EP1904980A1 - Procede pour faire fonctionner un support de donnees portable - Google Patents

Procede pour faire fonctionner un support de donnees portable

Info

Publication number
EP1904980A1
EP1904980A1 EP06754379A EP06754379A EP1904980A1 EP 1904980 A1 EP1904980 A1 EP 1904980A1 EP 06754379 A EP06754379 A EP 06754379A EP 06754379 A EP06754379 A EP 06754379A EP 1904980 A1 EP1904980 A1 EP 1904980A1
Authority
EP
European Patent Office
Prior art keywords
file
data carrier
portable data
specific key
content
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP06754379A
Other languages
German (de)
English (en)
Inventor
Michael Baldischweiler
Thorsten Ulbricht
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Giesecke and Devrient Mobile Security GmbH
Original Assignee
Giesecke and Devrient GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Giesecke and Devrient GmbH filed Critical Giesecke and Devrient GmbH
Publication of EP1904980A1 publication Critical patent/EP1904980A1/fr
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/357Cards having a plurality of specified features
    • G06Q20/3576Multiple memory zones on card
    • G06Q20/35765Access rights to memory zones

Definitions

  • the invention relates to a method for operating a portable data carrier. Furthermore, the invention relates to a portable data carrier.
  • a secret data can be stored in the portable data carrier, for example, a secret key, a personal secret number, a personal secret code for resetting the portable data carrier after its blocking, etc.
  • the pointer is influenced by an attack, for example by a strong UV irradiation of the portable data carrier, in such a way that it points to a memory location other than the intended one, this has the consequence that data which are not intended for this purpose can be accessed via the Input / output process associated interface are output.
  • a portable data carrier that has a multitasking operating system, several processes are simultaneously executed, such as input / output processes, cryptographic processes or applications. This may result, for example, in the event that manipulation of a pointer used by an input / output process causes data of an application to be output in an inadmissible manner. If these data are stored in plain text, there is a risk of misuse. However, this danger can also exist with data that is stored in encrypted form, since these are usually decrypted after reading from the memory.
  • a plurality of files with an encrypted file content are created in a memory of the portable data carrier.
  • the file contents of the individual files are encrypted in different ways, so that each decryption requires a file-specific key.
  • a process running in the portable data carrier is given the associated file-specific key for accessing the file content of one of the files.
  • the invention has the advantage that an access of the process to the data provided for it in a simple manner is possible and thereby access to other data is reliably prevented.
  • the other data is reliably protected even if, as a result of a manipulation, access takes place at the storage location of this other data.
  • the file-specific keys are preferably stored in the memory of the portable data carrier and are therefore available to the portable data carrier at any time.
  • the file-specific keys are each generated and stored when encrypting the file contents.
  • the process may be provided with information regarding the storage location at which the file content is stored and / or information regarding the size of the file content.
  • the transfer of the file-specific key and / or the information relating to the storage location and / or the information relating to the size of the file content can be protected by a temporarily valid key. Alternatively or additionally, this transfer can be carried out in several steps.
  • the handover is preferably controlled by an operating system kernel.
  • the file-specific key and / or the information regarding the storage location and / or the information relating to the size of the file content are preferably taken from the file whose file contents are provided with access by the process. This simplifies the management and assignment of the individual parameters.
  • the file-specific key and / or the information regarding the storage location and / or the information regarding the size of the file content may be taken from a file header which is embodied as a separate area of the file on the file contents of which access is provided by the process. This has the advantage that the file header is usually provided anyway and contains information regarding the file.
  • each file that is created is preferably created with an encrypted file content.
  • the process to enable access to the file content may be an input / output process for inputting and / or outputting data through a portable data medium interface. Such a process is particularly critical to spying because it transmits data to the outside world.
  • the portable data carrier according to the invention has a memory in which a plurality of files are stored with an encrypted file content.
  • the file contents of the individual files are encrypted in different ways, so that each decryption requires a file-specific key.
  • the portable data carrier according to the invention has an operating system kernel for transferring the respective file. specific key to a process running in the portable data carrier for accessing the file content of the respective file.
  • the portable data carrier according to the invention has a multi-tasking operating system which allows a simultaneous execution of several processes.
  • the portable data carrier according to the invention is designed as a chip card.
  • FIG. 1 is a highly simplified block diagram for an embodiment of a portable data carrier
  • Fig. 2 is a simplified representation of an operating state of the portable data carrier
  • Fig. 3 is a flow chart illustrating the flow of output of the file contents by the input / output process.
  • a portable data carrier 1 shows a highly simplified block diagram for an exemplary embodiment of a portable data carrier 1, in which the method according to the invention can be used. It is to be regarded as a portable data carrier 1 in the context of the invention, a computer system in which the resources, ie memory resources and / or computing capacity (computing power) are limited, z.
  • a smart card smart card, microprocessor chip card
  • a token or a chip module for installation in a smart card or in a token.
  • the portable data carrier 1 can have any standardized or non-standardized shape, for example the shape of a flat chip card without standard or according to a standard such as ISO 7810 (eg ID-1, ID-OO, ID-000) or a voluminous token.
  • the portable data carrier 1 has a processor unit 2, which controls the functional sequences of the portable data carrier 1 and is also referred to as a central processing unit, abbreviated CPU. Furthermore, the portable data carrier 1 has an interface 3 for inputting and outputting data and a memory 4.
  • the memory 4 consists of a permanent memory 5, a nonvolatile memory 6 and a volatile memory 7. Alternatively, another structure of the memory 4 is possible.
  • the processor unit 2 is connected to the interface 3, the permanent memory 5, the nonvolatile memory 6 and the volatile memory 7.
  • the interface 3 is used for communication with external devices, which can be handled by a contacting contact of the portable data carrier 1 and / or contactless.
  • non-volatile memory 5 data is stored, which remain unchanged during the entire lifespan of the portable data carrier 1.
  • data is used in the following very general in the sense of any information, regardless of their content and it is, for example, programs, parameters, personal information, keys, etc. subsumed.
  • the operating system of the portable data carrier 1 is stored in the non-volatile memory 5.
  • the volatile memory 7 serves as a working memory for the processor unit 2, so that secret data, for example, when performing calculations in the volatile memory 7 are cached.
  • the memory contents are retained only as long as the portable data carrier 1 is supplied with an operating voltage.
  • the non-volatile memory 6 can be rewritten over and over again during the life of the portable data carrier 1. The respective memory content is maintained even if the portable data carrier 1 is not supplied with the operating voltage.
  • the nonvolatile memory 6 for example, additions to the operating system, application software, keys, personal data, etc. are stored.
  • the portable data carrier 1 is operated in a multitasking mode in which a plurality of processes are executed simultaneously.
  • an input / output process 8 and an application 9 are shown, which run simultaneously.
  • an operating system kernel 10 is shown, which controls the data exchange between the processes, here between the application 9 and the input / output process 8.
  • the input / output process 8 handles the data transfer via the interface 3 of the portable data carrier 1.
  • the output of data via the interface 3 is of interest.
  • the application 9 allows the use of the portable data carrier 1 for a designated purpose.
  • the application 9 has a file system with a plurality of files 11, each consisting of a file header 12 and a file body 13.
  • the file body 13 contains the actual file content, ie the user data.
  • the file content may be, for example, data needed to run the application 9.
  • the file stored in encrypted form wherein a decryption using the key noted in the file header 12 key is possible.
  • the file contents of the individual files 11 are each encrypted in different ways, so that each file header 12 contains a different key. With this key, only the file content of the associated file body 13 can be decrypted. The file content of the other files 11 can not be decrypted with this key.
  • the input / output process 8 outputs the file content of the active file 11 of the application 9 via the interface 3 of the portable data carrier 1 in plain text.
  • the relevant procedure will be explained with reference to FIG. 3.
  • Fig. 3 is a flow chart showing the procedure of outputting the file contents by the input / output process 8.
  • the flowchart processing starts with step S1 where the operating system kernel 10 holds the file content decrypting key and the initial address pointer and the length of the file body 13 is determined from the associated file header 12.
  • Step S1 is followed by a step S2, in which the operating system kernel 10 transfers the information determined from the file header 12 to the input / output process 8.
  • This transfer is preferably secured with a session key in order to prevent manipulation and / or spying.
  • the session key is only during one Operating phase of the portable data carrier 1 valid. In the next phase of operation, a new session key will be agreed.
  • Step S2 is followed by a step S3 in which the input / output process 8, beginning with the starting address of the file body 13, which is determined by the pointer transferred in step S2 and the file body 13 transferred in step S2, is the file content read.
  • a step S4 is executed, in which the file content is decrypted using the key given in step S2.
  • the step S4 is followed by a step S5 in which the clear text of the file content determined in step S4 is output via the interface 3 of the portable data carrier 1.
  • the procedure described ensures that the file content that is read out by the input / output process 8 can not be read by any other process in a content-conclusive manner. Even if another process would do a read at the correct memory address, the resulting file content would not be usable because it is in encrypted form and the other process does not have the key needed for decryption.
  • the input / output process 8 via the interface 3 outputs other data in plain text than the designated file content. Even if an attacker managed to change by a disturbance, for example an intensive UV irradiation, the pointer given to the input / output process 8 or the transferred length of the file body 13, he could not Spying on data. Although the input / output process 8 would then read out data outside the intended file body 13. However, since these data are encrypted differently than the file contents for which the key was handed over to the input / output process 8, the input / output process 8 can not correctly decrypt the illegally read data and accordingly outputs unusable data via the interface 3 of the portable Disk 1 off.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé pour faire fonctionner un support de données portable (1). Selon ce procédé, plusieurs fichiers (11) présentant un contenu codé sont stockés dans une mémoire (4) du support de données portable (1). Les contenus des différents fichiers (11) sont codés de différentes façons de sorte qu'une clé spécifique d'un fichier soit nécessaire pour chaque décodage. Pour permettre d'accéder au contenu d'un des fichiers (11), la clé spécifique correspondante est fournie à un processus se déroulant dans le support de données portable (1).
EP06754379A 2005-06-15 2006-06-14 Procede pour faire fonctionner un support de donnees portable Ceased EP1904980A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE200510027709 DE102005027709A1 (de) 2005-06-15 2005-06-15 Verfahren zum Betreiben eines tragbaren Datenträgers
PCT/EP2006/005750 WO2006133934A1 (fr) 2005-06-15 2006-06-14 Procede pour faire fonctionner un support de donnees portable

Publications (1)

Publication Number Publication Date
EP1904980A1 true EP1904980A1 (fr) 2008-04-02

Family

ID=36855913

Family Applications (1)

Application Number Title Priority Date Filing Date
EP06754379A Ceased EP1904980A1 (fr) 2005-06-15 2006-06-14 Procede pour faire fonctionner un support de donnees portable

Country Status (3)

Country Link
EP (1) EP1904980A1 (fr)
DE (1) DE102005027709A1 (fr)
WO (1) WO2006133934A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
ES2524242T3 (es) 2010-08-05 2014-12-04 Gemalto Sa Sistema y procedimiento para utilizar con total seguridad múltiples perfiles de abonados con un componente de seguridad y un dispositivo de telecomunicación móvil
DE102014007382A1 (de) 2014-05-20 2015-12-17 Giesecke & Devrient Gmbh Verfahren zum Betreiben eines Sicherheitsmoduls sowie ein solches Sicherheitsmodul

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4051510B2 (ja) * 1998-07-16 2008-02-27 ソニー株式会社 データ記憶装置およびデータ記憶方法
JP4423711B2 (ja) 1999-08-05 2010-03-03 ソニー株式会社 半導体記憶装置及び半導体記憶装置の動作設定方法
FR2849233B1 (fr) 2002-12-24 2005-05-20 Trusted Logic Procede de securisation des systemes informatiques par confinement logiciel
JP2006155190A (ja) * 2004-11-29 2006-06-15 Sony Corp データ記憶装置、データ処理方法、記録媒体、およびプログラム

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
None *
See also references of WO2006133934A1 *

Also Published As

Publication number Publication date
DE102005027709A1 (de) 2006-12-21
WO2006133934A1 (fr) 2006-12-21

Similar Documents

Publication Publication Date Title
DE69531082T2 (de) Verfahren und Vorrichtung mit einem Verschlüsselungskopfteil, die es ermöglicht, Software zu erproben
DE69635868T2 (de) Verfahren und vorrichtung zum kryptographisch gesteuerten betrieb eines zusatzgeräts
EP1360644B1 (fr) Module de protection a memoire volatile pour stocker un code d'algorithme
DE69531077T2 (de) Verfahren und Vorrichtung mit Benutzereinwirkung der Art Erproben-und-Kaufen, die es ermöglicht, Software zu erproben
DE69731338T2 (de) Verfahren und System zum sicheren Übertragen und Speichern von geschützter Information
DE102009041176B4 (de) Compiler-System und Verfahren zum Kompilieren eines Quellencodes zu einem verschlüsselten Maschinensprachcode
EP0654919A2 (fr) Procédé d'authentification d'une partie par une autre partie dans un système de transfert d'informations selon le principe Challenge-Response
EP0965076A1 (fr) Dispositif et systeme de traitement electronique de donnees
EP1883906B1 (fr) Support de donnees portable a traitement fiable de donnees
EP2864871B1 (fr) Procédé et dispositif pour échanger le système d'exploitation d'un support de données portable doté de ressources limitées
DE112006004173T5 (de) Schutz eines programmierbaren Speichers gegen unberechtigte Veränderung
DE102019110440A1 (de) Replay-Schutz für Speicher auf der Basis eines Schlüsselauffrischens
EP1904980A1 (fr) Procede pour faire fonctionner un support de donnees portable
EP2562670B1 (fr) Procédé d'exécution d'un accès en écriture, produit de programme informatique, système informatique et carte à puce
EP1844467A1 (fr) Support de donnees portable a fonctionnalite de filigranage
EP1722336A2 (fr) Dispositif et procédé destinés à la production de données pour initialiser des supports de données de sécurité
DE69016764T2 (de) Verfahren zur Erzeugung einer Pseudozufallszahl in einem tragbaren elektronischen Gegenständesystem und ein System zur Ausführung dieses Verfahrens.
EP2060988B1 (fr) Module de sécurité
AT509336B1 (de) Chipkarte mit autorun-funktion
DE19705620C2 (de) Anordnung und Verfahren zur dezentralen Chipkartenidentifikation
DE60216106T2 (de) Geschützte lesung von rechnerbefehlen in einem datenverarbeitungssystem
DE4420970A1 (de) Entschlüsselungseinrichtung von Entschlüsselungsalgorithmen und Verfahren zur Durchführung der Ver- und Entschlüsselung derselben
WO2010040423A1 (fr) Exécution d'opérations cryptographiques
DE19634712C2 (de) Vorrichtung und Verfahren zum geschützten Übertragen und Darstellen elektronisch publizierter Dokumente
DE102004052101B4 (de) Verfahren und Vorrichtung zur Entschlüsselung breitbandiger Daten

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20080115

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR

DAX Request for extension of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
17Q First examination report despatched

Effective date: 20130606

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: GIESECKE+DEVRIENT MOBILE SECURITY GMBH

REG Reference to a national code

Ref country code: DE

Ref legal event code: R003

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20180616