WO2002093868A1 - Verfahren zur schlüsselgenerierung für signaturkarten - Google Patents
Verfahren zur schlüsselgenerierung für signaturkarten Download PDFInfo
- Publication number
- WO2002093868A1 WO2002093868A1 PCT/EP2002/005174 EP0205174W WO02093868A1 WO 2002093868 A1 WO2002093868 A1 WO 2002093868A1 EP 0205174 W EP0205174 W EP 0205174W WO 02093868 A1 WO02093868 A1 WO 02093868A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- key
- signature
- key generation
- card
- generation unit
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/02—Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/0806—Details of the card
- G07F7/0813—Specific details related to card security
- G07F7/082—Features insuring the integrity of the data on or in the card
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/062—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys
Definitions
- the invention relates to a method for generating keys for signature cards according to the preamble of claim 1.
- the signature card has, among other things, the task of storing the secret signature key.
- This secret signature key must be generated in a secure environment, the key being generated either in the card itself or outside the card.
- card personalizers for larger quantities of cards, personalization is carried out by card personalizers (example: ec cards, credit cards). Analog transfer of the external key generation to card personalizers is not easily possible due to the high security requirements for signature cards. For this reason, in the case of known concepts, the keys are generated in a high-security environment in a trust center. keys stored in a file and safely brought to the personalizer. This method is also very complex, so that there is no sensible use for the generation of signature keys.
- On-card key generation is simpler, with the key never leaving the signature card, which means that there are no special requirements for the security of the personalization environment. Due to the limited computing speeds that are available in a chip card, i.e. However, the ⁇ C of a chip card is very long, so that this process is also unsuitable for the use of large quantities of cards to be personalized.
- the key generation unit Before or after the generation of the secret key, a session key can be agreed between the key generation unit and the signature card for the later data exchange. Finally, the key for the signature card generated in the key generation unit is transmitted using the session key. Contrary to the prior art, in which the key generation is carried out in a security box and the encrypted key is personalized in the signature card, the personalization taking place in the immediate vicinity of the security box, it is not necessary in a method according to the invention that the key generation units are arranged in a trust center in which the personalization is also carried out.
- the agreement of the session key is advantageously carried out together with an authentication of the key generation unit with respect to the signature card. In this way it can be achieved that the signature card can first check whether the key is actually received by the key generation unit.
- the transmitted secret key can be signed by the key generation unit, so that the authenticity of the key can be determined in the signature card, which also results in an increase in security.
- the key generated is transmitted via an online data line.
- the online data line is preferred, i.e. the transmission path is secured. It is preferably secured by encryption.
- the personalization device with which the secret key is inserted into the signature card generally has a higher throughput than the key generation units, which is partly due to the higher re processing speed of the personalization device is reached, but on the other hand also in that several cards are processed in parallel in the personalization device, it has proven to be advantageous that several key generation units are operated in parallel.
- the coordination between the key generation units and the personalization device is managed by a control computer.
- a personalization device 1 which can personalize several cards 11 sequentially or in parallel.
- the personalization device 1 is connected via a bidirectional data line, which is preferably secured, to a control computer 3, which in turn is connected to a key generation device 2 via a bidirectional data line.
- the control computer can optionally also be part of the key generation device.
- the key generation device contains at least one key generation unit 21, in which the secret key for the signature card or for the signature cards to be processed are generated.
- the key generation device 2 or the key generation units 21 themselves can each be implemented by a signature card.
- the number of key generation units 21 depends on the number of cards to be processed simultaneously or sequentially by the personalization device within a time unit. However, the higher the number of key generation units 21, the smaller the influence of the statistical variation of individual key generation times. In particular when using signature cards as key generation This is important because the generation time for a key with a signature card is in the range from 10 to 40 seconds with 1024-bit encryption and from 100 to 400 seconds with 2048-bit encryption.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Accounting & Taxation (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Finance (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP02742989A EP1393526A1 (de) | 2001-05-14 | 2002-05-10 | Verfahren zur schlüsselgenerierung für signaturkarten |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE10123664.6 | 2001-05-14 | ||
DE2001123664 DE10123664A1 (de) | 2001-05-15 | 2001-05-15 | Verfahren zur Schlüsselgenerierung für Signaturkarten |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2002093868A1 true WO2002093868A1 (de) | 2002-11-21 |
Family
ID=7684896
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2002/005174 WO2002093868A1 (de) | 2001-05-14 | 2002-05-10 | Verfahren zur schlüsselgenerierung für signaturkarten |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP1393526A1 (de) |
DE (1) | DE10123664A1 (de) |
WO (1) | WO2002093868A1 (de) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2706736A1 (de) * | 2007-11-27 | 2014-03-12 | Giesecke & Devrient GmbH | Schreibsystem für portable Datenträger |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102004058020A1 (de) | 2004-12-01 | 2006-06-08 | Siemens Ag | Verfahren zur Personalisierung von Chipkarten |
EP1755092A1 (de) * | 2005-08-01 | 2007-02-21 | Axalto SA | Herstellungsmaschine und Verfahren zur Programmierung von tragbaren Geräten |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5534857A (en) * | 1991-11-12 | 1996-07-09 | Security Domain Pty. Ltd. | Method and system for secure, decentralized personalization of smart cards |
DE19720431A1 (de) * | 1997-05-15 | 1998-11-19 | Beta Research Ges Fuer Entwick | Vorrichtung und Verfahren zur Personalisierung von Chipkarten |
WO1999019846A2 (en) * | 1997-10-14 | 1999-04-22 | Visa International Service Association | Personalization of smart cards |
US6014748A (en) * | 1996-04-15 | 2000-01-11 | Ubiq Incorporated | System and apparatus for smart card personalization |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
SE468068C (sv) * | 1991-09-30 | 1994-04-11 | Comvik Gsm Ab | Förfarande för personifiering av ett aktivt kort, för användning i ett mobiltelefonsystem |
EP0723251A3 (de) * | 1995-01-20 | 1998-12-30 | Tandem Computers Incorporated | Verfahren und Gerät für einen Benützer und Sicherheitsauthentisierungseinrichtung |
FR2786292B1 (fr) * | 1998-11-24 | 2000-12-29 | St Microelectronics Sa | Systeme de test et de personnalisation de circuits integres |
DE19947986A1 (de) * | 1999-10-05 | 2001-04-12 | Ibm | System und Verfahren zum Herunterladen von Anwendungsteilen auf eine Chipkarte |
-
2001
- 2001-05-15 DE DE2001123664 patent/DE10123664A1/de not_active Withdrawn
-
2002
- 2002-05-10 WO PCT/EP2002/005174 patent/WO2002093868A1/de not_active Application Discontinuation
- 2002-05-10 EP EP02742989A patent/EP1393526A1/de not_active Ceased
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5534857A (en) * | 1991-11-12 | 1996-07-09 | Security Domain Pty. Ltd. | Method and system for secure, decentralized personalization of smart cards |
US6014748A (en) * | 1996-04-15 | 2000-01-11 | Ubiq Incorporated | System and apparatus for smart card personalization |
DE19720431A1 (de) * | 1997-05-15 | 1998-11-19 | Beta Research Ges Fuer Entwick | Vorrichtung und Verfahren zur Personalisierung von Chipkarten |
WO1999019846A2 (en) * | 1997-10-14 | 1999-04-22 | Visa International Service Association | Personalization of smart cards |
Non-Patent Citations (1)
Title |
---|
See also references of EP1393526A1 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2706736A1 (de) * | 2007-11-27 | 2014-03-12 | Giesecke & Devrient GmbH | Schreibsystem für portable Datenträger |
Also Published As
Publication number | Publication date |
---|---|
DE10123664A1 (de) | 2002-11-21 |
EP1393526A1 (de) | 2004-03-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1818844B1 (de) | Verfahren zur Benutzung von Sicherheitstoken | |
DE69829642T2 (de) | Authentifizierungssystem mit chipkarte | |
DE4142964C2 (de) | Datenaustauschsystem mit Überprüfung der Vorrichtung auf Authentisierungsstatus | |
EP2689553B1 (de) | Kraftwagen-steuergerät mit kryptographischer einrichtung | |
EP0030381B1 (de) | Verfahren und Vorrichtung zur Erzeugung und späteren Kontrolle von gegen Nachahmung, Verfälschung und Missbrauch abgesicherten Dokumenten und Dokument zu dessen Durchführung | |
DE3122534C1 (de) | Verfahren zur Erzeugung sowie Kontrolle von Dokumenten, sowie Dokument und Vorrichtung zur Durchführung des Verfahrens | |
WO2000017826A1 (de) | Vorrichtung zum liefern von ausgangsdaten als reaktion auf eingangsdaten und verfahren zum überprüfen der authentizität und verfahren zum verschlüsselten übertragen von informationen | |
EP1124206A1 (de) | Verfahren und Anordnung zur gegenseitigen Authentifizierung zweier Datenverarbeitungseinheiten | |
DE3018945A1 (de) | Datenbehandlungsgeraet und verfahren zum sichern der uebertragung von daten | |
EP0654919A2 (de) | Verfahren zur Authentifizierung eines Systemteils durch ein anderes Systemteil eines Informationsübertragungssystems nach dem Challenge-and-Response-Prinzip | |
DE102007011309B4 (de) | Verfahren zur authentisierten Übermittlung eines personalisierten Datensatzes oder Programms an ein Hardware-Sicherheitsmodul, insbesondere einer Frankiermaschine | |
EP2235598B1 (de) | Feldgerät und verfahren zu dessen betrieb | |
DE69330743T2 (de) | Verfahren zur Beurkundung einer Informationseinheit durch eine andere | |
DE102008028701B4 (de) | Verfahren und System zum Erzeugen einer abgeleiteten elektronischen Identität aus einer elektronischen Hauptidentität | |
DE10213658B4 (de) | Verfahren zur Datenübertragung zwischen Komponenten der Bordelektronik mobiler Systeme und solche Komponenten | |
DE19523009C2 (de) | Authentifizierungssystem | |
DE112018007132T5 (de) | Fahrzeuginternes Funktionszugriffkontrollsystem, fahrzeuginterne Vorrichtung und fahrzeuginternes Funktionszugriffkontrollverfahren | |
EP1393526A1 (de) | Verfahren zur schlüsselgenerierung für signaturkarten | |
EP1652337B1 (de) | Verfahren zum signieren einer datenmenge in einem public-key-system sowie ein datenverarbeitungssystem zur durchführung des verfahrens | |
EP1912184A2 (de) | Vorrichtung und Verfahren zur Erzeugung von Daten | |
DE102006049442A1 (de) | Verfahren zum Freischalten einer Chipkarte | |
EP3367285B1 (de) | Terminal, id-token, computerprogramm und entsprechende verfahren zur authentisierung einer zugangsberechtigung | |
DE19801241C2 (de) | Verfahren zur Generierung asymmetrischer Kryptoschlüssel beim Anwender | |
DE10324507A1 (de) | Verfahren zum Laden von Daten in eine Speichereinrichtung | |
EP2230648A1 (de) | Einmalkennwortmaske zum Ableiten eines Einmalkennworts |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2002742989 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 2002742989 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: JP |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: JP |