GB2392357A - Remote administration of smart cards for secure access systems - Google Patents

Remote administration of smart cards for secure access systems Download PDF

Info

Publication number
GB2392357A
GB2392357A GB0325826A GB0325826A GB2392357A GB 2392357 A GB2392357 A GB 2392357A GB 0325826 A GB0325826 A GB 0325826A GB 0325826 A GB0325826 A GB 0325826A GB 2392357 A GB2392357 A GB 2392357A
Authority
GB
United Kingdom
Prior art keywords
smart card
remote
administrator
network
card
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB0325826A
Other versions
GB0325826D0 (en
GB2392357B (en
Inventor
Shlomo Kipnis
Rannen Meir
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Synamedia Ltd
Original Assignee
NDS Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from IL126552A external-priority patent/IL126552A/en
Application filed by NDS Ltd filed Critical NDS Ltd
Publication of GB0325826D0 publication Critical patent/GB0325826D0/en
Publication of GB2392357A publication Critical patent/GB2392357A/en
Application granted granted Critical
Publication of GB2392357B publication Critical patent/GB2392357B/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/12Arrangements for remote connection or disconnection of substations or of equipment thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Abstract

A remote administration of a first smart card (50) and a second smart card (50) via a communication network (25), the method comprising associating said first smart card (50) and said second smart card (50) with a remote administrator (40). Transmitting authorization information from said first smart card (50) to said second smart card (50) via the remote administrator (40) and the communication network (25). Access is granted to a protected information resource (20) after authentication etc, by the administrator 40. A local administrator (proxy) 55 may be used.

Description

FOLD OF THE lNVSNTION The present invention generally relates to remote
administration of smart cards via commcahon networks, and more Ocularly to adrninistranon of smart cards in securely accessed information resources and communication Ad: networks, such as the Internet, a localarea-nerorlc (LAN), a wide-area-network (WAN), and a metropolitan-areanetwor}c (MAN0.
BACKGROUND OF TO INVENTION
The increasing ability to access sensitive data remotely via networks increases risks of security breaches. In public open networks, such as the Intemet, communication is susceptible to many types of security attacks, such as impersonation, session hijacking and virus attacks. In private internal networks, also known as inwanets, organions are susceptible to security breaches from inside the organizations as well as from the outside world Today, security solutions include tools such as firewalls which control access to a network by checking addresses of sources and targets m a communication session. However, firewalls do not deal with features such as user identity, access rights of a user, user and server authentication, data integrity, secure access to data and to specific applications, non-repudiation (i.e., inability to cancel a transaction after it is performed), session privacy and user accountability US Patents 5,982,249 and 5,481,609 to Cohen et al describe a system for controlling access to broadcast transmissions including a transmitter having a transmission encoder for sat ambling the broadcast, a multiplicity of subscriber receivers, each having an identical receiving decoder, containing no cryptographic keys, for descrarnbling the broadcast and a plurality of selectable and portable executing apparatus each being operatively associatable with a receiving decoder at a partially different given time and each executing generally identical operations to generate a seed for use by the associated receiving decoder to enable the receiving decoder to describable the broadcast.
f US Patent 5,666,412 to Handelman et al describes a CATS system including a CAM network and apparatus for trarntting over the CATV network nfomahon to a multiplicity of subscriber units, each including a CATV decoder and an IC card reader and writer coupled to the CATV decoder, the IC card reader and writer Including Ho separate card receptacles, such that IC cards inserted Ho the nvo separate IC card receptacles are separately accessed by the IC card rear and wnter.
US Patent 5,774,546 to Handeirnan et al describes one IC card with two separate integrated circuits embodied within, wherein each of the separate integrated circuits is separately accessible by an IC card reader and writer.
US Patent 4,405,829 to Rivest et al describes the RSA public-key encryption and digital signature challenge-response scheme.
US Parent 4,748,668 to Shamir et n1 describes the Fiat-Shrnir identiiicanon and authentication scheme.
IJS Patent 4,709,136 to Wardrobe describes an IC card reader/writer Spares which includes at lent two contactors which IC cards are inserted, respectively, card detecting means for detechug that at least two IC cards have been loaded, and collating meant vexing that correct cipher codes of the two IC cards coincide with those inputted extemily' respectively, wherem access to the contents stored in the IC cards is allowed only when the collator results in coincidence.
US Patent 4,594,563 to Na3ata et al describes a credit rransachon processing system which processes data related to a commodity entered into by espy a card owned by a customer arid a recording card owned by a store.
US Patent 5,01O,571 to Katzuelson describes a system for controlling and accounting for retrieval of data Tom a CD-ROM memory containing encrypted Ma files rom Much remevai must be aurhormed.
The rolIowmg e^erences describe some aspects of related ecunology -ITS Parental 1Q,417 to Ruorucarn; IS System 1.!0.4 to Fowler et al; THIS Patient 4.2 0,06 to Earn et al:
US Patent 4,350,070 to BaLu; US Patent 4,589,659 to Yokoi et A; US Patent 4,639,725 to Washzlca; IJS Patent 4,68O,459 to Drexle.-; US Patent 4,740, 91 to Whtaker, US Patent 4,855,725 to Femandez; US Patent 4,9 l 7,92 to Drexler; US Patent 4, 93 7, 82 1 to Moulton; US Patent 4,985,697 to Boulton, US Patent 5,1 13,178 to Yasuda et al; US Patent 5, I 67,508 to McTaggart; US Patent 5,239,665 to Tsuchya; US Patent 5,285,496 to Frank et al; US Patent 5,3397091 to Yamazald et al; US Patent 5,371,493 to Sharpe et al, US Patent 5,413,486 to Burrows et al; US Patent 5,438,344 to Oliva, US Patent 5,466,158 to Smith m; US Patent 5,469,506 to Berson et al; US Patent 5,484,292 to vIcTaggart; US Patent 5,533,124 to Smith et al; US Patent 5,534,888 to Lebby et al; US Patent 5,555,446 to Jasmsh, US Patent 5,6Z5,404 to 1a et al; US Parent 5,630,103 to Smith et al; US Patent 5,6oI.635 to Sullivan et al; US Patent -63,748 to E; Oman et al; US Parent 5.689,648 to Diaz at ad: US Patent 597,793 to 7Hinan et al; _uropean Parent 4.pplicanon 683 o 1 A. assumed to MOTET CoIporanon; 3na
' O'er r an article titled "Virtual Meetings with Deslctop Conferencmg", by Amitava Dutta-Roy, in EKE Specimen, July 1998, pages 47 - 56.
Additionally, technologies related to the SSL (Secure Socicet Layer) protocol, and We IPSEC (IP Security) protocol are described in a book titled Tnte^met and Street Secun:y", by R. Oppliger, published by Artech House 1998, in section 10.3 on pages 226 - 99 and in sectors 9.3 on paws 16n - 17? respectively The disclosures of all references mentioned above and throughout the
present specification are hereby Incorporated herein by reference.
SUMMARY OF TO INVEON
The present invention seeks to provide remote ndrnstrahon of smart cards rn securely accessed inforrnaton resources and corurncation networks. the present Inventor a plurality of smart cards are associated or paired, via a communication network with a remote administration system, generally referred to as a remote arrninistrator The smart cards are typically adrnm.strated by the remote admimsator. Preferably, a smart card Is n nistrated by the remote arfrrunisor iTmllerliately after colrTnunication with the remote administrator or an information resource associated with the remote administrator is established. The remote administrator preferably uses techniques of cllenge-response to authenticate, validate and verify the sTnart card. For this purpose, the remote administrator may use an access control module which performs at least one of authentication, validation and verification of the smart card either by executing a public-key based software program, or by comparing one of authentication, validation and verification information received from the smart card with corresponding irforrnaion resident in a data base module, and enabling the smart card to access a protected information resource in response to a favorable companson result.
The remote administrator may be also operative to transfer =nistranon nehts to a proxy mmistrator which is preferably the proximity of a user mat in which the smart card is inserted.
Furrhe'^more, the remote;rimSator may also enable transfer OIL authonzanon 1ntormanon between halo smart cords which are preferably associated tenth He remote a.lmmisraror. Preferably, a first smart card may anthonze a second smart cord lo perIorm certain sacuans and operations via the r emote aclmmlsor. -
Admmistration of smart cards may be employed in a secure access system which provides access to a protected information resource. In such a case, after a smart card is at least one of authenticated, validated and verified, an owner of the smart card may gain access to the protected mormatron resource via an information resource controller.
I-nere is thus provided in accordance with a preferred embodiment of the present rovenhon a method for remote administration of at least one smart card via a comrnunicaon network the method including associating the at lent one smart card with a remote adnstrator by stonng admunstrator identification Formation of the reunite arl'nsator the at least one Tart card, inserting the at least one smart card in at least one user unfit, empIoymg the administrator dentication information stored m the at least one smart card to identify the remote administrator associated with the at least one smart card, and establishing communication between the at least one smart card and the remote adisiTator via the cormunnicahon network in accordance with the administrator identification information. Preferably, the establishing step is performed via the at least one user unit. The establishing step may preferably include the step of employing Internet Protocol (IP) for comm?catio:n via the commmcion network.
Preferably, the establishing step may include the steps of identifying a local administrator other than the remote mistrator, the local lrrunisator being positioned the commcanor network in a proximity to the at least one user unit, and deteg the local mimstrator as a proxy ndmirsator for adrninistratin3 the at least one smart card by trarnsmithug at least aurhorizaron Information from the remote adrrunsaror to the local rqlmir isolator.
NdcnonalIy, the method also includes the step of imlnistranug the at least one smart card after cotton Neaten with the remote aTn:nistrator Is estabushed, and preferably, rrmediately after commumcaon -much the remote anthem strator Is established.
Furthermore, the method: also include the step of.qmstrag -e at least one smart card after communication with He proxy straor s
established, and preferably, immediately after communication with the proxy adrristrator is established.
The adrnmistrag step may preferably include perforce an administration Inihalizahon procedure to at least one of authenticate, verify and validate the at least one smart card.
Additionally, the Inethod also includes the step of preventing pefonnance of any operation other than the admmistrahon initialization procedure anal the ariT=nistranon nitialization procedure is verified to be In order.
The step of employing the administrator idenhficaon information to idertifr the remote nfmmis+rator preferably Includes the step of ideal Bring the at least one smart card a smart card data base at the remote administrator.
Additionally, the method also includes the step of accessing a protected information resource by the at least one smart card via the remote administrator associated therewith. The accessing step preferably includes the step of performing at least one aristrahon operation.
Preferably, the at least one administration operation includes at least one of the following: transmission of a certificate, trnission of credenhaIs, transmission of a key, renewal of Be at least one smart card, expiration date updating, renewal of an authorization to the at least one smart card, validity check of data in the at least one smut card, Entity check of Ma in the at lent one smart card, memory load/checic, revocation of at least one of an authorization a certificate and a smart card, execution of a "KLL CARD" process after a verification of a need to prevent opeon of the at least one smart card, data load, and tranrrussion of smart card chaining infiomahon.
Preferably, the accessing step includes the step of performing; security mechanisms for accessing the protected wfomaton resource the at least one smm card The security mechanisms preferably mcIude at least one of the following: Lateral or bilateral anthenucon, -time stamping, non-repuanon.
digital signatures, aisbudon of an enc;yphon key, change of an enc.prion key, Inception and password authoron.
Preferably, each operation performed during the accessing step by at least one of the remote administrator arid the at least one smart card is performed only upon receipt of an "END ADIvONISTRATION OPERATION" instruction at a corresponding one of the at least one of the remote administrator and the at least one smart card.
The remote administrator may preferably include a plurality of adrnn. 'strarors, each operative to perform at lent part of the step of accessing the protected infornlahon resource and/or at least part of the aristranon initialization procedure.
There is also provided in accordance with a preferred embodiment of the present invention a secure access method for use with a cormnucaton network: which communicates mformahon between an inforrnhon resource controller and a remote unit, the method including identifying, at the remote unit, a command to upload data, employing, in response to the command, a hash function at the remote unit to encode contents of at least a pornon of a memory at the remote unit and thereby to produce a hashed result, traTnthng the lied result to the forrnaon resource controller, cornpanng, at the information resource controller, the hashed result with a trusted hashed result Tmirtained at the information resource controller thereby to provide a comparison result, and deterring integrity of the contents of the at Iesst a portion of the memory at the remote mat based, at least ir1 part, on the comparison result.
Preferably, the determining step includes the step of tram77itg repairing information to the remote mat to correct the contents of the at least a portion of the memory at the remote Wit if the comparison result is unfavorable.
The command is preferably generated at Me remote unit periodically.
Preferably, the corutnand is transmitted from the wformaon resource controller to the remote unit penodicaily. Aitemauvely, the command is generated at the remote unit following commcanon failure event. Yet altenvely, the cormna:cd is smutted from the nfoaton resource controller to the remote unit -following a common failure event Y
In accordance with a preferred enhodunent of the present invention there is provided a method for Denote administration of a first smart card and a second smart card via a communication network the method including associahug the first smart card and the second smart card with a remote Prostrator, and ansmittg authorization information from the first smart card to the second smart card via the remote.anninis"ator and the commmcaon networl Preferably, the authorization information includes at least one of the following: administrator rdenbficaon information, authorization to perform a transaction, an electrorc-rnaiI message stored in the first smart card, and billing history informahon.
In any of the above mentioned methods, the communication network; preferably includes at least one of the following: a local-area-network (LAN), a metropolitan-area-network (MAN), and a wide-area-neork (WAN). The corn,''unicahon network may include at least one of the follow networks: the Interprets CompuServe, and Amenc-On-:me.
There is also provided in accordance with a preferred embodiment of the present invention a remote administrator for dmmistrting at least one smart card via a csmmunicahon network, the remote adminiaator including a processor, the processor mcinding an access control module operative to control access to a protected information resource, and a data base module operative to map the at least one mart card to an access control list.
Additionally, the remote Limit istrator also includes a memory operative to store a log of the communication network activity. The remote ar ministrator may also include commmlicahon anpaIanls for trotting; authorwanon informahon from a first smart card associated with the remote dnmstrator to a second smart card associated with the remote ariT=nisator via the commcaon nerworlc.
In accordance with a prefezTed embodiment of the preseur invention there is aIso provides a system or remote sm'-nlsanon of at least one smear card via a commmucon network the system nclu; a remote anmmsator havnsz strator dencmon onnano at East one user But, and at Has one smear i)
cod assoc ated with the remote ann7inistrator via by stonug In the at least one smart card the admimstrator ideutiEcation Automation of the remote q77tintstrator, wherem the at least one smart card Inserted in the at least one user unit is operative to employ the.q-dm-mistrator de7ficahon who Crayon to dentifr the remote administrator associated with the at least one smart card, and to establish comm7michon Via the comm77Tc= on neh=Qr here the at Act on" Came card and the remote admmistrtor accordance with the administrator identidcaion infomaho7. There is also provided accordance with a prefe red embodiment of the present invention a system for providing secure access in a communication network including a remote unit operative to identif a command to upload data, and to employ, response to the command, a hash fimction to encode contents of at least a portion of a memory associated with the remote unit thereby to produce a hashed result, and an mfomanon resource controlIer operatively associated wit_ the remote unit and operative to receive, from the remote umt' the hashed result, to compare the hitched result wit_ a trusted hashed result maintained at the information resource controller thereby to provide a comparison result, and to determine integrity of the contents of the at least a portion of the memory based, at least park on the comparison result.
/
ERIEF DESCON OF DEBUGS
Fine present invention will be understood and appreciated more fully from Ale following defiled description, taken in conjunchon with Me drawings
w, high Fig. I is a sirnpiBed bloclc diagram illustration of a preferred implementation of a system for providing, secure access to inforrnahon resources associated with cnTnmcahon networls, the system being constructed and operative in accordance with a preferred embodiment of the present invention; Fig. is a simplified block diagram illustration of a preferred implementation of a remote alrrunistrator in the system of Fig. 1; Figs. 3A and 3B together constitute a simplified flow chart ilIusation of a preferred method of operation of the apparatus of Figs. I and 2; Fig. 4 is a simplified flow chart illustration of another preferred method of operation of the apparatus of Figs. I and 2; and Fig. 5 is a sunplified Bow chart ill ation of so another preferred method of operation of the apparatus of Figs. I and 2.
Al
-;: - r. -t DETAILED DESCRIPTION OF A PREFERRED EMBOD1NT
Reference is now made to Fig. I which is a simplified block din Illustration of a preferred implementation of a system 10 which is operative to provide,ec-e access t iilitOJ^^A^ of; rem-- socie whip common networks, the system 10 being constructed and operative in accordance with a preferred embodiment of the present invention.
Preferably, the system I O includes a plurality of user units 15 which may communicate With a protected information resource 20 via a commucabon network 25 and a secure access (SA) server 30. Alternatively, the user Buts 15 may communicate only with the SA server 30 via the communication network. Further altemavely, the protected information resource 20 may be embodied in the SA server 30.
The cornmmucanon network may preferably include at least one of the fol7Owg configurations: a local-area-network (LAND; a metropolitan-areanetwork (MAN); and a wide-area-network (WAN). Networks operating in such cgurations may include, for example, inuaiiets as wed as the Internet, CompuServe, and Amenca-On-Line.
The protected 1nforma:iion resource 20 moor preferably include at least one source or indoors to be protected, such at an mt:ranet or a corporate LAN, a chase, a hard aisle and a server. The protected icon resource 20 is preferably accessed via an forrnahon resource condoner 5 which is preferably embodied the SA secure access server 30. It is appreciated that the infon nation resource controller 35 provides an Interface which; ten'aces and operates the protected infomanon resource 0.
Preferably, the ntomanon resource cortro11er 35 Is controlled by a keynote.qninstraion system 40, generally referred to as the remote admsr 40, which may be also embodied In the 3A server 30. The remote,ml='ctra or 40 preferably administrates the plurality of user -Ames 15 Ad controls access by the user uruts 15 -to the protected intormon resource 0. It is apprecared that the
- - remote an'rnir-istrator 40 may be associated with conventional secun+ y means, such as firewalls, to prevent unauthorized entries to the system 10.
Preferably, each use.- twit 15 may include a smart card reader 45 which is associated with a removable smart card 50. Altemnvely, the smart card reader 45 may be replaced by a card interface (not shown), and the smart+ card 50 may he rip - laced he any cord. -i semi -., c.. as c'. +.. .s.n.; +h a- --.s6.e, (not shown) which may be accessed by the card interface.
Preferably, the smart card reader 45 Is operative to read data from and write data to the smart card 50 It is appreciated that the remote <lmlnstrator 40 may also Brim- irnstrate the smart cards 50 via the smart card readers 45.
Preferably, the system 10 may also include a local administrator 55 which may be determined by the remote administrator 40 as a proxy administrator for ministratg at least one of the smart cards 50. The local iistrator 55 may be operatively associated with the infold on resource controller 35 either directly or via the conruction network 25. It is appreciated that the local arlmimstrator 55 may be positioned in the communication network 25 in a profanity to at least one of the user units I 5 associated with the at least one of the smart cards 50.
It is appreciated that although the system 10 is especially stable for an open commumcaton network such as the Bernet or an intranet coupled to the Interpret, it may be also used in a closed communicadon network which does not cornunicate with other networks to provide access to dam to users having different security clearances.
Reference is now made to Fig. which is a simplified bloclc diagram ill ration of a preferred unplementation of the remote anstrator JO in the system lo of Fig. 1, the remote ar Tistraror 40 being constructed and operative in accordance with a preferred embodiment of the present invention.
Preferably, the remote dminisator 40 includes a processor 100, and communcahon paranls i O5 arid a memory l i O which are each operatively associated with the processor 100. The processor 100 preferably includes au access control module 1!5 and a data bee module 1^0 3^rhIG are operatively assoc.
Both the co,,,,nrucon apparatus 105 and the memory 110 via a commumcanon
bus 125. Alternatively, the data base module 120 may be embodied a remote server (not shown) which may serve a plurality of remote amunstTators 40 and may be accessed by the processor 100. It is appreciated that the data base module 120 may include a local data base which may communicate with a central data base resident in the remote server.
FIlFt5er ttiv y the H= bees mnlll" 10 may h" An - AM; security algorithms performed by the remote administrator 40 include public-key based software programs.
It is appreciated that the processor lOO, the memory I 1O, and the co Syndication apparatus 105 may be embodied in a single conventions integrated circuit (IC). Alternatively, the communication apparatus 105 may be embodied a conventional modern (nor shown). It is to be appreciated that the remote administrator 40 may be embodied in a conventional server nnit7 and may be implemented in soflrvvare or hardware, or in a combination thereof She operation of the apparatus of Figs. 1 arid 2 is now briefly described. Preferably, a user operates a user unit 15 and inserts a smart card SO in a receptacle (not shown) in a smut card reader 45 embodied in the user unit 15.
Alternatively, the user snap use a contactless smart card, such as an RF (Radio-Frequency) smart card, which communicates with the smart card reader 45 over the air without establi.hng contact with the smart card reader 45.
Preferably, the user Unit 15 establishes communication with the convocation network 5. It is appreciated that smart cards that fit riots in smart card readers, contacless smart cards, and smart card readers unbodied in user units and suitable for use with sonnet cards or contactless smart cards are well known in the art.
When the smart card 50 is operated for the nrst time, the smart card 50 is preferably associated or paired with a remote dmmsuator, for example the remote act straror 40. such a case administrator idenrificmon wforrnon of Me remote Whir istrator 40 Is stored the sTnart card 50 for Lucre use.
If the smart card 0 has adready been in use. the smart card 50 employs the ainlstraoraennncanon infonnanon airesav stored In ': to search
;t,. and identify the remote a T:nTrristrator 40 as the remote administrator which is associated with it It is appreciated that the administration idendficanon information may be stored in the smart card 50 in advance at a smart card issuer facility or at a smart card production plant before the smart card 50 is provided to the user.
Preferably, the smar; card 50 is determined to be associated with the em^e "n = I. -f sit d 5^ is._ ^.= '-a a Sma am flea base at the remote administrator 40 Preferably, once the remote administrator 40 is identified as the remote administrator associated or paired with the smart card 50, communication between the smart card SO and the remote administrator 40 may be established via the commmcation network 25 In accordance with the adrrunistrator identificahon information, and the smart card 50 may be immediately zTrTmi=strated by the remote administrator 40. Additionally or altematiYely, the smart card SO may be administrated at an end of a corn=nnication session, and before or after performance of a specific operation.
It is appreciated that the cornmmucailon between the snort cod 50 and the remote niistrator 40 may be initiated by one of the smart card reader 45, a software program resident in the user unit 15, and the remote administrator 40 The communication between the smart card 50 and the remote administrator 40 may preferably employ the well known Irlternet Protocol (IP).
AdditionalIy, any other suitable conventional corntnurucat on protocol may be used, such as the SSL (Secure Socket Layers, and the IPSEC (Internet Protocol Security) which are security protocols runnmg above different levels of the IP Adrmnstranon of the smart card:0 by the remote atnistrator 40 preferably begins by pesiominy an aninistrahon imili ration procedure to at least one of authenticate, verify and vancate the smart card 50. Preferably, authenicanon verncanon and valiaanon of The smart card:0 may be performed by usms: well Clown techniques of c hallen3e-response of eerier infomanon related to shared secrets or public:'DnYare keys, such as the RSA chailene-response scheme, the FiarShmr dentificnnon and authencmon scheme, and keyed-hsh schemes.
- The technques of challenge-response typically employ communication of the information related to the shared secrets or publicpovate keys between the smart card 50 and the access control module 115 via the commucaion apparatus 105 and the communication network 25. The access control module 1 I 5 preferably performs at least one of authentication, validation and venbcnn of the smart car' 1/1 I, camping icon.7"L to one or authenicahorl, validation and verifica:on informior received Mom the Mozart card 50 with corresponding nformaon provided by the data base module 120 and enabling the smart cord 50 to access the protected information resource 90 in response to a favorable companson result. It is appreciated that the data base module 120 preferably maps the set card 50 to an access control list: Alternatively, the access control module l Is may perform at least one of authentication, validation and verification of the smart card 50 by execntug a public-:cey based software propran If the information related to authenbcatar, veriEcaon and validation which is received from the smut card 50 matches Lion m the access control list in the data brace module 120, the smart card 50 may be aTistrated by the remote administrator 40andfor may be allowed to access the protected infonnahon resource 70 via the informer resource controller 35 as the case may be.
It is appreciated that until the administration initinli7 - on procedure is verified to be In order, performance of any operation other than the amnistranon irti1ization procedure is preferably prevented. Preferably, a log of ail communication activity related to the authentic show vermcaon and validation of the smart card -0 Is stored in the memory I 10.
Once the smart card 50 is allowed to access the protected Domaon resource o0, the smart card 50 may access the protected infornwhon resource -0 to read from and/or wnte data to the protected information resource 0.. temarvelv or andinonlly, the smart card 50 may also access the protected nformaion resource,20 to plot a sac.ion which Me protected inionnahon resource -0 may be tithed as well as viewer. The term
: ^-at: "transaction" is used throughout the specification and clanns to include any
operation which alters data the protected ormahon resource 20 or the smart card 50. An example of an operation which alters data in the protected inforrnanon resource 20 or the smart card 50 includes a value related exchange of infomanon or goods, such as extraction of data exchange of billing tokens or money.
Anonym "x.7- of - ^r_-v -c' ait=:i - rite protected memory resource o0 or the smart card 50 includes billing per operation, such as billing per men talcen by an employee in an orgarnzahon.
It is appreciated that each read operation, wnte operation and transaction operation performed on data in the protected informahon resource 20 or the smart card 50 may preferably be associated with at least one administration operation. Preferably, the at least one adrristrahon operation includes at least one of the following: transmission, from a cercate issmug authority, a public-Icey cercate which authorizes a smart card holder; transmission of credentials which provide authormahon to perform specific operations, transmission of an encphon key; renewal of the smart card 50 or updating of the expiration date of the stnart card 50; renewal of an authorization to the smart card 50 to perform an op=Olion; validity check of data in the smart card 50; integrity checlc of data in the smart card 50; memory load/checdc; revocation of an authorhorl7 a certificate or the smart card 50; execution of a "KILL CARD" process after a verification of a Deed to prevent operation of the mat card SO; dam loads and mission of smart card chewing iniormaton which linlcs the smart card 50 to another smart card (not ShOWn)7 or informahon of Yen era1 interest which may be used by the other smart card such as a list of selected URLs (Uniform Resource Locators).
Preferably, all security mechanisms for accessing the protected ntormaon resource 0 for reading, wring and perfom',ng a. ansachon are performed in the smart card 50. Ike secuin,r mechmsms may preferably nciude at Last one of the following: niiaeral or bilateral lhenucnon: time Damping, acnrepudiaon (i.e. inability o cancel a transactors after it 'S performed); metal signatures: disbudon of an encryption key; chime of an ancrypnon key; eny,ution; and password aulhorhan.
It is appreciated that each operation is performed, either by the sonnet card 50 or the remote administrator 40, only upon receipt of an "Evil) ADMlSTRAIION OPERATION?' instruction at a corresponding one of the smart card 50 and the remote arinistrator 40. Operations requnug the "END ADMINISTRATION OPERATION"' instruction typically include any operation pe{foH fin Ache AM in the rrmt^,e;,mO?7o re=^-c TO vet ' He &. c= 50, any adTninisanon operation and any operation perfonned as part of the security mechanism. It is appreciated that the remote nmnistrator 40 may include a plurality of administrators' each operative to pergola at least part of an accessing task to access the protected information resource and/or at least part of the administration initialization procedure.
In a preferred embodiment of the present invention the remote administrator 40 may transfer ng.hts and authorization to Mate smart cards to the local lrninistrator 55. It is appreciated that such an option may be suitable in a case that the user travels to a distant location and arlministration by the remote administrator 40 is inconvenient. 1h such a case, if the local aninistator 55 is identified to be in the proximity of the user, the local adrninishaLor 55 may be defer T=ed as a proxy administrator for administrating the smart card 50. It is appreciated tom determination of the local rlministrator 55 as the proxy istrator for rristrag the smart card 50 may be performed by trarsutting at least authonzaon information from the remote ntrunitalor 40 to the local administrator 55 via the cornm',nication apparatus 105 arid the cornmucahon network 95. Preferably, the smart card 50 Is adnninistrnted by the local nimstrator 55 cuorung a proxy adrnirstrator 1mTnediately after cornmucanon with the local fimnistrator 55 is established.
Prete ably, the remote m1minstrator 40 May be also used to transfer authoons and rights between smart cards. such a case, a first smart card and a second smart card Thy be each associated with the remote admmisator 40 via the conrr:ncon networl: I. Then. authonzaon mfomanon may be trotted ram ache Rest smart card co the second smart card via We commnicmon apparatus as
--- - 105 and the co'Tmunication networic 25. The authonzanor' informahon preferably includes at least one of the following administrator idendficion information; authorization to perform a transaction; an electroric-mail message stored the first smart card, data; balling history Formic; a token, and a stored configuration.
ReIerence is now made to Figs. 3A and 3B which together constitute a simplified flow chart illustrate of a premiered e+ of ellon of ioe apparatus of Figs. 1 and 9.
Preferably, a user operates a user unit and insens a smart card in a smart card receptacle in the user unit. There, the user establishes comrr:T,nTcation with a cornmunicahon network via the user unit.
If alministrator idendficanon infonnation is not stored in the smart card, then the smart card is considered to be used for the first time' and a message indicating that the smart card is used for the first time is dispirited to the user.
response to the message, the user preferably enters a request to associate the smart card to a remote adrninistor and the smart card is associated with a remote -'rlministrator by storing administrator identification information of the remote administrator in the smart card.
If the smart card has already teem in use and admit ator identification inforrron is stored in the smart card, the administrator identification information which is already stored the smart card is employed to idenr a remote Visitor associated or paired with the smart card It is appreciated that identification of the remote administrator with which the at card is associated may also require Input of user idertification infold on, such as a PIN (Pemon Idencon Nnber), by the user.
Preferably, once the remote admlrrisor associated with the smart card is dentmed, commumcaon between the smart card and the remote rimmistrator is established via the coTrmunicanon network In accordance with the adstrator idernficarron infomanow and aHminisratior mitializaon procedure is preferably performed. It:s appreciated that -e nimmisanon :ninalizaon procedure is preterablv transparent to -e user except for a demand to enterer a PIN wick may be applicable in certain cases.
- _.A If the adminisaon initlizabon procedure Is terminated by dete,,.; nin2 that the smart card is at least one of authenticated, validated arid verified, the user is granted access to a protected information resource via the communication network. If the smart card is not one of authenticated, validated or verified, a message indicating that the user is not entitled to access the protected ..qor r.--e is gemmed ^-. 3p---ty Spit-,' -'.o 'me --am.
Reference is now made to Fig. 4 which is a simplified flow chart illustration of another prefesTed method of operation of the apparatus of Figs. 1 and 9.
Preferably, communication between a remote nmt and an irlfortion resource controller which interfaces and accesses an information resource is established via a communication network At the remote unit, a command to upload data is preferably identified IN respcuse to the cowered, a hash fimction at the remote mut is employed to encode contents of at least a portion of a memory at the remote unit and thereby to produce a hashed result. It is appreciated that the memory at the remote unit may include a memory in a smart card.
Preferably, the hashed result is transmitted to the information resource controller. At the inforrnaion resource controller, the hitched result is preferably compared with a trusted hashed result mortared at the information resource controller thereby to provide a cornpaTison result. Preferably, if the comparison result is favorable, integrity of the contents of the at least a portion of the memos at the remote twit is derenined.
If the comparison result is unfavorable, the information resource controller may preferably trarmit repaying information to the remote umt to correct the contents of Ale at least portion of the memos at the remote unit. and then the contents of the at least a portion of the; nernory at the remote -nit may be checked by again generating a command lo upload data as mentioned above and oceling accorrliiy.
It is appreciated Mar after 1lcmg -e repairing ntormanon the hashed result strip does riot snatch -e ousted hashed result, the smart card may be :o
revoked, all authortons to the smart card may be canceled, and a message indicating the smart card is revoked may be gerrerated Alternatively, if the comparison result is unfavorable, the inforon resource condoner may directly revoke the smart card and cancel anthor=ons to the smart card without transmitting reps infomabon.
__ e- m - A, Apes 4 -t:3 A pa-Be. fib. be game ed at die remote Apt periodically or following a commcaton failure event. Alternatively, the com.nand may be transmitted from the information resource controller to the remote unit periodically or following a comrnuTncation failure event.
Reference is now made to Fig. 5 which is a simplified flow chart illustration of still another preferred method of operation of the apparatus of Figs. 1 and9. Preferably, a first user operates a first user unit and inserts a first smart card in a smart card receptacle in the first user unit. Similarly, a second user operates a second user unit and inserts a second smart card in a smart card receptacle in the second user Out. Preferably, the first user and the second user establish commllmcaon with a remote administrator via a communication network and the corresponding first and second user units. Then, the Best smart card and the second smart card may be associated with the remote acrninistrator Once the first smart card and the second smart card are associated with the remote Prostrator the first user may enter a command, via the first user It or a keypad attached to the first smart card, to trart authorization information from the first smart card to the second smart card via the remote administrator and the communication network. Preferably, the authors ion information enables the second user to perform transactions authormed by the first user with a protected information resource via the emore administrator by using He second smart card.
It is appreciated Ha the second Square card may De used separately idiom the first smart card and a: different times. In such a case, the aurhornon mrormanon addressed to the second smart card n'nv be stored He remote mlnistraror unto commcanon is esbished between die second smart card HI
and the remote dmstrator' and then the remote irisator mar transmit to the second smart card the authorization information addressed to the second smart card It will be appreciated by persons skilled in the art that the present invention is not limited by what has been particularly shown and described herein above. Rather the scope of the present invention includes both cs:mbirmtions and subcsmbinations of the fences described heremzbove as wed as mnHit;r-nn MA vanations thereof which would occur to a person of skill the art upon reading the foregoing description "d winch are not in the prior art, and is defined only by the
claims which follow.

Claims (12)

1. A method for remote administration of a first smart card and a second smart card via a communication network, the method comprising: associating said first smart card and said second smart card wirn a remote administrator; and transmitting authorization information from said first smart card to said second smart card via the remote administrator and the communication network.
2. A method according to claim I and wherein said authorization information comprises at least one of the following: administrator identification information; authorization to perform a transaction; an electronic-mail message stored in said first smart card; and billing history information.
3. A method according to claim I or claim 2 and wherein said communication network comprises at least one of the following: a local- area-network (LAN); a metropolitan-area-network (MAN); and a wide-area- network (WAN).
4. A method according to claim I or claim 2 and wherein said communication network comprises at least one of the following networks: the Internet; CompuServe; and America-On-Line.
5. A remote administrator for remotely administrating a first smart card and a second smart card via a communication network, the remote administrator comprising: a processor associating said first smart card and said second smart card with the remote administrator; and communication apparatus transmitting authorization information received from said first smart card to said second smart card via the communication network.
6. Apparatus according to claim 5 and wherein said authorization information comprises at least one of the following: administrator identification information; authorization to perform a transaction; an electronic-mail message stored in said first smart card; and billing history information.
7. Apparatus according to claim 5 or claim 6 and wherein said communication network comprises at least one of the following: a localarea-network (LAN); a metropolitan-area-network (MAN); and a wide-areanetwork (WAN).
B. Apparatus according to claim 5 or claim 6 and wherein said communication network comprises at least one of the following networks: the Internet; CompuServe; and America-On-Line.
9. Apparatus according to any of claims 5 - 8 and substantially as described herein above.
10. Apparatus according to any of claims 5 - 8 and substantially as shown in the drawings.
11. A method according to any of claims 1 - 4 and substantially as described herein above.
12. A method according to any of claims 1 - 4 and substantially as shown in the drawings.
GB0325826A 1998-10-13 1999-04-26 Remote administration of smart cards for secure access systems Expired - Lifetime GB2392357B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IL126552A IL126552A (en) 1998-10-13 1998-10-13 Remote administration of smart cards for secure access systems
GB9909359A GB2345232B (en) 1998-10-13 1999-04-26 Remote adminstration of smart cards for secure access systems

Publications (3)

Publication Number Publication Date
GB0325826D0 GB0325826D0 (en) 2003-12-10
GB2392357A true GB2392357A (en) 2004-02-25
GB2392357B GB2392357B (en) 2004-04-28

Family

ID=30772063

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0325826A Expired - Lifetime GB2392357B (en) 1998-10-13 1999-04-26 Remote administration of smart cards for secure access systems

Country Status (1)

Country Link
GB (1) GB2392357B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1601154A1 (en) * 2004-05-28 2005-11-30 Sap Ag Client authentication using a challenge provider
EP1601153A2 (en) * 2004-05-28 2005-11-30 Sap Ag Client authentication using a challenge provider

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1601154A1 (en) * 2004-05-28 2005-11-30 Sap Ag Client authentication using a challenge provider
EP1601153A2 (en) * 2004-05-28 2005-11-30 Sap Ag Client authentication using a challenge provider
EP1601153A3 (en) * 2004-05-28 2006-01-04 Sap Ag Client authentication using a challenge provider
US7673141B2 (en) 2004-05-28 2010-03-02 Sap Aktiengesellschaft Client authentication using a challenge provider

Also Published As

Publication number Publication date
GB0325826D0 (en) 2003-12-10
GB2392357B (en) 2004-04-28

Similar Documents

Publication Publication Date Title
US7882552B2 (en) Remote administration of smart cards for secure access systems
US10829088B2 (en) Identity management for implementing vehicle access and operation management
US10896586B2 (en) Methods and apparatus for management of intrusion detection systems using verified identity
US20230245019A1 (en) Use of identity and access management for service provisioning
EP3460693B1 (en) Methods and apparatus for implementing identity and asset sharing management
JP5585969B2 (en) Method, program and computer system for reading attribute from ID token
US9398004B2 (en) Method for reading attributes from an ID token
US8627437B2 (en) Method for reading attributes from an ID token
CN102959559B (en) For the method producing certificate
US8132243B2 (en) Extended one-time password method and apparatus
US20070022196A1 (en) Single token multifactor authentication system and method
CN101803272A (en) Authentication system and method
US10867326B2 (en) Reputation system and method
KR100320119B1 (en) System and method for monitoring fraudulent use of id and media for storing program source thereof
GB2392357A (en) Remote administration of smart cards for secure access systems
Park et al. User authentication mechanism using java card for personalized IPTV services
KR20230099049A (en) Blockchain based authentication and transaction system
CN117882103A (en) Authentication system based on block chain
IL179175A (en) Remote administration of smart cards for secure access systems
IL198096A (en) Remote administration of smart cards for secure access systems
KR20050080436A (en) Internet security access control method and system

Legal Events

Date Code Title Description
732E Amendments to the register in respect of changes of name or changes affecting rights (sect. 32/1977)

Free format text: REGISTERED BETWEEN 20090528 AND 20090603

PE20 Patent expired after termination of 20 years

Expiry date: 20190425