WO2000070842A2 - Method for the management of data by a security module and corresponding security module - Google Patents

Method for the management of data by a security module and corresponding security module Download PDF

Info

Publication number
WO2000070842A2
WO2000070842A2 PCT/FR2000/001354 FR0001354W WO0070842A2 WO 2000070842 A2 WO2000070842 A2 WO 2000070842A2 FR 0001354 W FR0001354 W FR 0001354W WO 0070842 A2 WO0070842 A2 WO 0070842A2
Authority
WO
WIPO (PCT)
Prior art keywords
card
security module
memory location
logical channel
memory
Prior art date
Application number
PCT/FR2000/001354
Other languages
French (fr)
Other versions
WO2000070842A3 (en
Inventor
Frédéric MAYANCE
Original Assignee
Schlumberger Systemes
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Schlumberger Systemes filed Critical Schlumberger Systemes
Priority to EP00931312A priority Critical patent/EP1192795A2/en
Publication of WO2000070842A2 publication Critical patent/WO2000070842A2/en
Publication of WO2000070842A3 publication Critical patent/WO2000070842A3/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0866Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means by active credit-cards adapted therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/363Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes with the personal data of a user
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M17/00Prepayment of wireline communication systems, wireless communication systems or telephone systems
    • H04M17/02Coin-freed or check-freed systems, e.g. mobile- or card-operated phones, public telephones or booths

Definitions

  • the present invention relates to a data management method, by a security module, of a user card capable of being inserted into at least one terminal, said card being subjected to at least one authentication by said security module. It also relates to a security module adapted for its implementation.
  • the invention finds a particularly advantageous application in the field of telephony.
  • terminal administration systems which include an administration server and security modules generally embedded in hubs connected to said terminals.
  • a concentrator comprises a computer, several security modules and an electronic card with which said modules are connected.
  • the terminals are called public telephones.
  • a security module guarantees the validity of a user card inserted in a public telephone, in particular through authentication of said card. To this end, said card includes secret data making it possible to guarantee its validity.
  • Public telephone administration systems as well as secret data are managed by telephone operators.
  • the concentrator manages several security modules, generally around thirty.
  • a security module manages only one public telephone.
  • the electronic card is used to administer communication between the telephones and the administration server.
  • a technical problem to be solved by the object of the present invention is to propose a data management method, by a security module, of a user card capable of being introduced into at least one terminal, said card being subject at least one authentication by said security module, as well as a security module, which would make it possible to easily manage a fleet of terminals, at low cost, and this by reducing the administration device for said terminals.
  • a solution to the technical problem posed is characterized, according to a first object of the present invention, in that said data management method comprises the steps according to which:
  • this solution is characterized in that the security module comprises:
  • the data management method as well as the security module of the invention make it possible to manage several public telephones in parallel by means of a security module.
  • contextual data is stored defining the state in which a set of user cards is located at a given time during a connection session of said cards, for several telephones, the data being saved in a memory. of the security module.
  • FIG. 1 is a diagram showing a security module, a terminal and a user card for implementing the method according to the invention.
  • FIG. 2 is a diagram of the security module of FIG. 1 comprising several memory locations.
  • FIG. 3 is a diagram showing a first communication between the security module and the terminal of FIG. 1.
  • FIGS. 4a, 4b, 4c, 4d and 4e are diagrams representing a memory location of the security module of FIG. 2.
  • FIG. 5 is a diagram showing a memory location of the security module of FIG. 2.
  • FIG. 6 is a diagram showing a second communication between the security module and the terminal of FIG. 1.
  • the present description of the invention relates to the example of integrated circuit cards.
  • integrated circuit card is meant any portable object, card in ISO format or not, subscriber identification module, electronic label, badge, etc.
  • the term “introduction” of a card into a terminal generally means " cooperation ".
  • the invention relates both to a card with a contact interface which requires a physical introduction into the terminal, as well as a card with a contactless interface which are able to communicate with the terminal without physical contact with the latter (by radio frequency. ..) or a card with the two interfaces.
  • the SAM module comprises a memory comprising at least one memory location M.
  • the memory of the SAM security module is a non-volatile EEPROM memory.
  • the SAM security module comprises several memory locations M.
  • the memory locations M are placed contiguously in a CHANNEL file of the non-volatile memory EEPROM, and, a chronological counter RECMAN is associated at a memory location M as well as an allocation area CN.
  • the CN allocation area as well as the RECMAN chronological counter have respective initial values VI and V2.
  • the SAM security module also includes at least one ISSUER file comprising a MASTER master key and a cumulative CBCPT counter of units.
  • the module includes several ISSUER files. Each ISSUER file corresponding to a type of cards issued.
  • a user When a user wants to telephone, he introduces his CARD card into the public telephone P. Before initiating a communication, a first authentication A is carried out by means of the SAM security module, via the telephone P and then the communication.
  • the first authentication A comprises the steps described below, as shown in FIG. 3.
  • a first step an identifier ID of the user card is read, said identifier being unique for each card.
  • an available LC logical channel is sought and a logical channel for the public telephone P in which the user card CARD is located is allocated in the SAM security module.
  • an LC logical channel is sought by means of a first GETCHANNELSTATUS command sent from the public telephone P to the SAM security module.
  • a logical channel LC includes an identifier NB. Said module returns a list of all the channels used, advantageously their identifier NB. We deduce the channels that are available and choose one of the available channels.
  • a memory location M is associated with the logical channel LC by writing the identifier NB of the logical channel LC allocated in the area CN for allocation of the chosen memory location M. Thus, the memory location M is no longer free.
  • the lifetime of the non-volatile EEPROM memory depends on the number of registrations made.
  • the chronological counter RECMAN of each location is used. memory M as described below.
  • the value of the RECMAN chronological counter of the associated memory location M is incremented, relative to the maximum value of all the chronological counters of the memory locations M.
  • the oldest memory location M is the one with the smallest RECMAN time counter value.
  • the oldest free memory location M is associated with a logical channel LC.
  • the CHANNEL file comprises four memory locations M l, M2, M3 and M4 used. Their counters RECMAN chronological values have an initialization value V2 equal to zero.
  • the value of a RECMAN chronological counter is incremented by one.
  • the channel associated with the third location M3 is released. Its RECMAN3 counter is incremented by one and worth one.
  • the channel associated with the second location M2 is released. His counter
  • RECMAN2 is incremented by one compared to the third counter. Its value is two.
  • the channel associated with the fourth memory location M4 is released, its counter RECMAN4 is worth three, as shown in FIG. 4d.
  • a logical channel LC with identifier NB3 is allocated and the oldest free memory location M is associated, ie, as shown in FIG. 4e, the third memory location M3.
  • the method of the present invention allows, on the one hand, to avoid always choosing the same memory location M to write data there as we will see later, and, on the other hand, not to be restricted to the number of memory locations M for the choice of LC logical channel identifiers to be allocated. We can thus have the choice between, for example, two hundred and fifty five LC channel identifiers while having only ten memory locations M.
  • this memory management method described above can be applied to any application other than that of telephony.
  • the secret key KEY of the CARD card is recalculated, using the identifier ID of said card and a master key MASTER of said SAM module.
  • This step is also called the key diversification step.
  • an ISSUER file is selected during the step of reading the identifier of the user card, the correlation being made between the type of cards and the master key by means of the identifier of said user card.
  • the allocation of the LC logical channel and the diversification of the key are done by means of a second DIVERSIFYKEY command sent from the public telephone P to the SAM security module.
  • Said second command takes into account in particular the identifier NB of the channel allocated to the public telephone P, an identifier ALGOID2 of a diversification algorithm ALGO2, an identifier of the master key MASTER used and, where appropriate, a diversifier RAND.
  • the contextual data DATA relating to the authentication step A is stored in the memory location M associated with the allocated logical channel LC.
  • the contextual data DATA comprises an identifier ALGOID 1 an ALGO 1 signature algorithm, the identifier ID of the CARD user card, the identifier of the MASTER master key used, the diversified key KEY, an ABACUS abacus of the CARD user card, and, status data STATE ....
  • the ABACUS abacus has a first VO value.
  • the STATE state data makes it possible to manage in the SAM security module a sequence of commands in order to memorize the state of the SAM module at a given instant, and this for a LC logical channel given.
  • the SAM module comprises a table in which a number and a set of bytes are assigned to each state. An authorized command is represented by one of the bytes. The first quartet of the byte includes the number of the state in which we are after execution of the command, if there has been no error.
  • the second quartet includes the number of the state in which we are when there has been an error (not shown). If another user uses a second CARD in a second P-phone, the second card can be validated using the SAM module, for example, after a first authentication of a first user card. The contextual data of the first card is not lost, we can continue to manage the first card.
  • the method of said invention thus allows, thanks to this management of contextual data by the SAM security module, to execute different authentication sessions in parallel, an authentication session corresponding to a call duration and consequently manage multiple public telephones P by means of the security module SAM, a public telephone P having an allocated logical channel LC and an associated memory location M.
  • a random number RAND we send a random number RAND to the card, we store said random number in the memory location M associated with the allocated logical channel LC, we calculate in the card a cryptogram by encrypting the secret key KEY using in particular the ALGO 1 signature algorithm, the random number RAND, and, the cryptogram is sent to the security module SAM (not shown).
  • SAM security module
  • the value of the cryptogram is checked by means of the secret key KEY recalculated during the third step.
  • the communication can be established.
  • the ABACUS chart on the card is updated according to the number of units used during communication.
  • the value of the ABACUS abacus is read in order to verify that the abacus has been updated.
  • a second authentication A is carried out which corresponds to the last step of the first authentication A described above.
  • Said second authentication A takes into account the value of the abacus abacus read previously, the identifier ALGOID 1 of the ALGO 1 signature algorithm used and the ID identifier of the card, which have been saved in the memory location M. In the case where the same RAND random number is used, the steps concerning said random number are not useful since the latter is stored in the memory location M.
  • the contextual data DATA such as the new value VN of the abacus ABACUS, the new state data STATE, and, if necessary, the new RAND random number generated, said new state data replacing the old ones.
  • the new random RAND number if applicable. If a power off of the SAM module occurs, said second authentication A is performed again.
  • This second authentication A makes it possible to verify that no fraudster has used a pirate card to telephone.
  • the cryptogram calculated by said card and returned to the SAM module is erroneous since it is different from that calculated in said SAM module.
  • the identifier of the fraudulent card is different from that of the valid card previously inserted in the public telephone P, as is the value of the ABACUS chart.
  • the CARD card is removed from the public telephone P.
  • the allocated logical channel LC is no longer useful.
  • the logical channel LC associated with the terminal P is closed.
  • the area CN allocation of the memory location M associated with the initialization value VI is initialized and the chronological counter RECMAN is updated. If necessary, the contextual data DATA is deleted in the memory location M associated with the logical channel LC which is freed.
  • the method of the present invention has an advantage according to which the number of units used per type of card is counted in the SAM security module in an optimized manner.
  • a public telephone P comprises said security module SAM
  • the management of the channels described above does not apply since only one logical channel is used, and, the contextual data DATA are stored in a volatile memory. RAM.
  • the invention is in no way limited to the field of telephony, it can extend to other fields in which a terminal administration system is implemented, such as for example an administration system of parking meters.

Abstract

The invention relates to a method for the management of data belonging to a user card that can be introduced into at least one terminal, by a security module. Said card is subjected to at least one authentication process by said security module. The invention is characterized in that the method comprises the following stages: the card is introduced into a terminal; each time the user card is authenticated, a logical channel is allocated to said terminal in the security module; contextual data relating to the authentication stage are stored in a storage location associated with the logical channel, said storage location being located in a memory of the security module; and the card is withdrawn from the terminal. The invention is particularly suitable for use in telephony.

Description

PROCEDE DE GESTION DE DONNEES PAR UN MODULE DE METHOD FOR MANAGING DATA BY A MODULE
SECURITE ET MODULE DE SECURITESECURITY AND SECURITY MODULE
La présente invention concerne un procédé de gestion de données, par un module de sécurité, d'une carte utilisateur apte à être introduite dans au moins un terminal, ladite carte étant soumise à au moins une authentification par ledit module de sécurité. Elle concerne également un module de sécurité adapté pour sa mise en oeuvre.The present invention relates to a data management method, by a security module, of a user card capable of being inserted into at least one terminal, said card being subjected to at least one authentication by said security module. It also relates to a security module adapted for its implementation.
L'invention trouve une application particulièrement avantageuse dans le domaine de la téléphonie.The invention finds a particularly advantageous application in the field of telephony.
Dans le domaine de la téléphonie, il existe des systèmes d'administration de terminaux qui comportent un serveur d'administration et des modules de sécurité généralement embarqués dans des concentrateurs connectés auxdits terminaux. Un concentrateur comporte un ordinateur, plusieurs modules de sécurité et une carte électronique avec laquelle sont connectés lesdits modules. Les terminaux sont appelés téléphones publics. Un module de sécurité garantit la validité d'une carte utilisateur introduite dans un téléphone public, notamment grâce à une authentification de ladite carte. A cet effet, ladite carte comprend des données secrètes permettant de garantir sa validité. Les systèmes d'administration de téléphones publics ainsi que les données secrètes sont gérés par des opérateurs de téléphonie. Le concentrateur gère plusieurs modules de sécurité, en général une trentaine. Un module de sécurité ne gère qu'un seul téléphone public. La carte électronique permet d'administrer une communication entre les téléphones et le serveur d'administration. Bien que ce dispositif permette une gestion d'un parc de téléphones publics, il présente l'inconvénient d'être lourd à administrer. De plus, le dispositif ainsi mis en place est coûteux pour les opérateurs de téléphonie. Aussi, un problème technique à résoudre par l'objet de la présente invention est de proposer un procédé de gestion de données, par un module de sécurité, d'une carte utilisateur apte à être introduite dans au moins un terminal, ladite carte étant soumise à au moins une authentification par ledit module de sécurité, ainsi qu'un module de sécurité, qui permettraient de gérer facilement un parc de terminaux, à moindre coût, et ce en allégeant le dispositif d'administration desdits terminaux.In the field of telephony, there are terminal administration systems which include an administration server and security modules generally embedded in hubs connected to said terminals. A concentrator comprises a computer, several security modules and an electronic card with which said modules are connected. The terminals are called public telephones. A security module guarantees the validity of a user card inserted in a public telephone, in particular through authentication of said card. To this end, said card includes secret data making it possible to guarantee its validity. Public telephone administration systems as well as secret data are managed by telephone operators. The concentrator manages several security modules, generally around thirty. A security module manages only one public telephone. The electronic card is used to administer communication between the telephones and the administration server. Although this device allows management of a fleet of public telephones, it has the disadvantage of being cumbersome to administer. In addition, the device thus set up is costly for telephone operators. Also, a technical problem to be solved by the object of the present invention is to propose a data management method, by a security module, of a user card capable of being introduced into at least one terminal, said card being subject at least one authentication by said security module, as well as a security module, which would make it possible to easily manage a fleet of terminals, at low cost, and this by reducing the administration device for said terminals.
Une solution au problème technique posé se caractérise, selon un premier objet de la présente invention, en ce que ledit procédé de gestion de données comporte les étapes selon lesquelles :A solution to the technical problem posed is characterized, according to a first object of the present invention, in that said data management method comprises the steps according to which:
- on introduit la carte dans un terminal,- the card is introduced into a terminal,
- on alloue, dans le module de sécurité, un canal logique audit terminal, - à chaque authentification de la carte utilisateur, on mémorise dans un emplacement mémoire associé au canal logique, des données contextuelles relatives à l'étape d'authentification, ledit emplacement mémoire se trouvant dans une mémoire du module de sécurité, - on retire la carte du terminal.- we allocate, in the security module, a logical channel to said terminal, - each authentication of the user card, we store in a memory location associated with the logical channel, contextual data relating to the authentication step, said location memory in a memory of the security module, - the card is removed from the terminal.
Selon un second objet de la présente invention, cette solution se caractérise en ce que le module de sécurité comporte :According to a second object of the present invention, this solution is characterized in that the security module comprises:
- des moyens d'allocation d'un canal logique audit terminal dans lequel est introduite la carte, - un emplacement mémoire associé au canal logique apte à mémoriser des données contextuelles relatives à chaque étape d'authentification de la carte utilisateur, ledit emplacement mémoire se trouvant dans une mémoire du module de sécurité. Ainsi, comme on le verra en détail plus loin, le procédé de gestion de données ainsi que le module de sécurité de l'invention, permettent de gérer plusieurs téléphones publics en parallèle au moyen d'un module de sécurité. A cet effet, on mémorise des données contextuelles définissant l'état dans lequel se trouve un ensemble de cartes utilisateurs à un instant donné lors d'une session de connexion desdites cartes, et ce, pour plusieurs téléphones, les données étant sauvegardées dans une mémoire du module de sécurité.means for allocating a logical channel to said terminal into which the card is inserted, a memory location associated with the logical channel capable of storing contextual data relating to each authentication step of the user card, said memory location is found in a memory of the security module. Thus, as will be seen in detail below, the data management method as well as the security module of the invention make it possible to manage several public telephones in parallel by means of a security module. To this end, contextual data is stored defining the state in which a set of user cards is located at a given time during a connection session of said cards, for several telephones, the data being saved in a memory. of the security module.
La description qui va suivre au regard des dessins annexés, donnée à titre d'exemple non limitatif, fera bien comprendre en quoi consiste l'invention et comment elle peut être réalisée.The description which follows with reference to the appended drawings, given by way of nonlimiting example, will make it clear what the invention consists of and how it can be implemented.
La figure 1 est un schéma montrant un module de sécurité, un terminal et une carte utilisateur pour la mise en oeuvre du procédé selon l'invention. La figure 2 est un schéma du module de sécurité de la figure 1 comprenant plusieurs emplacements mémoire.FIG. 1 is a diagram showing a security module, a terminal and a user card for implementing the method according to the invention. FIG. 2 is a diagram of the security module of FIG. 1 comprising several memory locations.
La figure 3 est un schéma montrant une première communication entre le module de sécurité et le terminal de la figure 1.FIG. 3 is a diagram showing a first communication between the security module and the terminal of FIG. 1.
Les figures 4a, 4b, 4c, 4d et 4e sont des schémas représentant un emplacement mémoire du module de sécurité de la figure 2.FIGS. 4a, 4b, 4c, 4d and 4e are diagrams representing a memory location of the security module of FIG. 2.
La figure 5 est un schéma montrant un emplacement mémoire du module de sécurité de la figure 2.FIG. 5 is a diagram showing a memory location of the security module of FIG. 2.
La figure 6 est un schéma montrant une deuxième communication entre le module de sécurité et le terminal de la figure 1. Le présent exposé de l'invention a trait à l'exemple des cartes à circuit intégré. Par carte à circuit intégré, on entend tout objet portatif, carte au format ISO ou non, module d'identification abonné, étiquette électronique, badge, etc.FIG. 6 is a diagram showing a second communication between the security module and the terminal of FIG. 1. The present description of the invention relates to the example of integrated circuit cards. By integrated circuit card is meant any portable object, card in ISO format or not, subscriber identification module, electronic label, badge, etc.
On notera que le terme « introduction » d'une carte dans un terminal, employé par la suite, signifie de manière générale « coopération ». L'invention concerne aussi bien une carte avec une interface à contacts qui nécessite une introduction physique dans le terminal, qu'une carte avec une interface sans contacts qui sont à même de dialoguer avec le terminal sans contacts physiques avec ce dernier (par radiofréquence...) ou encore une carte comportant les deux interfaces.It will be noted that the term “introduction” of a card into a terminal, used subsequently, generally means " cooperation ". The invention relates both to a card with a contact interface which requires a physical introduction into the terminal, as well as a card with a contactless interface which are able to communicate with the terminal without physical contact with the latter (by radio frequency. ..) or a card with the two interfaces.
Sur la figure 1 est représenté un module SAM de sécurité, un terminal P et une carte utilisateur CARD. Le terminal P est un téléphone public. Le module SAM comprend une mémoire comportant au moins un emplacement mémoire M. Préférentiellement, la mémoire du module de sécurité SAM est une mémoire non volatile EEPROM. Préférentiellement, le module de sécurité SAM comporte plusieurs emplacements mémoire M. Comme le montre la figure 2, avantageusement, les emplacements mémoire M sont placés de manière contiguë dans un fichier CHANNEL de la mémoire non volatile EEPROM, et, un compteur chronologique RECMAN est associé à un emplacement mémoire M ainsi qu'une zone CN d'attribution. La zone CN d'attribution ainsi que le compteur chronologique RECMAN ont des valeurs initiales respectives VI et V2. Le module de sécurité SAM comporte également au moins un fichier ISSUER comprenant une clef maître MASTER et un compteur cumulatif CBCPT d'unités. Avantageusement, le module comporte plusieurs fichiers ISSUER. Chaque fichier ISSUER correspondant à un type de cartes émises.In FIG. 1 is shown a security SAM module, a terminal P and a CARD user card. Terminal P is a public telephone. The SAM module comprises a memory comprising at least one memory location M. Preferably, the memory of the SAM security module is a non-volatile EEPROM memory. Preferably, the SAM security module comprises several memory locations M. As shown in FIG. 2, advantageously, the memory locations M are placed contiguously in a CHANNEL file of the non-volatile memory EEPROM, and, a chronological counter RECMAN is associated at a memory location M as well as an allocation area CN. The CN allocation area as well as the RECMAN chronological counter have respective initial values VI and V2. The SAM security module also includes at least one ISSUER file comprising a MASTER master key and a cumulative CBCPT counter of units. Advantageously, the module includes several ISSUER files. Each ISSUER file corresponding to a type of cards issued.
Lorsqu'un utilisateur veut téléphoner, il introduit sa carte CARD dans le téléphone public P. Avant d'initier une communication, on effectue une première authentification A au moyen du module SAM de sécurité, par l'intermédiaire du téléphone P puis on établit la communication .When a user wants to telephone, he introduces his CARD card into the public telephone P. Before initiating a communication, a first authentication A is carried out by means of the SAM security module, via the telephone P and then the communication.
La première authentification A comprend les étapes décrites ci- après, comme le montre la figure 3. Dans une première étape, on lit un identifiant ID de la carte utilisateur, ledit identifiant étant unique pour chaque carte.The first authentication A comprises the steps described below, as shown in FIG. 3. In a first step, an identifier ID of the user card is read, said identifier being unique for each card.
Dans une seconde étape, on recherche un canal logique LC disponible et on alloue, dans le module de sécurité SAM, un canal logique pour le téléphone public P dans lequel la carte utilisateur CARD se trouve. Préalablement à l'allocation, on recherche un canal logique LC au moyen d'une première commande GETCHANNELSTATUS envoyée à partir du téléphone public P au module de sécurité SAM. Un canal logique LC comporte un identifiant NB. Ledit module renvoie une liste de tous les canaux utilisés, avantageusement leur identifiant NB. On déduit les canaux qui sont disponibles et on choisit un des canaux disponibles. Après l'allocation, on associe un emplacement mémoire M au canal logique LC en inscrivant l'identifiant NB du canal logique LC alloué dans la zone CN d'attribution de l'emplacement mémoire M choisi. Ainsi, l'emplacement mémoire M n'est plus libre.In a second step, an available LC logical channel is sought and a logical channel for the public telephone P in which the user card CARD is located is allocated in the SAM security module. Prior to allocation, an LC logical channel is sought by means of a first GETCHANNELSTATUS command sent from the public telephone P to the SAM security module. A logical channel LC includes an identifier NB. Said module returns a list of all the channels used, advantageously their identifier NB. We deduce the channels that are available and choose one of the available channels. After allocation, a memory location M is associated with the logical channel LC by writing the identifier NB of the logical channel LC allocated in the area CN for allocation of the chosen memory location M. Thus, the memory location M is no longer free.
La durée de vie de la mémoire non volatile EEPROM dépend du nombre d'inscriptions effectuées. Afin d'éviter d'associer un emplacement mémoire M de la mémoire non volatile EEPROM à un canal logique LC, par exemple, dans un ordre croissant, et par suite de toujours utiliser les mêmes emplacements, on utilise le compteur chronologique RECMAN de chaque emplacement mémoire M de la manière décrite ci-après. Lorsqu'on ferme un canal logique LC, on incrémente la valeur du compteur chronologique RECMAN de l'emplacement mémoire M associé, par rapport à la valeur maximum de tous les compteurs chronologiques des emplacements mémoire M. L'emplacement mémoire M le plus ancien est celui dont la valeur du compteur chronologique RECMAN est la plus petite. Ainsi, on associe le plus ancien emplacement mémoire M libre à un canal logique LC. Comme le montre la figure 4a, le fichier CHANNEL comporte quatre emplacements mémoire M l , M2, M3 et M4 utilisés. Leurs compteurs chronologiques RECMAN ont une valeur d'initialisation V2 égale à zéro.The lifetime of the non-volatile EEPROM memory depends on the number of registrations made. In order to avoid associating a memory location M of the non-volatile EEPROM memory with a logical channel LC, for example, in ascending order, and consequently of always using the same locations, the chronological counter RECMAN of each location is used. memory M as described below. When a LC logical channel is closed, the value of the RECMAN chronological counter of the associated memory location M is incremented, relative to the maximum value of all the chronological counters of the memory locations M. The oldest memory location M is the one with the smallest RECMAN time counter value. Thus, the oldest free memory location M is associated with a logical channel LC. As shown in FIG. 4a, the CHANNEL file comprises four memory locations M l, M2, M3 and M4 used. Their counters RECMAN chronological values have an initialization value V2 equal to zero.
Dans cet exemple, on incrémente de un la valeur d'un compteur chronologique RECMAN. Comme le montre la figure 4b, on libère le canal associé au troisième emplacement M3. Son compteur RECMAN3 est incrémente de un et vaut un. Comme le montre la figure 4c, On libère le canal associé au deuxième emplacement M2. Son compteurIn this example, the value of a RECMAN chronological counter is incremented by one. As shown in FIG. 4b, the channel associated with the third location M3 is released. Its RECMAN3 counter is incremented by one and worth one. As shown in FIG. 4c, the channel associated with the second location M2 is released. His counter
RECMAN2 est incrémente de un par rapport au troisième compteur. Sa valeur est deux. On libère le canal associé au quatrième emplacement mémoire M4, son compteur RECMAN4 vaut trois, comme le montre la figure 4d. enfin, on alloue un canal logique LC d'identifiant NB3 et on associe le plus ancien emplacement mémoire M libre, soit, comme le montre la figure 4e, le troisième emplacement mémoire M3. Ainsi, le procédé de la présente invention permet, d'une part, d'éviter de toujours choisir un même emplacement mémoire M pour y inscrire des données comme nous le verrons par la suite, et, d'autre part, de ne pas être restreint au nombre d'emplacements mémoire M pour le choix d'identifiants de canaux logiques LC à allouer. On peut ainsi avoir le choix entre, par exemple, deux cent cinquante cinq identifiants de canal LC tout en n'ayant que dix emplacements mémoire M. Bien entendu, ce procédé de gestion de la mémoire décrit ci- dessus, peut s'appliquer à tout autre application que celle de la téléphonie.RECMAN2 is incremented by one compared to the third counter. Its value is two. The channel associated with the fourth memory location M4 is released, its counter RECMAN4 is worth three, as shown in FIG. 4d. finally, a logical channel LC with identifier NB3 is allocated and the oldest free memory location M is associated, ie, as shown in FIG. 4e, the third memory location M3. Thus, the method of the present invention allows, on the one hand, to avoid always choosing the same memory location M to write data there as we will see later, and, on the other hand, not to be restricted to the number of memory locations M for the choice of LC logical channel identifiers to be allocated. We can thus have the choice between, for example, two hundred and fifty five LC channel identifiers while having only ten memory locations M. Of course, this memory management method described above can be applied to any application other than that of telephony.
Dans une troisième étape, dans le module de sécurité SAM, on recalcule la clef secrète KEY de la carte CARD, à partir de l'identifiant ID de ladite carte et d'une clef maître MASTER dudit module SAM. Cette étape est également appelée étape de diversification de clef. Afin de choisir la clef maître MASTER, dans le module SAM, un fichier ISSUER est sélectionné lors de l'étape de lecture de l'identifiant de la carte utilisateur, la corrélation étant faîte entre le type de cartes et la clef maître au moyen de l'identifiant de ladite carte utilisateur. L'allocation du canal logique LC et la diversification de clef se font au moyen d'un deuxième commande DIVERSIFYKEY envoyée à partir du téléphone public P au module de sécurité SAM. Ladite deuxième commande prend en compte notamment l'identifiant NB du canal alloué au téléphone public P, un identifiant ALGOID2 d'un algorithme de diversification ALGO2, un identifiant de la clef maître MASTER utilisée et le cas échéant un diversifiant RAND.In a third step, in the SAM security module, the secret key KEY of the CARD card is recalculated, using the identifier ID of said card and a master key MASTER of said SAM module. This step is also called the key diversification step. In order to choose the MASTER master key, in the SAM module, an ISSUER file is selected during the step of reading the identifier of the user card, the correlation being made between the type of cards and the master key by means of the identifier of said user card. The allocation of the LC logical channel and the diversification of the key are done by means of a second DIVERSIFYKEY command sent from the public telephone P to the SAM security module. Said second command takes into account in particular the identifier NB of the channel allocated to the public telephone P, an identifier ALGOID2 of a diversification algorithm ALGO2, an identifier of the master key MASTER used and, where appropriate, a diversifier RAND.
Dans une quatrième étape, comme le montre la figure 5, on mémorise dans l'emplacement mémoire M associé au canal logique LC alloué, les données contextuelles DATA relatives à l'étape d'authentification A. les données contextuelles DATA comprennent un identifiant ALGOID 1 d'un algorithme de signature ALGO 1 , l'identifiant ID de la carte utilisateur CARD, l'identifiant de la clef maître MASTER utilisée, la clef diversifiée KEY, un abaque ABACUS de la carte utilisateur CARD, et, des données d'état STATE .... L'abaque ABACUS a une première valeur VO. Il permet de comptabiliser les unités utilisées dans la carte utilisateur CARD, les données d'états STATE permettent de gérer dans le module de sécurité SAM une séquence de commandes afin de mémoriser l'état du module SAM à un instant donné, et ce pour un canal logique LC donné. Ainsi, suivant l'état dans lequel on est, on sait quelles sont les commandes autorisées et dans quel état on se trouve après l'exécution d'une des commandes selon le résultat de ladite exécution. Selon un mode de réalisation particulier, le module SAM comporte une table dans laquelle on attribue à chaque état un numéro et un ensemble d'octets. Une commande autorisée est représentée par un des octets. Le premier quartet de l'octet comprend le numéro de l'état dans lequel on se trouve après exécution de la commande, s'il n'y a eu aucune erreur. Le deuxième quartet comprend le numéro de l'état dans lequel on se trouve lorsqu'il y a eu une erreur (non représenté). Si un autre utilisateur utilise une deuxième carte CARD dans un deuxième pupliphone P, on peut valider la deuxième carte au moyen du module SAM, par exemple, après une première authentification d'une première carte utilisateur. Les données contextuelles de la première carte ne sont pas perdues, on peut continuer à gérer la première carte. Le procédé de ladite invention, permet ainsi, grâce à cette gestion de données contextuelles par le module de sécurité SAM, d'exécuter différentes sessions d'authentification en parallèle, une session d'authentification correspondant à une durée d'appel et par suite de gérer de multiples téléphones publics P au moyen du module de sécurité SAM, un téléphone public P ayant un canal logique LC alloué et un emplacement mémoire M associé.In a fourth step, as shown in FIG. 5, the contextual data DATA relating to the authentication step A is stored in the memory location M associated with the allocated logical channel LC. The contextual data DATA comprises an identifier ALGOID 1 an ALGO 1 signature algorithm, the identifier ID of the CARD user card, the identifier of the MASTER master key used, the diversified key KEY, an ABACUS abacus of the CARD user card, and, status data STATE .... The ABACUS abacus has a first VO value. It allows the units used in the CARD user card to be counted, the STATE state data makes it possible to manage in the SAM security module a sequence of commands in order to memorize the state of the SAM module at a given instant, and this for a LC logical channel given. Thus, according to the state in which we are, we know what are the authorized commands and in what state we are after the execution of one of the commands according to the result of said execution. According to a particular embodiment, the SAM module comprises a table in which a number and a set of bytes are assigned to each state. An authorized command is represented by one of the bytes. The first quartet of the byte includes the number of the state in which we are after execution of the command, if there has been no error. The second quartet includes the number of the state in which we are when there has been an error (not shown). If another user uses a second CARD in a second P-phone, the second card can be validated using the SAM module, for example, after a first authentication of a first user card. The contextual data of the first card is not lost, we can continue to manage the first card. The method of said invention thus allows, thanks to this management of contextual data by the SAM security module, to execute different authentication sessions in parallel, an authentication session corresponding to a call duration and consequently manage multiple public telephones P by means of the security module SAM, a public telephone P having an allocated logical channel LC and an associated memory location M.
Enfin, dans une dernière étape, on envoie un nombre aléatoire RAND à la carte, on mémorise ledit nombre aléatoire dans l'emplacement mémoire M associé au canal logique LC alloué, on calcule dans la carte un cryptogramme en cryptant la clef secrète KEY au moyen notamment de l'algorithme de signature ALGO 1, du nombre aléatoire RAND, et, on envoie le cryptogramme au module de sécurité SAM (non représenté). Dans ledit module SAM, on vérifie la valeur du cryptogramme au moyen de la clef secrète KEY recalculée lors de la troisième étape.Finally, in a last step, we send a random number RAND to the card, we store said random number in the memory location M associated with the allocated logical channel LC, we calculate in the card a cryptogram by encrypting the secret key KEY using in particular the ALGO 1 signature algorithm, the random number RAND, and, the cryptogram is sent to the security module SAM (not shown). In said SAM module, the value of the cryptogram is checked by means of the secret key KEY recalculated during the third step.
Ainsi, la première authentification A effectuée, la communication peut être établit. L'abaque ABACUS de la carte est actualisé suivant le nombre d'unités utilisé lors de la communication. On lit la valeur de l'abaque ABACUS afin de vérifier que ledit abaque a bien été actualisé. Par la suite, on effectue une deuxième authentification A qui correspond à la dernière étape de la première authentification A décrite précédemment.Thus, the first authentication A carried out, the communication can be established. The ABACUS chart on the card is updated according to the number of units used during communication. The value of the ABACUS abacus is read in order to verify that the abacus has been updated. Thereafter, a second authentication A is carried out which corresponds to the last step of the first authentication A described above.
Ladite deuxième authentification A prend en compte la valeur de l'abaque ABACUS lue précédemment, l'identifiant ALGOID 1 de l'algorithme de signature ALGO 1 utilisé et l'identifiant ID de la carte, qui ont été sauvegardés dans l'emplacement mémoire M. Dans le cas où on utilise le même nombre aléatoire RAND, les étapes concernant ledit nombre aléatoire ne sont pas utiles puisque ce dernier est mémorisé dans l'emplacement mémoire M.Said second authentication A takes into account the value of the abacus abacus read previously, the identifier ALGOID 1 of the ALGO 1 signature algorithm used and the ID identifier of the card, which have been saved in the memory location M. In the case where the same RAND random number is used, the steps concerning said random number are not useful since the latter is stored in the memory location M.
Par la suite, on mémorise dans l'emplacement mémoire M associé au canal logique LC alloué, les données contextuelles DATA telles que la nouvelle valeur VN de l'abaque ABACUS, les nouvelles données d'état STATE, et, si nécessaire, le nouveau nombre aléatoire RAND généré, lesdites nouvelles données d'état remplaçant les anciennes. Il en est de même pour le nouveau nombre aléatoire RAND, le cas échéant. Si une mise hors-tension du module SAM survient, on effectue de nouveau ladite deuxième authentification A.Subsequently, in the memory location M associated with the logical channel LC allocated, the contextual data DATA such as the new value VN of the abacus ABACUS, the new state data STATE, and, if necessary, the new RAND random number generated, said new state data replacing the old ones. The same is true for the new random RAND number, if applicable. If a power off of the SAM module occurs, said second authentication A is performed again.
Cette deuxième authentification A permet de vérifier qu'aucun fraudeur n'a utilisé de carte pirate pour téléphoner. En effet, si un utilisateur introduit une carte frauduleuse, le cryptogramme calculé par ladite carte et renvoyé au module SAM est erroné puisque différent de celui calculé dans ledit module SAM. L'identifiant de la carte frauduleuse est différent de celui de la carte valide antérieurement introduite dans le téléphone public P, ainsi que la valeur de l'abaque ABACUS.This second authentication A makes it possible to verify that no fraudster has used a pirate card to telephone. In fact, if a user introduces a fraudulent card, the cryptogram calculated by said card and returned to the SAM module is erroneous since it is different from that calculated in said SAM module. The identifier of the fraudulent card is different from that of the valid card previously inserted in the public telephone P, as is the value of the ABACUS chart.
Lorsque la communication est terminée, on retire la carte CARD du téléphone public P. Le canal logique LC alloué n'est plus utile. Aussi, on ferme le canal logique LC associé au terminal P. A cet effet, on initialise la zone CN d'attribution de l'emplacement mémoire M associé avec la valeur VI d'initialisation et on met à jour le compteur chronologique RECMAN. Le cas échéant, on efface les données contextuelles DATA dans l'emplacement mémoire M associé au canal logique LC que l'on libère. Le procédé de la présente invention comporte un avantage selon lequel on comptabilise, dans le module de sécurité SAM, le nombre d'unités utilisées par type de cartes, de manière optimisée. En effet, comme le montre la figure 6, au lieu d'effectuer une mise à jour à chaque unité utilisée, il suffit de mettre à jour le compteur cumulatif CBCPT d'unités d'un fichier ISSUER du module SAM en soustrayant la nouvelle valeur VN de l'abaque ABACUS de la carte de la première valeur VO dudit abaque, la nouvelle valeur VN étant mémorisée dans l'emplacement mémoire M après chaque nouvelle deuxième authentification A. Lorsque la soustraction a été faîte, on remplace la première valeur VO par la deuxième valeur VN mémorisée, pour la deuxième authentification A suivante. Cette mise à jour est déclenchée au moyen d'une troisième commande INCBILLING prenant en compte un identifiant de canal NB correspondant à un fichier ISSUER et téléphone public P utilisé, ladite commande étant envoyée à partir du téléphone public P au module SAM.When the communication is finished, the CARD card is removed from the public telephone P. The allocated logical channel LC is no longer useful. Also, the logical channel LC associated with the terminal P is closed. To this end, the area CN allocation of the memory location M associated with the initialization value VI is initialized and the chronological counter RECMAN is updated. If necessary, the contextual data DATA is deleted in the memory location M associated with the logical channel LC which is freed. The method of the present invention has an advantage according to which the number of units used per type of card is counted in the SAM security module in an optimized manner. Indeed, as shown in Figure 6, instead of performing an update for each unit used, it suffices to update the cumulative counter CBCPT of units of an ISSUER file of the SAM module by subtracting the new value VN of the abacus ABACUS of the card of the first value VO of said abacus, the new value VN being stored in the memory location M after each new second authentication A. When the subtraction has been made, the first value VO is replaced by the second value VN memorized, for the next second authentication A. This update is triggered by means of a third INCBILLING command taking into account a channel identifier NB corresponding to an ISSUER file and public telephone P used, said command being sent from the public telephone P to the SAM module.
On notera que lorsqu'un téléphone public P comprend ledit module de sécurité SAM, la gestion de canaux décrites ci-dessus ne s'applique pas puisqu'un seul canal logique est utilisé, et, les données contextuelles DATA sont mémorisées dans une mémoire volatile RAM.It will be noted that when a public telephone P comprises said security module SAM, the management of the channels described above does not apply since only one logical channel is used, and, the contextual data DATA are stored in a volatile memory. RAM.
Bien entendu, l'invention n'est nullement limitée au domaine de la téléphonie, elle peut s'étendre à d'autres domaines dans lesquels est mis en oeuvre un système d'administration de terminaux, tels que par exemple un système d'administration de parcmètres. Of course, the invention is in no way limited to the field of telephony, it can extend to other fields in which a terminal administration system is implemented, such as for example an administration system of parking meters.

Claims

REVENDICATIONS
1 - Procédé de gestion de données, par un module de sécurité (SAM), d'une carte (CARD) utilisateur apte à être introduite dans au moins un terminal (P), ladite carte étant soumise à au moins une authentification (A) par ledit module de sécurité (SAM), caractérisé en ce qu'il comporte les étapes selon lesquelles :1 - Data management method, by a security module (SAM), of a user card (CARD) capable of being inserted into at least one terminal (P), said card being subjected to at least one authentication (A) by said security module (SAM), characterized in that it comprises the steps according to which:
- on introduit la carte (CARD) dans un terminal (P), on alloue, dans le module de sécurité (SAM), un canal logique (LC) audit terminal (P),the card (CARD) is introduced into a terminal (P), a logical channel (LC) is allocated in said security module (SAM) to said terminal (P),
- à chaque authentification (A) de la carte utilisateur (CARD), on mémorise dans un emplacement mémoire (M) associé au canal logique (LC) des données contextuelles (DATA) relatives à l'étape d'authentification (A), ledit emplacement mémoire (M) se trouvant dans une mémoire du module de sécurité (SAM),- each authentication (A) of the user card (CARD), contextual data (DATA) relating to the authentication step (A) is stored in a memory location (M) associated with the logical channel (LC) memory location (M) located in a memory of the security module (SAM),
- on retire la carte (CARD) du terminal (P).- the card (CARD) is removed from the terminal (P).
2 - Procédé selon la revendication 1 , caractérisé en ce que la mémoire du module de sécurité (SAM) est une mémoire non volatile (EEPROM). 3 - Procédé selon les revendications 1 ou 2, caractérisé en ce qu'on associe le plus ancien emplacement mémoire (M) libre à un canal logique (LC).2 - Method according to claim 1, characterized in that the memory of the security module (SAM) is a non-volatile memory (EEPROM). 3 - Method according to claims 1 or 2, characterized in that the oldest memory location (M) is associated with a free logical channel (LC).
4 - Procédé selon l'une des revendications précédentes, caractérisé en ce qu'un compteur chronologique (RECMAN) est associé à un emplacement mémoire (M).4 - Method according to one of the preceding claims, characterized in that a chronological counter (RECMAN) is associated with a memory location (M).
5 - Procédé selon les revendications 3 et 4, caractérisé en ce que l'emplacement mémoire (M) le plus ancien est celui dont la valeur du compteur chronologique (RECMAN) est la plus petite. 6 - Procédé selon l'une des revendications précédentes, caractérisé en ce qu'il comporte une étape supplémentaire selon laquelle : préalablement à l'allocation, on recherche un canal logique (LC) au moyen d'une première commande5 - Method according to claims 3 and 4, characterized in that the oldest memory location (M) is the one whose value of the chronological counter (RECMAN) is the smallest. 6 - Method according to one of the preceding claims, characterized in that it comprises an additional step according to which: prior to allocation, a logical channel (LC) is sought by means of a first command
(GETCHANNELSTATUS) .(GETCHANNELSTATUS).
7 - Procédé selon l'une des revendications précédentes, caractérisé en ce que le module de sécurité (SAM) comporte plusieurs emplacements mémoire (M). 8 - Procédé selon l'une des revendications précédentes, caractérisé en ce qu'il comporte une étape supplémentaire selon laquelle : on ferme le canal logique (LC) associé au terminal (P).7 - Method according to one of the preceding claims, characterized in that the security module (SAM) comprises several memory locations (M). 8 - Method according to one of the preceding claims, characterized in that it comprises an additional step according to which: the logical channel (LC) associated with the terminal (P) is closed.
9 - Procédé selon la revendication 8, caractérisé en ce que lorsqu'on ferme un canal logique (LC), on incrémente la valeur du compteur chronologique (RECMAN) de l'emplacement mémoire (M) associé, par rapport à la valeur maximum de tous les compteurs chronologiques des emplacements mémoire (M).9 - Method according to claim 8, characterized in that when a logical channel (LC) is closed, the value of the chronological counter (RECMAN) of the associated memory location (M) is incremented, relative to the maximum value of all the chronological counters of the memory locations (M).
10 - Procédé selon l'une des revendications précédentes, caractérisé en ce qu'on associe un emplacement mémoire (M) à un canal logique (LC) en inscrivant un identifiant (NB) du canal logique (LC) alloué dans une zone (CN) d'attribution de l'emplacement mémoire (M).10 - Method according to one of the preceding claims, characterized in that a memory location (M) is associated with a logical channel (LC) by entering an identifier (NB) of the logical channel (LC) allocated in a zone (CN ) allocation of the memory location (M).
11 - Module de sécurité (SAM) destiné à gérer une carte (CARD) utilisateur introduite dans au moins un terminal (P), ladite carte étant apte à être soumise à au moins une authentification (A) par ledit module de sécurité (SAM), caractérisé en ce qu'il comporte : - des moyens d'allocation d'un canal logique (LC) audit terminal (P) dans lequel est introduite la carte (CARD), - un emplacement mémoire (M) associé au canal logique (LC) apte à mémoriser des données contextuelles (DATA) relatives à chaque étape d'authentification (A) de la carte (CARD) utilisateur, ledit emplacement mémoire (M) se trouvant dans une mémoire du module de sécurité (SAM).11 - Security module (SAM) intended to manage a user card (CARD) inserted in at least one terminal (P), said card being able to be subjected to at least one authentication (A) by said security module (SAM) , characterized in that it comprises: - means for allocating a logical channel (LC) to said terminal (P) into which the card (CARD) is inserted, a memory location (M) associated with the logical channel (LC) capable of storing contextual data (DATA) relating to each authentication step (A) of the user card (CARD), said memory location (M) being in a security module memory (SAM).
12 - Module selon la revendication 11, caractérisé en ce que la mémoire du module de sécurité (SAM) est une mémoire non volatile (EEPROM).12 - Module according to claim 11, characterized in that the memory of the security module (SAM) is a non-volatile memory (EEPROM).
13 - Module selon les revendications 11 ou 12, caractérisé en ce que le plus ancien emplacement mémoire (M) libre est associé à un canal logique (LC).13 - Module according to claims 11 or 12, characterized in that the oldest memory location (M) free is associated with a logic channel (LC).
14 - Module selon l'une des revendications précédentes l i a 13, caractérisé en ce qu'un compteur chronologique (RECMAN) est associé à un emplacement mémoire (M). 15 - Module selon les revendications 13 et 14, caractérisé en ce que l'emplacement mémoire (M) le plus ancien est celui dont la valeur du compteur chronologique (RECMAN) est la plus petite.14 - Module according to one of the preceding claims l i to 13, characterized in that a chronological counter (RECMAN) is associated with a memory location (M). 15 - Module according to claims 13 and 14, characterized in that the oldest memory location (M) is the one whose value of the chronological counter (RECMAN) is the smallest.
16 - Module selon l'une des revendications précédentes l i a 15, caractérisé en ce qu'il comporte en outre une première commande (GETCHANNELSTATUS) apte à rechercher un canal logique (LC) préalablement à l'allocation.16 - Module according to one of the preceding claims l i to 15, characterized in that it further comprises a first command (GETCHANNELSTATUS) capable of seeking a logical channel (LC) prior to allocation.
17 - Module selon l'une des revendications précédentes 1 1 à 16, caractérisé en ce qu'il comporte plusieurs emplacements mémoire (M). 18 - Module selon l'une des revendications précédentes 1 1 à 17, caractérisé en ce qu'il comporte en outre des moyens pour fermer le canal logique (LC) associé au terminal (P).17 - Module according to one of the preceding claims 1 1 to 16, characterized in that it comprises several memory locations (M). 18 - Module according to one of the preceding claims 1 1 to 17, characterized in that it further comprises means for closing the logic channel (LC) associated with the terminal (P).
19 - Module selon l'une des revendications précédentes l i a 18, caractérisé en ce qu'il comporte en outre des moyens pour incrémenter la valeur du compteur chronologique (RECMAN) de l'emplacement mémoire (M) associé, par rapport à la valeur maximum de tous les compteurs chronologiques des emplacements mémoire (M).19 - Module according to one of the preceding claims lia 18, characterized in that it further comprises means for incrementing the value of the chronological counter (RECMAN) by the associated memory location (M), compared to the maximum value of all the chronological counters of the memory locations (M).
20 - Module selon l'une des revendications précédentes 1 1 à 19, caractérisé en ce qu'il comporte en outre des moyens pour associer un emplacement mémoire (M) à un canal logique (LC), lesdits moyens étant aptes à inscrire un identifiant (NB) du canal logique (LC) alloué dans une zone (CN) d'attribution de l'emplacement mémoire (M). 20 - Module according to one of the preceding claims 1 1 to 19, characterized in that it further comprises means for associating a memory location (M) with a logical channel (LC), said means being able to register an identifier (NB) of the logical channel (LC) allocated in an area (CN) of allocation of the memory location (M).
PCT/FR2000/001354 1999-05-18 2000-05-18 Method for the management of data by a security module and corresponding security module WO2000070842A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP00931312A EP1192795A2 (en) 1999-05-18 2000-05-18 Method for the management of data by a security module and corresponding security module

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR99/06308 1999-05-18
FR9906308A FR2793979B1 (en) 1999-05-18 1999-05-18 METHOD FOR MANAGING DATA BY A SECURITY MODULE

Publications (2)

Publication Number Publication Date
WO2000070842A2 true WO2000070842A2 (en) 2000-11-23
WO2000070842A3 WO2000070842A3 (en) 2001-03-29

Family

ID=9545727

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FR2000/001354 WO2000070842A2 (en) 1999-05-18 2000-05-18 Method for the management of data by a security module and corresponding security module

Country Status (4)

Country Link
EP (1) EP1192795A2 (en)
CN (1) CN1143517C (en)
FR (1) FR2793979B1 (en)
WO (1) WO2000070842A2 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4828809B2 (en) * 2003-12-10 2011-11-30 株式会社東芝 IC card and processing method in IC card

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0185365A1 (en) * 1984-12-18 1986-06-25 GN Communications A/S A pay phone system or a pay service system
US4750201A (en) * 1985-09-10 1988-06-07 Plessey Overseas Limited Credit transaction arrangements
DE4133149A1 (en) * 1991-09-30 1993-04-08 Elmeg Kommunikationstech Telephone subscriber's appts. with card reader - used to enter data into group structured memory with connection to card control centre
EP0775991A2 (en) * 1993-07-20 1997-05-28 Koninklijke KPN N.V. Module for securely recording usage data of a card operated device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0185365A1 (en) * 1984-12-18 1986-06-25 GN Communications A/S A pay phone system or a pay service system
US4750201A (en) * 1985-09-10 1988-06-07 Plessey Overseas Limited Credit transaction arrangements
DE4133149A1 (en) * 1991-09-30 1993-04-08 Elmeg Kommunikationstech Telephone subscriber's appts. with card reader - used to enter data into group structured memory with connection to card control centre
EP0775991A2 (en) * 1993-07-20 1997-05-28 Koninklijke KPN N.V. Module for securely recording usage data of a card operated device

Also Published As

Publication number Publication date
WO2000070842A3 (en) 2001-03-29
EP1192795A2 (en) 2002-04-03
FR2793979B1 (en) 2001-06-29
CN1143517C (en) 2004-03-24
FR2793979A1 (en) 2000-11-24
CN1353905A (en) 2002-06-12

Similar Documents

Publication Publication Date Title
EP0426541B1 (en) Method of protection against fraudulent use of a microprocessor card and device for its application
FR2497617A1 (en) SECURITY METHOD AND DEVICE FOR TRIPARTIC COMMUNICATION OF CONFIDENTIAL DATA
EP1055203B1 (en) Protocol between an electronic key and a lock
EP0950307B1 (en) Method and system for ensuring the security of the supply of services of telecommunication operators
EP2193626B1 (en) Secure communication between an electronic label and a reader
EP0780012B1 (en) Method and arrangement for providing selective access to a security system
FR2680892A1 (en) METHOD FOR AUTHENTICATING DATA.
EP3262553B1 (en) Method of transaction without physical support of a security identifier and without token, secured by the structural decoupling of the personal and service identifiers
EP2369780A1 (en) Method and system for validating a transaction, and corresponding transactional terminal and programme
EP3234848A1 (en) Method of dispatching an item of security information and electronic device able to implement such a method
WO2000070842A2 (en) Method for the management of data by a security module and corresponding security module
EP1436792B1 (en) Authentication protocol with memory integrity verification
EP1721246A2 (en) Method and device for performing a cryptographic operation
FR3052895B1 (en) METHOD FOR SENDING SECURITY INFORMATION
EP3343487A1 (en) Method for checking usage habits and electronic device capable of implementing such a method
EP1912182A1 (en) Authorisation of a transaction between an electronic circuit and a terminal
EP1269431B1 (en) Method for protecting an electronic chip against fraud
FR2566155A1 (en) METHOD AND SYSTEM FOR ENCRYPTING AND DESCRIBING INFORMATION TRANSMITTED BETWEEN A TRANSCEIVER DEVICE AND A RECEIVER DEVICE
FR2869702A1 (en) Pre-paid or post paid telephonic service accessing method for e.g. telephone, involves utilizing memory key comprising universal serial bus connection as information storage media for authentication of user account
FR3051276B1 (en) METHODS OF IMPLEMENTING A TRANSACTION VIA A MOBILE TERMINAL
EP1779340B1 (en) Token sequence payment system
EP1064776A1 (en) Method for securely managing a units counter and security module implementing said method
EP1420373A1 (en) Code control for virtual prepaid card
WO2016034812A1 (en) Securing of encryption keys for transactions on a device lacking a secure module
FR2892875A1 (en) METHOD OF SECURING PAYMENTS BY CUTTING AMOUNTS

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 00808246.4

Country of ref document: CN

AK Designated states

Kind code of ref document: A2

Designated state(s): CN MX US

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
AK Designated states

Kind code of ref document: A3

Designated state(s): CN MX US

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

WWE Wipo information: entry into national phase

Ref document number: 2000931312

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2000931312

Country of ref document: EP

WWW Wipo information: withdrawn in national office

Ref document number: 2000931312

Country of ref document: EP