WO2005024736A1 - Procede de protection cryptographique de la communication avec un support de donnees portable - Google Patents
Procede de protection cryptographique de la communication avec un support de donnees portable Download PDFInfo
- Publication number
- WO2005024736A1 WO2005024736A1 PCT/EP2004/009692 EP2004009692W WO2005024736A1 WO 2005024736 A1 WO2005024736 A1 WO 2005024736A1 EP 2004009692 W EP2004009692 W EP 2004009692W WO 2005024736 A1 WO2005024736 A1 WO 2005024736A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- security module
- command unit
- terminal
- data carrier
- portable data
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/22—Payment schemes or models
- G06Q20/229—Hierarchy of users of accounts
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/409—Device specific authentication in transaction processing
- G06Q20/4097—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
- G06Q20/40975—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
Definitions
- the invention relates to a method for cryptographically securing communication with a portable data carrier. Furthermore, the invention relates to a security module for cryptographically securing the communication with a portable data carrier and a terminal with such a security module.
- Portable data carriers can be used in a wide variety of ways, for example in payment transactions or as identification documents. When using a portable data carrier, it is necessary to communicate with the data carrier.
- a terminal can be used for communication with the portable data carrier, which also carries out the actions provided for in the respective application.
- such a terminal can be a payment traffic terminal, with the aid of which the portable data carrier can process a payment.
- the electronics of the terminal control the processes during the communication with the portable data carrier in a manner analogous to that of an overall protected terminal.
- cryptographic operations for example, are not carried out by the electronics of the terminal, but by the security module.
- the data to be subjected to a cryptographic operation are transmitted from the electronics of the terminal to the security module.
- the cryptographic operation is carried out there and the result of the operation is output to the electronics of the terminal.
- it is known, for example, to transmit a data field, which is part of the command units, to the security module in order to cryptographically secure command units that the terminal device transmits to the portable data carrier.
- the security module cryptographically secures the data field and outputs the secured data field to the electronics of the end device.
- the electronics of the end device including the cryptographically secured data field, generates a command unit in a standardized format and transmits it to the portable data carrier.
- the invention has for its object to make the cryptographic security of the communication with a portable data carrier as efficient and secure as possible.
- At least one Kornrnando unit designed and cryptographically secured in a standardized format is transmitted to the portable data carrier.
- Thieves- A special feature of the method according to the invention is that the command unit, which is designed and cryptographically secured in the standardized format, is provided by a security module.
- the method according to the invention has the advantage that a high security standard can be achieved with relatively little effort.
- the processing speed can also be increased compared to processing individual data objects of the command unit.
- the command unit provided for transmission to the portable data carrier is designed in a standardized format and transmitted to the security module for cryptographic security.
- the command unit designed in the standardized format is embedded as a data field in a further command unit designed in the standardized format, which is transmitted to the security module for execution.
- the command unit provided for transmission to the portable data carrier is designed by the security module in the standardized format and is cryptographically secured.
- the security module in the standardized format and is cryptographically secured.
- the command module can be designed and secured by the security module on request, so that control over the process can be carried out outside the security module. It is advantageous if the request is directed to the security module by means of a command unit designed in a standardized format.
- command unit In order to counteract both manipulation and spying, data contained in the command unit can be encrypted for cryptographic protection of the command unit and a cryptographic check sum of the command unit can be added.
- a particularly high security standard can be achieved by keeping a counter by the security module and taking it into account in the cryptographic security.
- the command unit is designed in particular as an APDU.
- the cryptographically secured command unit which is designed in a standardized format, can be transmitted from a terminal to the portable data carrier.
- the command unit which is designed in a standardized format and is cryptographically secured, can be transmitted beforehand from the security module to the terminal. This gives the terminal the option of further handling the command unit itself.
- the security module according to the invention is used to cryptographically secure communication with a portable data carrier, in which at least one command unit designed in a standardized format and cryptographically secured is transmitted to the portable data carrier.
- the special feature of the security module according to the invention is that it has means for providing the standardized Command-trained format and cryptographically secured command unit.
- the security module according to the invention can in particular be designed as a chip card. This has the advantage that a high security standard can be achieved in an economical manner. Another advantage is that the chip card takes up only a relatively small amount of space.
- the invention further relates to a terminal for a portable data carrier, which is equipped with the security module according to the invention.
- a terminal can be manufactured with relatively little effort while maintaining a high security standard.
- the security module can be removably arranged in the terminal. As a result, the security functionality of the terminal, including the secret data required, can be brought to the desired level with very little effort, if necessary.
- FIG. 1 shows a schematic representation of a terminal to illustrate a first exemplary embodiment of the method according to the invention
- FIG. 2 shows a schematic illustration for handling the correspondence of the terminal with the user chip card, including the th data units according to the exemplary embodiment shown in FIG. 1,
- Fig. 3 is a schematic representation of the process in the user chip card
- FIG. 4 shows a schematic illustration for handling the communication of the terminal with the user chip card, including the data units used, according to a second exemplary embodiment of the method according to the invention.
- the terminal 1 shows a schematic illustration of a terminal 1 to illustrate a first exemplary embodiment of the method according to the invention.
- the terminal 1 has electronics 2, with which the operation of the terminal 1 is controlled and which has an internal interface 3 and an external interface 4.
- the terminal 1 has a security module 5, which is connected to the internal interface 3 and can be designed, for example, in the form of a chip card inserted into the terminal 1.
- the security module 5 is designed in such a way that the data stored therein and the operations performed with it are protected against spying and manipulation. All secret data of the terminal 1 are stored in the security module 5. Furthermore, all security-relevant operations of the terminal 1 are handled by the security module 5. This eliminates the need to provide complex measures to protect the electronics 2 of the terminal 1.
- a user chip card 6 is temporarily inserted into the terminal 1 and thereby connected to the external interface 4, so that a com- Communication between the electronics 2 of the terminal 1 and the user chip card 6 is possible.
- the communication is carried out with the aid of a standardized transmission protocol, with which commands from the electronics 2 of the terminal 1 are transmitted to the user chip card 6.
- the user chip card 6 executes the commands and transmits responses dependent on the result of the execution to the electronics 2 of the terminal 1.
- the commands and the responses are each sent to the transmission in the form of standardized data units. These data units are usually referred to as APDUs or written out as application protocol data units.
- the APDUs that contain a command are called command APDUs or command APDUs or C-APDUs for short.
- the data units transmitted in response to a command APDU are called response APDUs or response APDUs or R-APDUs.
- the name APDU is primarily used for the command APDUs.
- the response APDUs are then simply referred to as the response. To avoid confusion, the first detailed notation is used below.
- the structure of the command APDUs and the response APDUs is explained in more detail with reference to FIG. 2.
- the communication is cryptographically secured. Cryptographically secured communication between the terminal 1 and the user chip card 6 is carried out as follows within the scope of the invention:
- a step SI the electronics 2 of the terminal 1 transmit a command APDU intended for transmission to the user chip card 6 in plain text to the security module 5 via the internal interface 3 without causing the command APDU to be executed.
- the Si Security module 5 carries out cryptographic protection of the command APDU and transmits the cryptographically secured command APDU in a step S2 to the electronics 2 of the terminal 1 via the internal interface 3.
- the transmission also takes place in step S2 so that the command is executed - APDU is omitted.
- the procedure in this regard is explained with reference to FIG. 3.
- the electronics 2 of the terminal 1 sends the cryptographically secured command APDU in a step S3 via the external interface 4 for execution to the user chip card 6.
- the user chip card 6 executes the command APDU and responds in a step S4 with a cryptographically secured response APDU, which is supplied to the electronics 2 of the terminal 1 via the external interface 4.
- a step S5 the electronics 2 of the terminal 1 forwards the encrypted data of the cryptographically secured response APDU to the security module 5 via the internal interface 3.
- the security module 5 determines the data of the response APDU in plain text and transmits them in a step S6 to the electronics 2 of the terminal 1 via the internal interface 3. Details of the procedure described above are explained with reference to FIG. 2.
- FIG. 2 shows a schematic illustration for handling the communication of the terminal 1 with the user chip card 6 including the data units used according to the exemplary embodiment shown in FIG. 1.
- the data flow between the electronics 2 of the terminal 1 and the two interfaces 3 and 4 is shown in each case.
- the forwarding of the data units between the internal interface 3 and the security module 5 and between the external interface 4 and the user chip card 6 takes place as in FIG. 1 shown.
- C-APDU command APDU
- Lc field Three elements are provided as the body, which are designated as Lc field, data field and Le field.
- the class byte CLA can be used to identify applications and their specific instruction set.
- the instruction byte INS represents an encoding of the command of the command APDU, the command being specified in more detail by the parameter bytes P1 and P2.
- the elements Lc field and Le field represent length specifications. Lc field specifies the length of the data part that is sent with the command APDU.
- Le field specifies the length of the data expected for the corresponding response APDU (R-APDU). The data itself is contained in the element data field.
- step SI Since the command APDU in step SI is not transmitted to the security module 5 for execution, but rather for the implementation of cryptographic security measures, it is packaged overall for transmission in another command APDU, ie it is part of the data field element of the further command. APDU.
- the security module 5 takes the command APDU transmitted in step SI from the element data field of the further command APDU and carries out cryptographic protection of the command APDU.
- This protection can consist, for example, of adding a cryptographic checksum to the command APDU and encrypting the data contained in the data field element.
- the elements Lc field, data field and Le field of the command APDU are changed to new Lc field, new data field and new Le field by the cryptographic security and the command APDU is designed for secure messaging (SM). Secure messaging and / or an indication of whether the command header is included in a MAC calculation (Message Au- thentication code) is received.
- a CLA byte that indicates secure messaging is called CLA *.
- the response APDU consists of a body and a trailer as standard, the body having an element data field for receiving data and the trailer containing two status words SW1 and SW2.
- the status words SW1 and SW2 contain information about the execution of the command APDU from which the response APDU was triggered.
- the response APDU transmitted in step S2 is not itself cryptographically secured, but contains a cryptographically secured command APDU in the element data field.
- the electronics 2 of the terminal 1 takes the cryptographically secured command APDU from the data field element of the response APDU transmitted in step S2 and sends them in step S3 to the user chip card 6 for execution via the external interface 4. Details of this embodiment are provided explained with reference to FIG. 3. As a result of the execution, in step S4 the user chip card 6 transmits a cryptographically secured response APDU via the external interface 4 to the electronics 2 of the terminal 1. Since the electronics 2 of the terminal 1 contains the cryptographically secured data in the element data field of the response. APDU cannot evaluate them, packs them into a command APDU and sends them in step S5 via the internal interface 3 to the security module 5.
- the security module 5 decrypts the cryptographically secured data of the element data field of the transmitted command APDU, checks the MAC and sends the decrypted data in the form of a in step S6 Answer APDU via the internal interface 3 to the electronics 2 of the terminal 1.
- a complete command APDU for cryptographic security is transmitted from the electronics 2 of the terminal 1 to the security module 5 in the manner described above.
- the cryptographically secured command APDU is sent back to the electronics 2 of the terminal 1 and from there forwarded to the user chip card 6 for execution.
- step S7 the secure messaging data of the command APDU is checked by a secure messaging layer of the user chip card 6.
- step S8 the command APDU is executed.
- a response APDU is then generated in a step S9.
- the response APDU is cryptographically secured in a step S10 and output to the terminal 1.
- FIG. 4 shows a schematic illustration for handling the communication of the terminal 1 with the user chip card 6 including the data units used according to a second exemplary embodiment of the method according to the invention.
- the second exemplary embodiment differs from the first exemplary embodiment essentially in that the security module 5 is able to design command APDUs provided for the transmission to the user chip card 6, ie for the cryptographic protection of the APDUs they do not have to be clear in advance the electronics 2 of the terminal 1 are transmitted to the security module 5.
- the Security module 5 protocol sequences for data exchange with the user chip card 6 are known.
- secure communication of the terminal 1 with the user chip card 6 in the second exemplary embodiment can take place as follows:
- a step S11 the electronics 2 of the terminal 1 transmit a command APDU for execution to the security module 5 in plain text via the internal interface 3 in order to select a desired application.
- the security module 5 also replies in plain text with a response APDU. This answer does not have a data field element, since only the execution of the selection is confirmed.
- the electronics 2 of the terminal 1 transmit a command APDU in plain text via the internal interface 3 for execution to the security module 5 in order to request a secure command APDU provided for the user chip card 6.
- the security module 5 determines the desired cryptographically secured command APDU.
- steps S2 to S6 of the first exemplary embodiment follow in an identical manner, i.
- the cryptographically secured command APDU is transmitted to the electronics 2 of the terminal 1 and from there to the user chip card 6 for execution.
- the user chip card 6 transmits to the electronics 2 of the terminal 1 a cryptographically secured response APDU, the data of which are forwarded to the security module 5, decrypted by the security module 5 and transmitted back to the electronics 2 of the terminal 1 in plain text.
- the security module 5 can be designed in such a way that it is able to keep counters, to increase them and to take them into account in the cryptographic security. Furthermore, the security module 5 can in each case be able to take challenges into account in the cryptographic security. For this purpose, the challenge is transferred to the security module 5 or generated in the security module 5. The cryptographic keys and the managed counters can be negotiated in an authentication between the security module 5 and the user chip card 6. There is also the possibility that these are transferred to the security module 5 or are already present in the security module 5.
- the security module 5 provides cryptographically secured response APDUs analogously to the procedure described above.
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Finance (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Storage Device Security (AREA)
Abstract
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE10340181.4 | 2003-09-01 | ||
DE10340181A DE10340181A1 (de) | 2003-09-01 | 2003-09-01 | Verfahren zur kryptographischen Absicherung der Kommunikation mit einem tragbaren Datenträger |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2005024736A1 true WO2005024736A1 (fr) | 2005-03-17 |
Family
ID=34202291
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2004/009692 WO2005024736A1 (fr) | 2003-09-01 | 2004-08-31 | Procede de protection cryptographique de la communication avec un support de donnees portable |
Country Status (2)
Country | Link |
---|---|
DE (1) | DE10340181A1 (fr) |
WO (1) | WO2005024736A1 (fr) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9076280B2 (en) | 2010-02-05 | 2015-07-07 | Giesecke & Devrient Gmbh | Completion of portable data carriers |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102006047650A1 (de) * | 2006-10-09 | 2008-04-10 | Giesecke & Devrient Gmbh | Kryptographische Berechnungen für VoIP-Verbindung |
DE102009037223A1 (de) * | 2009-08-12 | 2011-02-17 | Deutsche Telekom Ag | Verfahren und Vorrichtung zum Ausführen von Anwendungen in einer sicheren, autonomen Umgebung |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5577121A (en) * | 1994-06-09 | 1996-11-19 | Electronic Payment Services, Inc. | Transaction system for integrated circuit cards |
EP0807907A1 (fr) * | 1996-05-13 | 1997-11-19 | Thomas De La Rue Limited | Système pour l'accès sécurisé aux données de cartes intelligentes |
EP0889449A1 (fr) * | 1997-07-01 | 1999-01-07 | International Business Machines Corporation | Module de paiement intégré pour un terminal |
FR2765985A1 (fr) * | 1997-07-10 | 1999-01-15 | Gemplus Card Int | Procede de gestion d'un terminal securise |
WO1999062037A1 (fr) * | 1998-05-22 | 1999-12-02 | Activcard | Terminal et systeme pour la mise en oeuvre de transactions electroniques securisees |
WO2001086580A1 (fr) * | 2000-05-09 | 2001-11-15 | Wincor Nixdorf International Gmbh | Utilisation d'un module de securite dans un lecteur de cartes |
WO2001095274A1 (fr) * | 2000-06-08 | 2001-12-13 | Bull Cp8 | Procede de securisation de la phase de pre-initialisation d'un systeme embarque a puce electronique, notamment d'une carte a puce, et systeme embarque mettant en oeuvre le procede |
FR2825495A1 (fr) * | 2001-05-31 | 2002-12-06 | Schlumberger Systems & Service | Terminal electronique de paiement, carte a puce adaptee a un tel terminal et procede de chargement d'une cle secrete dans un tel terminal |
WO2003075232A1 (fr) * | 2002-03-01 | 2003-09-12 | Activcard Ireland, Limited | Procede et systeme permettant d'effectuer des changements de configuration et de donnees post-emission dans un dispositif de securite personnelle utilisant un canal de communication |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5923759A (en) * | 1995-04-20 | 1999-07-13 | Lee; Philip S. | System for securely exchanging data with smart cards |
WO1999064996A1 (fr) * | 1998-06-05 | 1999-12-16 | Landis & Gyr Communications S.A.R.L. | Carte a circuit integre prechargee et procede d'authentification d'une telle carte |
US6807561B2 (en) * | 2000-12-21 | 2004-10-19 | Gemplus | Generic communication filters for distributed applications |
FR2822272B1 (fr) * | 2001-03-13 | 2003-06-27 | St Microelectronics Sa | Carte a puce sans contact avec systeme d'exploitation utilise dans les cartes a contacts et lecteur de telles cartes sans contact |
US7363486B2 (en) * | 2001-04-30 | 2008-04-22 | Activcard | Method and system for authentication through a communications pipe |
US20030097582A1 (en) * | 2001-11-19 | 2003-05-22 | Yves Audebert | Method and system for reducing personal security device latency |
JP4348190B2 (ja) * | 2001-12-07 | 2009-10-21 | エセブス・リミテッド | スマートカード・システム |
-
2003
- 2003-09-01 DE DE10340181A patent/DE10340181A1/de not_active Withdrawn
-
2004
- 2004-08-31 WO PCT/EP2004/009692 patent/WO2005024736A1/fr active Application Filing
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5577121A (en) * | 1994-06-09 | 1996-11-19 | Electronic Payment Services, Inc. | Transaction system for integrated circuit cards |
EP0807907A1 (fr) * | 1996-05-13 | 1997-11-19 | Thomas De La Rue Limited | Système pour l'accès sécurisé aux données de cartes intelligentes |
EP0889449A1 (fr) * | 1997-07-01 | 1999-01-07 | International Business Machines Corporation | Module de paiement intégré pour un terminal |
FR2765985A1 (fr) * | 1997-07-10 | 1999-01-15 | Gemplus Card Int | Procede de gestion d'un terminal securise |
WO1999062037A1 (fr) * | 1998-05-22 | 1999-12-02 | Activcard | Terminal et systeme pour la mise en oeuvre de transactions electroniques securisees |
WO2001086580A1 (fr) * | 2000-05-09 | 2001-11-15 | Wincor Nixdorf International Gmbh | Utilisation d'un module de securite dans un lecteur de cartes |
WO2001095274A1 (fr) * | 2000-06-08 | 2001-12-13 | Bull Cp8 | Procede de securisation de la phase de pre-initialisation d'un systeme embarque a puce electronique, notamment d'une carte a puce, et systeme embarque mettant en oeuvre le procede |
FR2825495A1 (fr) * | 2001-05-31 | 2002-12-06 | Schlumberger Systems & Service | Terminal electronique de paiement, carte a puce adaptee a un tel terminal et procede de chargement d'une cle secrete dans un tel terminal |
WO2003075232A1 (fr) * | 2002-03-01 | 2003-09-12 | Activcard Ireland, Limited | Procede et systeme permettant d'effectuer des changements de configuration et de donnees post-emission dans un dispositif de securite personnelle utilisant un canal de communication |
Non-Patent Citations (1)
Title |
---|
"ISO/IEC 7816-4 : Interindustry command for interchange", INTERNET ARTICLE, 1 September 1995 (1995-09-01), XP002258173 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9076280B2 (en) | 2010-02-05 | 2015-07-07 | Giesecke & Devrient Gmbh | Completion of portable data carriers |
Also Published As
Publication number | Publication date |
---|---|
DE10340181A1 (de) | 2005-03-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP0355372B1 (fr) | Terminal commandé par support de données dans un système d'échange de données | |
EP2218028B1 (fr) | Procédé pour protéger une carte à puce contre une utilisation non autorisée, carte à puce et terminal pour cartes à puce | |
EP2289225B1 (fr) | Procédé pour personnaliser un élément de sécurité d un terminal mobile | |
EP2215609B1 (fr) | Procédé de déverrouillage d'une fonction de carte à puce au moyen d'un contrôle à distance | |
DE102006024041B4 (de) | Verfahren zum Personalisieren eines Sicherheitsmoduls eines Telekommunikations-Endgerätes | |
EP2122588A2 (fr) | Carte à puce ayant une fonction de premier utilisateur, procédé de sélection d'une identification et système informatique | |
DE19527715C2 (de) | Verfahren zur Nutzeridentifikation und -authentifikation bei Datenfunkverbindungen, zugehörige Chipkarten und Endgeräte | |
EP1073019A2 (fr) | Méthode et dispositif pour le transfert de données aux cartes à puce | |
EP1326216A1 (fr) | Procédé et dispositif pour paiements électroniques avec des dispositifs de communication portables | |
EP1183895A1 (fr) | Procede pour la protection de la premiere utilisation d'une carte a puce microprocesseur | |
WO2005024736A1 (fr) | Procede de protection cryptographique de la communication avec un support de donnees portable | |
EP2996299B1 (fr) | Procédé et système d'autorisation d'une action sur un système auto-commandé | |
EP2715681B1 (fr) | Procédé de génération d'un code de déblocage à usage unique, actuellement valide pour un verrou électronique | |
DE19818998B4 (de) | Verfahren zum Schutz vor Angriffen auf den Authentifizierungsalgorithmus bzw. den Geheimschlüssel einer Chipkarte | |
DE102008047639A1 (de) | Verfahren und Vorrichtung zum Zugriff auf ein maschinenlesbares Dokument | |
WO2004107282A1 (fr) | Procede de chargement de supports de donnees portatifs, en donnees | |
DE10259270A1 (de) | Personalisierung von Sicherheitsmoduln | |
WO2006133934A1 (fr) | Procede pour faire fonctionner un support de donnees portable | |
EP1288768A2 (fr) | Clé électronique intelligente | |
EP1063862A2 (fr) | Système et méthode pour la mise en place d'une communication entre un réseau et un terminal | |
DE102009013551A1 (de) | Einmalkennwortmaske zum Ableiten eines Einmalkennworts | |
DE10300898A1 (de) | Authentifizierungsmodul | |
WO2005073826A1 (fr) | Systeme comprenant au moins un ordinateur et au moins un support de donnees portatif | |
DE19742796C2 (de) | Mobiles Funkfernsprechgerät | |
EP0910841B1 (fr) | Systeme de transmission d'informations |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
122 | Ep: pct application non-entry in european phase |