory of the portable data carrier and are therefore available to the portable data carrier at any time.
- the file-specific keys are each generated and stored when encrypting the file contents.
- the process may be provided with information regarding the storage location at which the file content is stored and / or information regarding the size of the file content.
- the transfer of the file-specific key and / or the information relating to the storage location and / or the information relating to the size of the file content can be protected by a temporarily valid key. Alternatively or additionally, this transfer can be carried out in several steps.
- the handover is preferably controlled by an operating system kernel.
- the file-specific key and / or the information regarding the storage location and / or the information relating to the size of the file content are preferably taken from the file whose file contents are provided with access by the process. This simplifies the management and assignment of the individual parameters.
- the file-specific key and / or the information regarding the storage location and / or the information regarding the size of the file content may be taken from a file header which is embodied as a separate area of the file on the file contents of which access is provided by the process. This has the advantage that the file header is usually provided anyway and contains information regarding the file.
- each file that is created is preferably created with an encrypted file content.
- the process to enable access to the file content may be an input / output process for inputting and / or outputting data through a portable data medium interface. Such a process is particularly critical to spying because it transmits data to the outside world.
- the portable data carrier according to the invention has a memory in which a plurality of files are stored with an encrypted file content.
- the file contents of the individual files are encrypted in different ways, so that each decryption requires a file-specific key.
- the portable data carrier according to the invention has an operating system kernel for transferring the respective file. specific key to a process running in the portable data carrier for accessing the file content of the respective file.
- the portable data carrier according to the invention has a multi-tasking operating system which allows a simultaneous execution of several processes.
- the portable data carrier according to the invention is designed as a chip card.
- FIG. 1 is a highly simplified block diagram for an embodiment of a portable data carrier
- Fig. 2 is a simplified representation of an operating state of the portable data carrier
- Fig. 3 is a flow chart illustrating the flow of output of the file contents by the input / output process.
- a portable data carrier 1 shows a highly simplified block diagram for an exemplary embodiment of a portable data carrier 1, in which the method according to the invention can be used. It is to be regarded as a portable data carrier 1 in the context of the invention, a computer system in which the resources, ie memory resources and / or computing capacity (computing power) are limited, z.
- a smart card smart card, microprocessor chip card
- a token or a chip module for installation in a smart card or in a token.
- the portable data carrier 1 can have any standardized or non-standardized shape, for example the shape of a flat chip card without standard or according to a standard such as ISO 7810 (eg ID-1, ID-OO, ID-000) or a voluminous token.
- the portable data carrier 1 has a processor unit 2, which controls the functional sequences of the portable data carrier 1 and is also referred to as a central processing unit, abbreviated CPU. Furthermore, the portable data carrier 1 has an interface 3 for inputting and outputting data and a memory 4.
- the memory 4 consists of a permanent memory 5, a nonvolatile memory 6 and a volatile memory 7. Alternatively, another structure of the memory 4 is possible.
- the processor unit 2 is connected to the interface 3, the permanent memory 5, the nonvolatile memory 6 and the volatile memory 7.
- the interface 3 is used for communication with external devices, which can be handled by a contacting contact of the portable data carrier 1 and / or contactless.
- non-volatile memory 5 data is stored, which remain unchanged during the entire lifespan of the portable data carrier 1.
- data is used in the following very general in the sense of any information, regardless of their content and it is, for example, programs, parameters, personal information, keys, etc. subsumed.
- the operating system of the portable data carrier 1 is stored in the non-volatile memory 5.
- the volatile memory 7 serves as a working memory for the processor unit 2, so that secret data, for example, when performing calculations in the volatile memory 7 are cached.
- the memory contents are retained only as long as the portable data carrier 1 is supplied with an operating voltage.
- the non-volatile memory 6 can be rewritten over and over again during the life of the portable data carrier 1. The respective memory content is maintained even if the portable data carrier 1 is not supplied with the operating voltage.
- the nonvolatile memory 6 for example, additions to the operating system, application software, keys, personal data, etc. are stored.
- the portable data carrier 1 is operated in a multitasking mode in which a plurality of processes are executed simultaneously.
- an input / output process 8 and an application 9 are shown, which run simultaneously.
- an operating system kernel 10 is shown, which controls the data exchange between the processes, here between the application 9 and the input / output process 8.
- the input / output process 8 handles the data transfer via the interface 3 of the portable data carrier 1.
- the output of data via the interface 3 is of interest.
- the application 9 allows the use of the portable data carrier 1 for a designated purpose.
- the application 9 has a file system with a plurality of files 11, each consisting of a file header 12 and a file body 13.
- the file body 13 contains the actual file content, ie the user data.
- the file content may be, for example, data needed to run the application 9.
- the file stored in encrypted form wherein a decryption using the key noted in the file header 12 key is possible.
- the file contents of the individual files 11 are each encrypted in different ways, so that each file header 12 contains a different key. With this key, only the file content of the associated file body 13 can be decrypted. The file content of the other files 11 can not be decrypted with this key.
- the input / output process 8 outputs the file content of the active file 11 of the application 9 via the interface 3 of the portable data carrier 1 in plain text.
- the relevant procedure will be explained with reference to FIG. 3.
- Fig. 3 is a flow chart showing the procedure of outputting the file contents by the input / output process 8.
- the flowchart processing starts with step S1 where the operating system kernel 10 holds the file content decrypting key and the initial address pointer and the length of the file body 13 is determined from the associated file header 12.
- Step S1 is followed by a step S2, in which the operating system kernel 10 transfers the information determined from the file header 12 to the input / output process 8.
- This transfer is preferably secured with a session key in order to prevent manipulation and / or spying.
- the session key is only during one Operating phase of the portable data carrier 1 valid. In the next phase of operation, a new session key will be agreed.
- Step S2 is followed by a step S3 in which the input / output process 8, beginning with the starting address of the file body 13, which is determined by the pointer transferred in step S2 and the file body 13 transferred in step S2, is the file content read.
- a step S4 is executed, in which the file content is decrypted using the key given in step S2.
- the step S4 is followed by a step S5 in which the clear text of the file content determined in step S4 is output via the interface 3 of the portable data carrier 1.
- the procedure described ensures that the file content that is read out by the input / output process 8 can not be read by any other process in a content-conclusive manner. Even if another process would do a read at the correct memory address, the resulting file content would not be usable because it is in encrypted form and the other process does not have the key needed for decryption.
- the input / output process 8 via the interface 3 outputs other data in plain text than the designated file content. Even if an attacker managed to change by a disturbance, for example an intensive UV irradiation, the pointer given to the input / output process 8 or the transferred length of the file body 13, he could not Spying on data. Although the input / output process 8 would then read out data outside the intended file body 13. However, since these data are encrypted differently than the file contents for which the key was handed over to the input / output process 8, the input / output process 8 can not correctly decrypt the illegally read data and accordingly outputs unusable data via the interface 3 of the portable Disk 1 off.
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Computer Networks & Wireless Communication (AREA)
- Accounting & Taxation (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE200510027709 DE102005027709A1 (de) | 2005-06-15 | 2005-06-15 | Verfahren zum Betreiben eines tragbaren Datenträgers |
PCT/EP2006/005750 WO2006133934A1 (de) | 2005-06-15 | 2006-06-14 | Verfahren zum betreiben eines tragbaren datenträgers |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1904980A1 true EP1904980A1 (de) | 2008-04-02 |
Family
ID=36855913
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP06754379A Ceased EP1904980A1 (de) | 2005-06-15 | 2006-06-14 | Verfahren zum betreiben eines tragbaren datenträgers |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP1904980A1 (de) |
DE (1) | DE102005027709A1 (de) |
WO (1) | WO2006133934A1 (de) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2012017059A1 (en) | 2010-08-05 | 2012-02-09 | Gemalto Sa | System and method for securely using multiple subscriber profiles with a security component and a mobile telecommunications device |
DE102014007382A1 (de) | 2014-05-20 | 2015-12-17 | Giesecke & Devrient Gmbh | Verfahren zum Betreiben eines Sicherheitsmoduls sowie ein solches Sicherheitsmodul |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4051510B2 (ja) * | 1998-07-16 | 2008-02-27 | ソニー株式会社 | データ記憶装置およびデータ記憶方法 |
JP4423711B2 (ja) | 1999-08-05 | 2010-03-03 | ソニー株式会社 | 半導体記憶装置及び半導体記憶装置の動作設定方法 |
FR2849233B1 (fr) | 2002-12-24 | 2005-05-20 | Trusted Logic | Procede de securisation des systemes informatiques par confinement logiciel |
JP2006155190A (ja) * | 2004-11-29 | 2006-06-15 | Sony Corp | データ記憶装置、データ処理方法、記録媒体、およびプログラム |
-
2005
- 2005-06-15 DE DE200510027709 patent/DE102005027709A1/de not_active Ceased
-
2006
- 2006-06-14 WO PCT/EP2006/005750 patent/WO2006133934A1/de active Application Filing
- 2006-06-14 EP EP06754379A patent/EP1904980A1/de not_active Ceased
Non-Patent Citations (2)
Title |
---|
None * |
See also references of WO2006133934A1 * |
Also Published As
Publication number | Publication date |
---|---|
WO2006133934A1 (de) | 2006-12-21 |
DE102005027709A1 (de) | 2006-12-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE69531082T2 (de) | Verfahren und Vorrichtung mit einem Verschlüsselungskopfteil, die es ermöglicht, Software zu erproben | |
DE69635868T2 (de) | Verfahren und vorrichtung zum kryptographisch gesteuerten betrieb eines zusatzgeräts | |
EP1360644B1 (de) | Sicherheitsmodul mit flüchtigem speicher zur speicherung eines algorithmuscodes | |
DE69531077T2 (de) | Verfahren und Vorrichtung mit Benutzereinwirkung der Art Erproben-und-Kaufen, die es ermöglicht, Software zu erproben | |
DE69731338T2 (de) | Verfahren und System zum sicheren Übertragen und Speichern von geschützter Information | |
DE102009041176B4 (de) | Compiler-System und Verfahren zum Kompilieren eines Quellencodes zu einem verschlüsselten Maschinensprachcode | |
EP0654919A2 (de) | Verfahren zur Authentifizierung eines Systemteils durch ein anderes Systemteil eines Informationsübertragungssystems nach dem Challenge-and-Response-Prinzip | |
EP0965076A1 (de) | Elektronische datenverarbeitungseinrichtung und -system | |
EP1883906B1 (de) | Tragbarer datenträger mit sicherer datenverarbeitung | |
EP2864871B1 (de) | Verfahren und vorrichtung zum austausch des betriebssystems eines ressourcenbeschränkten tragbaren datenträgers | |
EP1321888B1 (de) | Verfahren zur Erhöhung der Sicherheit von Schaltkreisen gegen unbefugten Zugriff | |
DE112006004173T5 (de) | Schutz eines programmierbaren Speichers gegen unberechtigte Veränderung | |
EP1904980A1 (de) | Verfahren zum betreiben eines tragbaren datenträgers | |
EP2562670B1 (de) | Verfahren zur Durchführung eines Schreibzugriffs, Computerprogrammprodukt, Computersystem und Chipkarte | |
WO2006072568A1 (de) | Tragbarer datenträger mit wasserzeichen-funktionalität | |
EP2060988B1 (de) | Sicherheitsmodul | |
AT509336B1 (de) | Chipkarte mit autorun-funktion | |
DE19705620C2 (de) | Anordnung und Verfahren zur dezentralen Chipkartenidentifikation | |
DE60216106T2 (de) | Geschützte lesung von rechnerbefehlen in einem datenverarbeitungssystem | |
DE4420970A1 (de) | Entschlüsselungseinrichtung von Entschlüsselungsalgorithmen und Verfahren zur Durchführung der Ver- und Entschlüsselung derselben | |
WO2010040423A1 (de) | Ausführen kryptographischer operationen | |
DE19634712C2 (de) | Vorrichtung und Verfahren zum geschützten Übertragen und Darstellen elektronisch publizierter Dokumente | |
DE102004052101B4 (de) | Verfahren und Vorrichtung zur Entschlüsselung breitbandiger Daten | |
EP1288768A2 (de) | Intelligenter Dongle | |
EP1460510B1 (de) | Verfahren zur sicheren Kommunikation zwischen einer Datenverarbeitungsanlage und einer Sicherheitseinrichtung |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20080115 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR |
|
DAX | Request for extension of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
17Q | First examination report despatched |
Effective date: 20130606 |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: GIESECKE+DEVRIENT MOBILE SECURITY GMBH |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R003 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED |
|
18R | Application refused |
Effective date: 20180616 |