WO1996024912A1 - Health card - Google Patents

Health card Download PDF

Info

Publication number
WO1996024912A1
WO1996024912A1 PCT/FR1996/000193 FR9600193W WO9624912A1 WO 1996024912 A1 WO1996024912 A1 WO 1996024912A1 FR 9600193 W FR9600193 W FR 9600193W WO 9624912 A1 WO9624912 A1 WO 9624912A1
Authority
WO
WIPO (PCT)
Prior art keywords
card
chip
reading module
key
secret
Prior art date
Application number
PCT/FR1996/000193
Other languages
French (fr)
Inventor
Claude Gaudeau
Jean-Marc Robin
Gabriel Vuillemin
Original Assignee
Claude Gaudeau
Robin Jean Marc
Gabriel Vuillemin
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Claude Gaudeau, Robin Jean Marc, Gabriel Vuillemin filed Critical Claude Gaudeau
Priority to AU47224/96A priority Critical patent/AU4722496A/en
Publication of WO1996024912A1 publication Critical patent/WO1996024912A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/357Cards having a plurality of specified features

Definitions

  • the present invention relates to a health card resulting from the combination of a "chip” and a cane provided with a large capacity memory, an optical card for example.
  • the reading cane must be able to have a very large memory, more than 2 MB of data, the equivalent of a thousand pages of text.
  • WORM Write Only Read Memory
  • digital optical memory such as, for example, a standard size optical cane.
  • this cane To ensure the secrecy of the content of the health cane of this realization, we physically associate with this cane a "chip" offering a memory of 2 kb to 4 ko on which we write a secret reading code To allow to read the content of the cane, this one and its "chip” must be received by a special reading module belonging to the doctor. You must first verify that this reading module is authorized to read the contents of the card. There are many, more or less sophisticated, ways of carrying out this recognition.
  • the simplest of them is to provide the reading module with a keyboard, a comparator and a security chip.
  • the holder of the reading module To access the content of the cane, the holder of the reading module must enter, on his keyboard, the secret code which is written on the right side of the comparator, while the contact of the "chip" with the reading module brings up the secret code on the left of the comparator. If the inscription on both sides of the comparator is exactly the same, the comparator emits no current and thus authorizes the reading of the data appearing on the optical cane.
  • the repeated plain writing of the secret code by means of the keyboard makes this code accessible to the public and therefore it can be "hacked” at any time.
  • the duck can be lost or stolen; if it then falls into the hands of an expert in the matter, the latter may manage to reconstitute the identification code.
  • a first improvement with a view to keeping the secret will consist in not making the secret code appear openly at the time of recognition.
  • an encryption system and an identification protocol are used in the exchange of information between the optical cane "chip” and the doctor's reading module, during which the secret recognition code does not appears only as the component of an auxiliary random variable.
  • the "chip” is then equipped with a random generator, an arithmetic calculation cell, a shift register provided with specific internal wiring. As it is a health card, the card and the chip are held by the patient, while the reading module is in the hands of the doctor. The reading module is coupled with a "chip” provided with the same elements as the "chip” associated with the optical rod. It goes without saying that the various systems intended to read secure canes must first be initialized with the different secret codes.
  • the receiver the optical channel reading module in this case, has an encryption function.
  • D (C) P
  • This process comprises at least 9 successive operations, some performed by the "chip” for securing the optical tube, the others by the reading module of the doctor and by his own “chip”.
  • the random generator of the "cane” of the health cane generates two random variables c and g. These two variables are linked by an encryption function wired into the chip:
  • the doctor's reading module then generates a random variable "u" such that the value of "u” is chosen from prime numbers with the value of c. There is then a certain probability that this value is the value w or at least that it approaches it.
  • the operation is completed and consideration may be given to proceeding with the operations. If, on the contrary, the safety threshold and the required probability are not reached, the process will start again until the probability has reached the desired value.
  • this recognition protocol does not reveal the secret code w at all. It allows the holder of the optical card (the patient) to discreetly ensure that the doctor, who has the reading mode, is authorized to treat him. But this operation did not allow the doctor to ensure that the card presented by the patient is his own card. However, this verification is not always necessary: when the patient sees his doctor for the first time, he does not yet have a reading card and the doctor will participate in the creation of it.
  • the text of the health cane, revealing all the care previously received by the patient, remain absolutely confidential. So the real problem is to allow the contents of the health card to be read exclusively by the doctor. It will be the same when the card, ceasing to be a health card relates to a set of secret information of a military or financial nature.
  • the confidential information contained in the cane is then encrypted by means of a block encryption algorithm used in chained mode to avoid the repetition phenomenon of the cryptogram.
  • the text of the optical channel is encrypted in the following way: the cryptographic encryption algorithm implemented, combines the conventional cryptographic transposition and substitution methods: the text of the optical channel is then cut into 64-bit slices (8 bytes) plain text and subject to
  • the doctor decrypts Y and calculates:
  • FIG. 1 is a diagram of all of the elements which cooperate
  • FIGS. 2A and 2B are diagrams describing the progress of the Wayner algorithm.
  • FIG. 1 On the left, there is shown in (1) the "chip" for identifying the optical card.
  • the optical rod In (2), the optical rod with a memory of 2 to 4 M.bytes.
  • the module of the doctor proper was shown, while the active part of the reading module is shown in the middle of the figure.
  • the optical rod with its "chip” When the optical rod with its "chip” is pressed into the slot of the reading module, the latter supplies electric current to the rod (2) and its "chip” (1) by an electromagnetic coupling (5).
  • the "chip” (1) supplied with current transmits its information via a light-emitting diode (6).
  • This information picked up by a photoelectric cell (7) transmits the information to the "chip” (3) of the doctor's reading module by the diode (8).
  • FIG. 2 represents a diagram of the Wayner algorithm which will allow us to carry out mutual recognition of the same stored code, of a section in the
  • the "chip” transmits these two numbers c and g to the reading module.
  • the reading module 2.2 - The reading module
  • the module randomly chooses a value "u” taken from the set of prime numbers with "c” and calculates a random function:
  • a random generator is associated with the "chip" of the optical rod.
  • the reading module In response to zero, the reading module transmits the value of "u" which it used in the previous calculation to the patient's cane.
  • the chip transmits the 1 to the reading module.
  • the use of the card in accordance with the present application is as simple as the use of the simplified cards described at the beginning of this text.
  • the known secret code is recognized automatically; the same is true for determining a pointer number for the cane.
  • the cane will transmit the 56-bit confidential secret code to the module and therefore the module can read the contents of the card.

Abstract

A method and a device for protecting confidential data banks stored in smart cards (2) such as WORM cards. The data is first accessed by mutual recognition of a single encrypted code stored in the security chip (1) linked to the smart card as well as in the security chip of a card reader module (4). Whenever necessary, reinforced protection of the text on the card is achieved by means of an encryption circuit combining the methods of transposition and substitution with a secret key associated with the smart card. The method and device are useful in the field of health care.

Description

CARTE DE SANTE HEALTH CARD
La présente invention concerne une carte de santé résultant de la combinaison d'une "puce" et d'une cane dotée d'une mémoire de grande capacité, une carte optique par exemple.The present invention relates to a health card resulting from the combination of a "chip" and a cane provided with a large capacity memory, an optical card for example.
H est souhaitable que toute personne puisse porter sur soi une carte de santé comportant une information précise et complète concernant ses antécédents médicaux, les traitements qu'elle doit suivre, ainsi que ses traitements antérieurs.It is desirable that anyone can carry a health card with precise and complete information concerning their medical history, the treatments they must undergo, as well as their previous treatments.
Il est du plus haut intérêt qu'une médecin traitant puisse retrouver les radiographies ou les photocopies des images obtenues au cours de l'existence du porteur de la carte. Par ailleurs, il est absolument indispensable que cette cane reste confidentielle et qu'elle compone un code personnel d'entrée.It is of the greatest interest that an attending physician can find the radiographs or photocopies of the images obtained during the life of the card holder. In addition, it is absolutely essential that this cane remains confidential and that it enters a personal entry code.
Pour permettre l'insertion d'informations telles que les radiographies et les images scanner, la cane de lecture doit pouvoir disposer d'une mémoire très imponante, de plus de 2 MO de données, soit l'équivalent d'un millier de pages de texte.To allow the insertion of information such as x-rays and scanner images, the reading cane must be able to have a very large memory, more than 2 MB of data, the equivalent of a thousand pages of text.
Dans une réalisation connue, on a donc choisi une cane du type WORM (Write Only Read Memory) à mémoire optique numérique telle, par exemple, qu'une cane optique de dimension standard.In a known embodiment, we therefore chose a WORM type (Write Only Read Memory) with digital optical memory such as, for example, a standard size optical cane.
Pour assurer le secret du contenu de la cane de santé de cette réalisation, on associe matériellement à cette cane une "puce" offrant une mémoire de 2 ko à 4 ko sur laquelle on inscrit un code secret de lecture Pour permettre de lire le contenu de la cane, celle-ci et sa "puce" doivent être reçues par un module spécial de lecture appartenant au médecin. Il faut alors vérifier en premier lieu que ce module de lecture est autorisé à lire le contenu de la carte. Il existe de nombreux moyens, plus ou moins sophistiqués de procéder à cette reconnaissance.To ensure the secrecy of the content of the health cane of this realization, we physically associate with this cane a "chip" offering a memory of 2 kb to 4 ko on which we write a secret reading code To allow to read the content of the cane, this one and its "chip" must be received by a special reading module belonging to the doctor. You must first verify that this reading module is authorized to read the contents of the card. There are many, more or less sophisticated, ways of carrying out this recognition.
Le plus simple d'entre eux consiste à doter le module de lecture d'un clavier, d'un comparateur et d'une puce de sécurisation.The simplest of them is to provide the reading module with a keyboard, a comparator and a security chip.
Pour accéder au contenu de la cane, le détenteur du module de lecture doit composer, sur son clavier, le code secret qui vient s'inscrire sur le côté droit du comparateur, tandis que le contact de la "puce" avec le module de lecture fait apparaître le code secret sur la gauche du comparateur. Si l'inscription sur les deux côtés du comparateur est exactement la même, le comparateur n'émet aucun courant et il autorise ainsi la lecture des données figurant sur la cane optique.To access the content of the cane, the holder of the reading module must enter, on his keyboard, the secret code which is written on the right side of the comparator, while the contact of the "chip" with the reading module brings up the secret code on the left of the comparator. If the inscription on both sides of the comparator is exactly the same, the comparator emits no current and thus authorizes the reading of the data appearing on the optical cane.
Il y a lieu de noter que l'inscription répétée en clair du code secret au moyen du clavier, rend ce code accessible au public et par conséquent il peut être "piraté" à tout instant. Par ailleurs, la cane peut être perdue ou volée ; si elle tombe alors entre les mains d'un expert en la matière, celui-ci peut arriver à reconstituer le code d'identification.It should be noted that the repeated plain writing of the secret code by means of the keyboard makes this code accessible to the public and therefore it can be "hacked" at any time. In addition, the duck can be lost or stolen; if it then falls into the hands of an expert in the matter, the latter may manage to reconstitute the identification code.
On voit que le procédé décrit ci-dessus est absolument insuffisant pour assurer le secret du contenu de la carte optique. En conclusion, dans le procédé décrit ci-dessus, le principal défaut réside dans l'obligation de faire apparaître en clair le code secret à chaque utilisation de la cane.We see that the method described above is absolutely insufficient to ensure the secrecy of the contents of the optical card. In conclusion, in the process described above, the main defect lies in the obligation to have the secret code appear in plain text each time the cane is used.
Une première amélioration en vue de la conservation du secret va consister à ne par faire apparaître ouvertement le code secret au moment de la reconnaissance.A first improvement with a view to keeping the secret will consist in not making the secret code appear openly at the time of recognition.
A cette fin, on introduit dans l'échange d'informations entre la "puce" de la cane optique et le module de lecture du médecin, un système de cryptage et un protocole d'identification au cours duquel le code secret de reconnaissance n'apparaît que comme le composant d'une variable aléatoire auxiliaire.To this end, an encryption system and an identification protocol are used in the exchange of information between the optical cane "chip" and the doctor's reading module, during which the secret recognition code does not appears only as the component of an auxiliary random variable.
La "puce" est alors dotée d'un générateur aléatoire, d'une cellule de calcul arithmétique, d'un registre à décalage muni d'un câblage interne spécifique. S'agissant d'une carte de santé, la carte et la puce sont détenues par le malade, tandis que le module de lecture est entre les mains du médecin. Au module de lecture est couplée une "puce" dotée des mêmes éléments que la "puce" associée à la cane optique. Il va de soi que les différents systèmes destinés à lire les canes sécurisées devront être au préalable initialisées avec les différents codes secrets. Le câblage de la cellule de calculs de la "puce" de sécurisation de la cane optique réalise une fonction de cryptage du type : E (P) = C.The "chip" is then equipped with a random generator, an arithmetic calculation cell, a shift register provided with specific internal wiring. As it is a health card, the card and the chip are held by the patient, while the reading module is in the hands of the doctor. The reading module is coupled with a "chip" provided with the same elements as the "chip" associated with the optical rod. It goes without saying that the various systems intended to read secure canes must first be initialized with the different secret codes. The wiring of the calculation cell of the optical cane securing "chip" performs an encryption function of the type: E (P) = C.
Le récepteur, le module de lecture de la cane optique en l'occurrence, est doté d'une fonction de cryptage. D (C) = PThe receiver, the optical channel reading module in this case, has an encryption function. D (C) = P
Les fonctions de cryptage généralement utilisées sont de la forme : g E (c) = c mod N g où E (c) est le plus petit reste de la division de c par le nombre N. Pour assurer un secret plus certain, les valeurs de c et N ont une taille 512 bits au minimum.The encryption functions generally used are of the form: g E (c) = c mod N g where E (c) is the smallest remainder of the division of c by the number N. To ensure a more certain secret, the values of c and N are at least 512 bits in size.
Dans le cas présent, il a été jugé suffisant de prendre e = 2 de sorte que :In the present case, it was considered sufficient to take e = 2 so that:
E (c) = c2 mod N'E (c) = c 2 mod N '
Parmi les protocoles d'identification possibles mettant en oeuvre une telle variable, nous choisissons l'algorithme de Weyner chaque fois que cela est nécessaire. Lorsque la "puce" de sécurisation associée à la cane optique est introduite dans le module de lecture, un contact électrique entre la "puce" et le "module" assure l'alimentation de la puce. Le processus d'identification du médecin sans transmission du code secret suivant l'algorithme de Wayner (variante de l'algorithme de Fait-Shamir simplifié) peut alors commercer.Among the possible identification protocols implementing such a variable, we choose the Weyner algorithm whenever necessary. When the security "chip" associated with the optical rod is inserted into the reading module, an electrical contact between the "chip" and the "module" ensures the supply of the chip. The process of identifying the doctor without transmitting the secret code according to the Wayner algorithm (variant of the simplified Fact-Shamir algorithm) can then begin.
Ce processus comprend a moins 9 opérations successives les unes effectuées par la "puce" de sécurisation de la cane optique, les autres par le module de lecture du médecin et par sa propre "puce". Dès que le courant électrique est établi, le générateur aléatoire de la "puce " de la cane de santé génère deux variables aléatoires c et g. Ces deux variables sont reliées par une fonction de cryptage câblée dans la puce :This process comprises at least 9 successive operations, some performed by the "chip" for securing the optical tube, the others by the reading module of the doctor and by his own "chip". As soon as the electric current is established, the random generator of the "cane" of the health cane generates two random variables c and g. These two variables are linked by an encryption function wired into the chip:
g = od cg = od c
où w est le code secret du médecin. A priori, entre des deux variables c et g , la probabilité que w soit connu est nulle si les 2 nombres c et g ont des valeurs très élevées et sont premiers entre eux.where w is the doctor's secret code. A priori, between two variables c and g, the probability that w is known is zero if the 2 numbers c and g have very high values and are prime between them.
Le module de lecture du médecin génère alors une variable aléatoire "u" telle que la valeur de "u" soit choisie parmi les nombres premiers avec la valeur de c. Il existe alors une certaine probabilité que cette valeur soit la valeur w ou tout au moins qu'elle s'en rapproche.The doctor's reading module then generates a random variable "u" such that the value of "u" is chosen from prime numbers with the value of c. There is then a certain probability that this value is the value w or at least that it approaches it.
Mais cette probabilité est faible. On va donc réitérer l'opération jusqu'à ce que la probabilité atteigne une valeur prédéterminée acceptable.But this probability is low. We will therefore repeat the operation until the probability reaches an acceptable predetermined value.
Si la sécurité a atteint maintenant le seuil requis, l'opération est terminée et l'on peut envisager de faire procéder à la suite des opérations. Si au contraire, le seuil de sécurité et la probabilité requise ne sont pas atteints, le processus va recommencer jusqu'à ce que la probabilité ait atteint la valeur désirée.If security has now reached the required threshold, the operation is completed and consideration may be given to proceeding with the operations. If, on the contrary, the safety threshold and the required probability are not reached, the process will start again until the probability has reached the desired value.
En conclusion, on vient de voir que ce protocole de reconnaissance ne révèle pas du tout le code secret w. Il permet au porteur de la carte optique (le malade) de s'assurer discrètement que le médecin, détenteur du mode de lecture est habilité à le soigner. Mais cette opération n'a pas permis au médecin de s'assurer que la carte présentée par le malade est bien sa carte propre. Cependant, cette vérification n'est pas toujours nécessaire : lorsque le malade voit son médecin pour la première fois, il n'a pas encore de carte de lecture et le médecin va participer à la création de celle-ci.In conclusion, we have just seen that this recognition protocol does not reveal the secret code w at all. It allows the holder of the optical card (the patient) to discreetly ensure that the doctor, who has the reading mode, is authorized to treat him. But this operation did not allow the doctor to ensure that the card presented by the patient is his own card. However, this verification is not always necessary: when the patient sees his doctor for the first time, he does not yet have a reading card and the doctor will participate in the creation of it.
De même, lorsque' le malade reviendra consulter son médecin, il sera reconnu par le médecin et en général ce médecin n'aura pas besoin de s'assurer que la carte de lecture présentée est bien celle du malade. Cependant, lorsque ce malade est reçu dans le cabinet habituel par un médecin différent, il sera nécessaire au médecin de s'assurer que le consultant est bien le client habituel. Ce problème sera résolu très simplement en associant son dossier administratif en mémoire à la "puce" de sécurité. Ce dossier comportera une photographie d'identité du malade. A chaque demande d'identification du malade, le dossier administratif du patient sera transmis au médecin qui pourra reconnaître son client par affichage de cette photographie d'identité sur son écran.Similarly, when 'the patient will return consult their doctor, it will be recognized by the medical doctor and usually it does not need to ensure that the presented card reading is that of the patient. However, when this patient is received in the usual office by a different doctor, it will be necessary for the doctor to make sure that the consultant is indeed the usual client. This problem will be solved very simply by associating its administrative file in memory with the security "chip". This file will include an identity photograph of the patient. Each time the patient is asked to identify the patient, the patient's administrative file will be sent to the doctor, who will be able to recognize his client by displaying this identity photograph on his screen.
Néanmoins, il est indispensable que le texte de la cane de santé, révélant tous les soins reçus antérieurement par le malade , demeure absolument confidentiel. De sorte que le véritable problème est d'en permettre la lecture exclusivement par le médecin du contenu de la carte de santé. II en sera de même lorsque la carte, cessant d'être une carte de santé porte sur un ensemble de renseignements secrets de caractère militaire ou financier.Nevertheless, it is essential that the text of the health cane, revealing all the care previously received by the patient, remain absolutely confidential. So the real problem is to allow the contents of the health card to be read exclusively by the doctor. It will be the same when the card, ceasing to be a health card relates to a set of secret information of a military or financial nature.
Transmission sécurisée de la clef de chiffrementSecure transmission of the encryption key
Les informations confidentielles contenues dans la cane sont alors chiffrées au moyen d'un algorithme de chiffrement par blocs utilisé en mode chaîné pour éviter le phénomène de répétition du cryptogramme. Le texte de la cane optique est crypté de la façon suivante : l'algorithme cryptographique de chiffrement mis en oeuvre, combine les méthodes de transposition et de substitution cryptographiques classiques : le texte de la cane optique est alors découpé en tranches de 64 bits (8 octets) du texte clair et soumis àThe confidential information contained in the cane is then encrypted by means of a block encryption algorithm used in chained mode to avoid the repetition phenomenon of the cryptogram. The text of the optical channel is encrypted in the following way: the cryptographic encryption algorithm implemented, combines the conventional cryptographic transposition and substitution methods: the text of the optical channel is then cut into 64-bit slices (8 bytes) plain text and subject to
16 itérations d'une fonction principale de codage pour produire 64 bits de texte codé. L'algorithme de chiffrement choisi est l'algorithme R.S.A. (du nom de ses inventeurs, Rivest, Shamir et Adelman). Il soit être accrédité auprès des Autorités16 iterations of a main coding function to produce 64 bits of coded text. The encryption algorithm chosen is the R.S.A. algorithm (named after its inventors, Rivest, Shamir and Adelman). Either be accredited to the Authorities
Supérieures. Il comprend 3 éléments (n, e, d) où "n" est le module du système, "e" est l'exposant public, et "d" est l'exposant privé.Superior. It includes 3 elements (n, e, d) where "n" is the module of the system, "e" is the public exponent, and "d" is the private exponent.
La clef publique est "n e " et "d" est la clef secrète, "n" est le produit de 2 nombres premiers p et q. n = p . q "e" et (p - 1) (q - 1) sont premiers entre eux.The public key is "n e" and "d" is the secret key, "n" is the product of 2 prime numbers p and q. n = p. q "e" and (p - 1) (q - 1) are prime to each other.
Suivant l'algorithme d'Euclide : e . d = 1 mod [ (p - 1 ) (q - 1 ) ]According to Euclid's algorithm: e. d = 1 mod [(p - 1) (q - 1)]
De sorte que la clef secrète :So the secret key:
d = e' 1 mod [ (p - 1) (q - 1) ]d = e '1 mod [(p - 1) (q - 1)]
Il est entendu que le médecin a vérifié l'accréditation du système R.S.A. du malade (n, e, d) et que le malade a vérifié l'accréditation du système R.S.A. (n', e', d') du médecin. Le médecin transmet sa clef publique R.S.A. (n', e') au patient. Le patient génère un aléa de masquage AL (de 512 bits par exemple). On obtient alors une chaîne de bits :It is understood that the doctor has verified the accreditation of the patient's RSA system (n, e, d) and that the patient has checked the accreditation of the doctor's RSA system (n ', e', d '). The doctor transmits his RSA public key (n ', e') to the patient. The patient generates an AL masking hazard (512 bits for example). We then obtain a bit string:
X = (AL) // (KL)X = (AL) // (KL)
où AL désigne la concaténation des chaînes de bits et où KL désigne la clef de chiffrement.where AL denotes the concatenation of the bit strings and where KL denotes the encryption key.
D calculeD calculates
Y = Xe (modulo n')Y = X e (modulo n ')
D transmet la valeur Y au médecin.D transmits the value Y to the doctor.
Le médecin déchiffre Y et calcul :The doctor decrypts Y and calculates:
X = Y d (modulo n')X = Y d (modulo n ')
Etant désormais en possession de X, il en déduit KL. π peut désormais procéder au déchiffrement de la carte.Now in possession of X, he deduces KL from it. π can now decrypt the card.
En fait la sécurité du codage repose exclusivement sur une clef de chiffrement personnelle de 56 bits détenue par la puce de la carte du malade. De sorte que cette clef est unique et elle doit assurer aussi bien le secret du codage que du décodage. De sorte que toute personne ne détenant pas cette clef serait incapable de lire même partiellement le contenu de la carte. Cette clef est transmise comme explicité au paragraphe précédent II apparaît donc que la carte du malade envoie au médecin sa clef secrète KL sous une forme masquée. Néanmoins, il est souhaitable dans certains cas de pouvoir modifier assez fréquemment la clef. Le module du médecin est alors en mesure de lire en clair le contenu de la carte optique du malade.In fact, the security of coding relies exclusively on a 56-bit personal encryption key held by the patient's card chip. So that this key is unique and it must ensure both the secret of coding and decoding. So that anyone not holding this key would be unable to read even partially the contents of the card. This key is transmitted as explained in the preceding paragraph. It therefore appears that the patient's card sends the doctor his secret key KL in a masked form. However, it is desirable in certain cases to be able to modify the key quite frequently. The doctor's module is then able to read the content of the patient's optical card clearly.
En conclusion, on peut considérer que les échanges d'informations entre la carte du malade et le module de lecture dont réalisés dans des conditions de secret tout à fait satisfaisantes. L'invention sera mieux comprise en se reportant aux figures jointes dans lesquelles :In conclusion, we can consider that the exchange of information between the patient's card and the reading module, which was carried out under completely satisfactory conditions of secrecy. The invention will be better understood by referring to the attached figures in which:
- la figure 1 est un schéma de l'ensemble des éléments qui coopèrent,FIG. 1 is a diagram of all of the elements which cooperate,
- les figures 2A et 2B sont des schémas décrivant le déroulement de l'algorithme de Wayner.- Figures 2A and 2B are diagrams describing the progress of the Wayner algorithm.
A la figure 1, sur la gauche, on fait apparaître en (1) la "puce" d'identification de la carte optique. En (2), la cane optique dotée d'une mémoire de 2 à 4 M.octets.In FIG. 1, on the left, there is shown in (1) the "chip" for identifying the optical card. In (2), the optical rod with a memory of 2 to 4 M.bytes.
Sur la droite de la figure en (3), on a représenté la "puce" portée par le module du médecin.On the right of the figure in (3), there is shown the "chip" carried by the doctor's module.
En (4), on a fait apparaître le module du médecin proprement dit, tandis que l'on fait figurer au milieu de la figure, la partie active du module de lecture. Lorsque la cane optique dotée de sa "puce" est enfoncée dans la fente du module de lecture, ce dernier alimente en courant électrique la cane (2) et sa "puce" (1) par un couplage électromagnétique (5). La "puce" (1) alimentée en courant, transmet son information par l'intermédiaire d'une diode électroluminescente (6). Cette information captée par une cellule photoélectrique (7) transmet l'information à la "puce" (3) du module de lecture du médecin par la diode (8).In (4), the module of the doctor proper was shown, while the active part of the reading module is shown in the middle of the figure. When the optical rod with its "chip" is pressed into the slot of the reading module, the latter supplies electric current to the rod (2) and its "chip" (1) by an electromagnetic coupling (5). The "chip" (1) supplied with current, transmits its information via a light-emitting diode (6). This information picked up by a photoelectric cell (7) transmits the information to the "chip" (3) of the doctor's reading module by the diode (8).
C'est donc par cette voie que s'effectue la procédure de reconnaissance, c'est-à-dire l'identification du médecin basée sur la clef codée secrète w.It is thus by this way that the recognition procedure is carried out, that is to say the identification of the doctor based on the secret coded key w.
Ces opérations aboutissent à la transmission au médecin de la clef secrète personnelle du chiffrement de la cane optique.These operations result in the transmission to the doctor of the personal secret key of the encryption of the optical rod.
C'est donc le bloc logique (9) et la minuterie (10) qui vont permettre au module (4) de procéder à la lecture du contenu de la cane optique (2) en passant par les couplages optiques (11) et (12).It is therefore the logic block (9) and the timer (10) which will allow the module (4) to read the content of the optical rod (2) through the optical couplings (11) and (12 ).
La figure 2 représente un schéma de l'algorithme de Wayner qui nous permettra de procéder à une reconnaissance mutuelle d'un même code stocké, d'une pan dans laFIG. 2 represents a diagram of the Wayner algorithm which will allow us to carry out mutual recognition of the same stored code, of a section in the
"puce" de sécurité de la carte de lecture et d'autre part dans la "puce" du module du médecin ou dans tout autre système d'accès aux données de la carte de lecture. Il est évident que si le code stocké dans la "puce" de la carte de lecture est différent du code stocké dans le module, la reconnaissance n'aura pas lieu. Soit w est le code secret du médecin, la "puce" de la cane de lecture génère deux variables pseudo-aléatoires c et g ;security "chip" on the reading card and on the other hand in the "chip" of the doctor's module or in any other system for accessing the data on the reading card. It is obvious that if the code stored in the "chip" of the reading card is different from the code stored in the module, recognition will not take place. Let w be the secret code of the doctor, the "chip" of the reading cane generates two pseudo-random variables c and g;
2 telles que ces deux variables sont réunies par la relation g = w mod c .2 such that these two variables are united by the relation g = w mod c.
Dès lors, les opérations de l'algorithme vont se succéder :Consequently, the operations of the algorithm will follow one another:
2.1 - La "puce" transmet ces deux nombres c et g au module de lecture. 2.2 - Le module de lecture2.1 - The "chip" transmits these two numbers c and g to the reading module. 2.2 - The reading module
Le module choisit aléatoirement une valeur "u" prise dans l'ensemble des nombres premiers avec "c" et calcul une fonction aléatoire :The module randomly chooses a value "u" taken from the set of prime numbers with "c" and calculates a random function:
z = = u mod ez = = u mod e
et transmet cette valeur "z" à la "puce". 2.3 - La "puce" de la carteand passes this value "z" to the "chip". 2.3 - The "chip" of the card
Un générateur aléatoire est associé à la "puce" de la cane optique.A random generator is associated with the "chip" of the optical rod.
Si le générateur aléatoire délivre un zéro, ce zéro sera transmis au module de lecture.If the random generator delivers a zero, this zero will be transmitted to the reading module.
2.4 - Le module de lecture En réponse au zéro, le module de lecture transmet la valeur de "u" qu'il a utilisé dans le calcul précédent à la cane du malade.2.4 - The reading module In response to zero, the reading module transmits the value of "u" which it used in the previous calculation to the patient's cane.
2.5 - La "puce" de la carte Elle calcule :2.5 - The "chip" of the card It calculates:
z = u" mod cz = u " mod c
Elle vérifie ainsi que le module de lecture a bien réalisé l'opération de codage :It thus verifies that the reading module has indeed carried out the coding operation:
z = u mod cz = u mod c
et il confirme que "u" est la racine canée de "z".and it confirms that "u" is the caned root of "z".
Il en déduit qu'il y a déjà une certaine probabilité que le module de lecture soit seul autorisé à lire la carte ce qui diminue d'autant la probabilité d'un désaccord. Et il retourne vers le générateur pour qu'il lui délivre un zéro ou un 1. 2.6 - Si le générateur délivre un 1He deduces from this that there is already a certain probability that the reader module is the only one authorized to read the card, which reduces the probability of disagreement accordingly. And it returns to the generator so that it delivers a zero or a 1. 2.6 - If the generator delivers a 1
La puce transmet le 1 au module de lecture.The chip transmits the 1 to the reading module.
2.7 - Le module de lecture de la carte va alors utiliser le code secret "w" dans un produit. v = uw mod c2.7 - The card reader module will then use the secret code "w" in a product. v = uw mod c
Le seul élément qui apparaît est donc "v", c'est-à-dire le plus petit reste de la division du produit "uw" par c.The only element that appears is therefore "v", that is to say the smallest remainder of the division of the product "uw" by c.
De la seule valeur "v"; il n'est pas possible de déduire l'expression de "w" (256 octets ou plus).From the single value "v"; it is not possible to deduce the expression from "w" (256 bytes or more).
2.8 - La "puce" de la carte doit vérifier par certaines opérations, que le module de lecture a bien utilisé l'expression du code secret "w".2.8 - The "chip" of the card must verify by certain operations, that the reading module has used the expression of the secret code "w".
Elle calcule la valeur de : zc mod cIt calculates the value of: zc mod c
2 Etant donné que g = w mod c2 Given that g = w mod c
2 et que z = u mod c et que z . g = (uw) mod c on en déduit v = uw mod c et v" = zx g Compte tenu du résultat précédent, on déduit qu'il existe une certaine probabilité que la clef secrète utilisée est réellement la bonne ; si l'on estime que la probabilité est encore insuffisante, on va recommencer une nouvelle séquence des opérations.2 and that z = u mod c and that z. g = (uw) mod c we deduce v = uw mod c and v " = z x g Taking into account the previous result, we deduce that there is a certain probability that the secret key used is really the right one; if we consider that the probability is still insufficient, we will start a new sequence of operations.
L'emploi de la carte conforme à la présente demande est aussi simple que l'emploi des cartes simplifiées décrites au début de ce texte. En effet, lorsque l'on introduit la carte dans le module de lecture, la reconnaissance du code secret connu se fait automatiquement ; il en est de même de la détermination d'un numéro poπeur de la cane. Arrivé à ce stade, la cane va transmettre au module le code secret confidentiel de 56 bits et par conséquent le module peut lire le contenu de la carte. The use of the card in accordance with the present application is as simple as the use of the simplified cards described at the beginning of this text. When the card is inserted into the reading module, the known secret code is recognized automatically; the same is true for determining a pointer number for the cane. At this stage, the cane will transmit the 56-bit confidential secret code to the module and therefore the module can read the contents of the card.

Claims

Revendications : Claims:
1.- Procédé permettant d'échanger directement des informations entre un module de lecture et une carte dotée d'une mémoire de très grande capacité, ces informations étant cryptées au moyen d'un algorithme de codage, caractérisé en ce qu'après une identification mutuelle opérée sans changer de code secret entre la carte et le module de lecture et après une vérification de l'identité de leurs codes cryptés respectifs, la carte transmet secrètement au module de lecture sa clef personnelle de codage et de décodage de sorte que le module de lecture peut lire désormais en clair les données mémorisées dans la carte et y inscrire éventuellement sous forme codée de nouvelles informations avec la même clef de codage.1.- Method for directly exchanging information between a reading module and a card provided with a very large capacity memory, this information being encrypted by means of a coding algorithm, characterized in that after identification mutual operated without changing the secret code between the card and the reading module and after checking the identity of their respective encrypted codes, the card secretly transmits to the reading module its personal coding and decoding key so that the module can now read in clear the data stored in the card and possibly write in coded form new information with the same coding key.
2.- Procédé selon la revendication 1 assurant la reconnaissance du module de lecture par la cane possédant une mémoire de grande capacité grâce à une clef secrète stockée dans une "puce" liée à la carte et dans une "puce" liée au module de lecture, caractérisé en ce que la reconnaissance s'effectue sans transmission de ladite clef secrète.2.- Method according to claim 1 ensuring recognition of the reading module by the cane having a large capacity memory thanks to a secret key stored in a "chip" linked to the card and in a "chip" linked to the reading module , characterized in that the recognition is carried out without transmission of said secret key.
3.- Dispositif pour la mise en oeuvre du procédé selon une des revendications 1 et 2, dans lequel la carte offrant une mémoire de grande capacité et le module de lecture sont dotés d'une "puce", caractérisé en ce que la puce de la carte comporte un générateur aléatoire, un élément de calcul arithmétique, un élément de comparaison et un élément entraînant la mise en route d'une séquence d'opérations de reconnaissance effectuées sans rendre publique cette clef commune.3.- Device for implementing the method according to one of claims 1 and 2, wherein the card offering a large capacity memory and the reading module are provided with a "chip", characterized in that the chip the card includes a random generator, an arithmetic calculation element, a comparison element and an element causing the start of a sequence of recognition operations carried out without making this common key public.
4.- Dispositif selon la revendication 3, caractérisé en ce que la carte dotée d'une mémoire de très grande capacité est dotée d'une "puce" munie d'une mémoire de l'ordre de 4 k.octets, contenant la clef personnelle de 56 bits verrouillant ledit code principal et en ce qu'une deuxième "puce" couplée au module de lecture contient l'algorithme principal de décodage combinant les méthodes de substitution et de transposition.4.- Device according to claim 3, characterized in that the card with a very large capacity memory is provided with a "chip" provided with a memory of the order of 4 k.bytes, containing the key 56-bit personal code locking said main code and in that a second "chip" coupled to the reading module contains the main decoding algorithm combining substitution and transposition methods.
5.- Carte de santé pour la mise en oeuvre de procédé selon une des revendications 1 ou 2, caractérisée en ce que dans un protocole simplifiée, le module de lecture est autorisé à lire le contenu de la carte de santé dès la fin du stade d'identification du médecin et du malade. 5. Health card for implementing the method according to one of claims 1 or 2, characterized in that in a simplified protocol, the reading module is authorized to read the content of the health card at the end of the stage. identification of the doctor and the patient.
6.- Dispositif selon la revendication 3, dans lequel la carte et son module de lecture sont dotés tous deux d'une "puce" munie des éléments permettant leur identification mutuelle sans transmission des codes secrets et possèdent en outre tous deux le même code crypté confidentiel dont la clef secrète personnelle de chiffrement de 56 bits figure sur la puce de la carte d'informations et en ce que ladite clef secrète personnelle est changeable.6.- Device according to claim 3, wherein the card and its reading module are both provided with a "chip" provided with elements allowing their mutual identification without transmission of secret codes and also both have the same encrypted code confidential, the 56-bit personal secret encryption key being on the chip of the information card and that said personal secret key is changeable.
7.- Procédé selon la revendication 1, caractérisée en ce que les informations contenues dans la carte sont chiffrées au moyen d'un algorithme de chiffrement par blocs utilisé en mode chaîné.7.- Method according to claim 1, characterized in that the information contained in the card is encrypted by means of a block encryption algorithm used in chained mode.
8.- Dispositif pour la mise en oeuvre de la revendication 7, caractérisé en ce que la carte de grande capacité est dotée d'un système R.S.A. accrédité auprès de l'Autorité Supérieure. 8.- Device for the implementation of claim 7, characterized in that the large capacity card is equipped with an R.S.A. system accredited to the Higher Authority.
PCT/FR1996/000193 1995-02-07 1996-02-06 Health card WO1996024912A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU47224/96A AU4722496A (en) 1995-02-07 1996-02-06 Health card

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR95/01368 1995-02-07
FR9501368A FR2730331A1 (en) 1995-02-07 1995-02-07 HEALTH CARD

Publications (1)

Publication Number Publication Date
WO1996024912A1 true WO1996024912A1 (en) 1996-08-15

Family

ID=9475894

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FR1996/000193 WO1996024912A1 (en) 1995-02-07 1996-02-06 Health card

Country Status (3)

Country Link
AU (1) AU4722496A (en)
FR (1) FR2730331A1 (en)
WO (1) WO1996024912A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002093508A1 (en) * 2001-05-16 2002-11-21 Georges Chiche Portable personal medical file system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0138219A2 (en) * 1983-10-17 1985-04-24 Kabushiki Kaisha Toshiba Method of storing encrypted data on a card
EP0147337A2 (en) * 1983-12-30 1985-07-03 Bull S.A. Method and system for confidentially processing information registered on a portable carrier recording track with optical reading
FR2613856A1 (en) * 1987-04-09 1988-10-14 Mitsubishi Electric Corp INFORMATION RECORDING SYSTEM
EP0393784A1 (en) * 1989-04-17 1990-10-24 N.V. Nederlandsche Apparatenfabriek NEDAP Multifunctional identification and information card
FR2680258A1 (en) * 1991-08-07 1993-02-12 Ballet Eric Microprocessor-based or magnetic medical card system with double-entry reader
DE4213797A1 (en) * 1992-04-27 1993-10-28 Bavaria Med Tech Medical history information system using personal data card - has memory card containing key information that is required for further treatment and processor based reader receives card at hospital

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0138219A2 (en) * 1983-10-17 1985-04-24 Kabushiki Kaisha Toshiba Method of storing encrypted data on a card
EP0147337A2 (en) * 1983-12-30 1985-07-03 Bull S.A. Method and system for confidentially processing information registered on a portable carrier recording track with optical reading
FR2613856A1 (en) * 1987-04-09 1988-10-14 Mitsubishi Electric Corp INFORMATION RECORDING SYSTEM
EP0393784A1 (en) * 1989-04-17 1990-10-24 N.V. Nederlandsche Apparatenfabriek NEDAP Multifunctional identification and information card
FR2680258A1 (en) * 1991-08-07 1993-02-12 Ballet Eric Microprocessor-based or magnetic medical card system with double-entry reader
DE4213797A1 (en) * 1992-04-27 1993-10-28 Bavaria Med Tech Medical history information system using personal data card - has memory card containing key information that is required for further treatment and processor based reader receives card at hospital

Also Published As

Publication number Publication date
AU4722496A (en) 1996-08-27
FR2730331A1 (en) 1996-08-09

Similar Documents

Publication Publication Date Title
EP0037762B1 (en) Method and system for transmitting signed messages
EP1529369B1 (en) Method for secure data exchange between two devices
EP0763803B1 (en) Anonymous information counting system for statistics, particularly for electronic voting operations or periodical consumption inventory
FR2919974A1 (en) INFORMATION SYSTEM AND METHOD OF IDENTIFICATION BY A USER APPLICATION SERVER
FR2651347A1 (en) SINGLE NUMBER GENERATION METHOD FOR MICROCIRCUIT BOARD AND APPLICATION TO COOPERATION OF THE BOARD WITH A HOST SYSTEM.
FR2685510A1 (en) METHOD OF AUTHENTICATING, BY AN OUTER ENVIRONMENT, A PORTABLE OBJECT CONNECTED THROUGH THIS MEDIUM THROUGH A TRANSMISSION LINE, AND SYSTEM FOR IMPLEMENTING THE SAME.
EP0317400B1 (en) Apparatus and method for securing data exchange between a teletext terminal and a host
FR2948793A1 (en) SECURE METHOD OF RECONSTRUCTING A REFERENCE MEASUREMENT OF CONFIDENTIAL DATA FROM A BRUTE MEASUREMENT OF THIS DATA, IN PARTICULAR FOR THE GENERATION OF CRYPTOGRAPHIC KEYS
EP1293062B1 (en) Method for secure biometric authentication/identification, biometric data input module and verification module
EP2193626B1 (en) Secure communication between an electronic label and a reader
EP2211497A1 (en) Secure communication establishment process, without sharing prior information
EP1296478A2 (en) Security procedure for data transmission
EP0606792A1 (en) Procedure for authentication of an information unit by another
CA2888662A1 (en) System and method for securing data exchange, portable user object and remote device for downloading data
WO2007051769A1 (en) Method for the secure deposition of digital data, associated method for recovering digital data, associated devices for implementing methods, and system comprising said devices
WO1996024912A1 (en) Health card
FR2690258A1 (en) An access control method of the type allowing access to an operating function of an operating module by means of a control word.
EP1522168B1 (en) Method, system and computerized medium for making secure message transmission
EP2652899B1 (en) Method and system for conditional access to a digital content, associated terminal and subscriber device
FR2730076A1 (en) Authentication by server of holder of object incorporating microprocessor
EP1216458B1 (en) Method for making secure data during transactions and implementing system
EP1642413B1 (en) Method for encoding/decoding a message and associated device
WO1997007613A1 (en) Method for managing ciphering keys for a symmetric cryptography system and device generating the ciphering keys pour implementing the method
FR2924551A1 (en) Access controlling method for e.g. data coding function of smart card, involves comparing mark obtained from value to be verified of decoded word with mark of decoded word to verify integrity of value
FR2984647A1 (en) ANONYMOUS ACCREDITATIONS

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AU BR CA CN CZ HU JP KR MX NZ RU US

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH DE DK ES FR GB GR IE IT LU MC NL PT SE

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase