WO2005024736A1 - Procede de protection cryptographique de la communication avec un support de donnees portable - Google Patents

Procede de protection cryptographique de la communication avec un support de donnees portable Download PDF

Info

Publication number
WO2005024736A1
WO2005024736A1 PCT/EP2004/009692 EP2004009692W WO2005024736A1 WO 2005024736 A1 WO2005024736 A1 WO 2005024736A1 EP 2004009692 W EP2004009692 W EP 2004009692W WO 2005024736 A1 WO2005024736 A1 WO 2005024736A1
Authority
WO
WIPO (PCT)
Prior art keywords
security module
command unit
terminal
data carrier
portable data
Prior art date
Application number
PCT/EP2004/009692
Other languages
German (de)
English (en)
Inventor
Gisela Meister
Werner Ness
Dirk Wacker
Original Assignee
Giesecke & Devrient Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Giesecke & Devrient Gmbh filed Critical Giesecke & Devrient Gmbh
Publication of WO2005024736A1 publication Critical patent/WO2005024736A1/fr

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/22Payment schemes or models
    • G06Q20/229Hierarchy of users of accounts
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token

Definitions

  • the invention relates to a method for cryptographically securing communication with a portable data carrier. Furthermore, the invention relates to a security module for cryptographically securing the communication with a portable data carrier and a terminal with such a security module.
  • Portable data carriers can be used in a wide variety of ways, for example in payment transactions or as identification documents. When using a portable data carrier, it is necessary to communicate with the data carrier.
  • a terminal can be used for communication with the portable data carrier, which also carries out the actions provided for in the respective application.
  • such a terminal can be a payment traffic terminal, with the aid of which the portable data carrier can process a payment.
  • the electronics of the terminal control the processes during the communication with the portable data carrier in a manner analogous to that of an overall protected terminal.
  • cryptographic operations for example, are not carried out by the electronics of the terminal, but by the security module.
  • the data to be subjected to a cryptographic operation are transmitted from the electronics of the terminal to the security module.
  • the cryptographic operation is carried out there and the result of the operation is output to the electronics of the terminal.
  • it is known, for example, to transmit a data field, which is part of the command units, to the security module in order to cryptographically secure command units that the terminal device transmits to the portable data carrier.
  • the security module cryptographically secures the data field and outputs the secured data field to the electronics of the end device.
  • the electronics of the end device including the cryptographically secured data field, generates a command unit in a standardized format and transmits it to the portable data carrier.
  • the invention has for its object to make the cryptographic security of the communication with a portable data carrier as efficient and secure as possible.
  • At least one Kornrnando unit designed and cryptographically secured in a standardized format is transmitted to the portable data carrier.
  • Thieves- A special feature of the method according to the invention is that the command unit, which is designed and cryptographically secured in the standardized format, is provided by a security module.
  • the method according to the invention has the advantage that a high security standard can be achieved with relatively little effort.
  • the processing speed can also be increased compared to processing individual data objects of the command unit.
  • the command unit provided for transmission to the portable data carrier is designed in a standardized format and transmitted to the security module for cryptographic security.
  • the command unit designed in the standardized format is embedded as a data field in a further command unit designed in the standardized format, which is transmitted to the security module for execution.
  • the command unit provided for transmission to the portable data carrier is designed by the security module in the standardized format and is cryptographically secured.
  • the security module in the standardized format and is cryptographically secured.
  • the command module can be designed and secured by the security module on request, so that control over the process can be carried out outside the security module. It is advantageous if the request is directed to the security module by means of a command unit designed in a standardized format.
  • command unit In order to counteract both manipulation and spying, data contained in the command unit can be encrypted for cryptographic protection of the command unit and a cryptographic check sum of the command unit can be added.
  • a particularly high security standard can be achieved by keeping a counter by the security module and taking it into account in the cryptographic security.
  • the command unit is designed in particular as an APDU.
  • the cryptographically secured command unit which is designed in a standardized format, can be transmitted from a terminal to the portable data carrier.
  • the command unit which is designed in a standardized format and is cryptographically secured, can be transmitted beforehand from the security module to the terminal. This gives the terminal the option of further handling the command unit itself.
  • the security module according to the invention is used to cryptographically secure communication with a portable data carrier, in which at least one command unit designed in a standardized format and cryptographically secured is transmitted to the portable data carrier.
  • the special feature of the security module according to the invention is that it has means for providing the standardized Command-trained format and cryptographically secured command unit.
  • the security module according to the invention can in particular be designed as a chip card. This has the advantage that a high security standard can be achieved in an economical manner. Another advantage is that the chip card takes up only a relatively small amount of space.
  • the invention further relates to a terminal for a portable data carrier, which is equipped with the security module according to the invention.
  • a terminal can be manufactured with relatively little effort while maintaining a high security standard.
  • the security module can be removably arranged in the terminal. As a result, the security functionality of the terminal, including the secret data required, can be brought to the desired level with very little effort, if necessary.
  • FIG. 1 shows a schematic representation of a terminal to illustrate a first exemplary embodiment of the method according to the invention
  • FIG. 2 shows a schematic illustration for handling the correspondence of the terminal with the user chip card, including the th data units according to the exemplary embodiment shown in FIG. 1,
  • Fig. 3 is a schematic representation of the process in the user chip card
  • FIG. 4 shows a schematic illustration for handling the communication of the terminal with the user chip card, including the data units used, according to a second exemplary embodiment of the method according to the invention.
  • the terminal 1 shows a schematic illustration of a terminal 1 to illustrate a first exemplary embodiment of the method according to the invention.
  • the terminal 1 has electronics 2, with which the operation of the terminal 1 is controlled and which has an internal interface 3 and an external interface 4.
  • the terminal 1 has a security module 5, which is connected to the internal interface 3 and can be designed, for example, in the form of a chip card inserted into the terminal 1.
  • the security module 5 is designed in such a way that the data stored therein and the operations performed with it are protected against spying and manipulation. All secret data of the terminal 1 are stored in the security module 5. Furthermore, all security-relevant operations of the terminal 1 are handled by the security module 5. This eliminates the need to provide complex measures to protect the electronics 2 of the terminal 1.
  • a user chip card 6 is temporarily inserted into the terminal 1 and thereby connected to the external interface 4, so that a com- Communication between the electronics 2 of the terminal 1 and the user chip card 6 is possible.
  • the communication is carried out with the aid of a standardized transmission protocol, with which commands from the electronics 2 of the terminal 1 are transmitted to the user chip card 6.
  • the user chip card 6 executes the commands and transmits responses dependent on the result of the execution to the electronics 2 of the terminal 1.
  • the commands and the responses are each sent to the transmission in the form of standardized data units. These data units are usually referred to as APDUs or written out as application protocol data units.
  • the APDUs that contain a command are called command APDUs or command APDUs or C-APDUs for short.
  • the data units transmitted in response to a command APDU are called response APDUs or response APDUs or R-APDUs.
  • the name APDU is primarily used for the command APDUs.
  • the response APDUs are then simply referred to as the response. To avoid confusion, the first detailed notation is used below.
  • the structure of the command APDUs and the response APDUs is explained in more detail with reference to FIG. 2.
  • the communication is cryptographically secured. Cryptographically secured communication between the terminal 1 and the user chip card 6 is carried out as follows within the scope of the invention:
  • a step SI the electronics 2 of the terminal 1 transmit a command APDU intended for transmission to the user chip card 6 in plain text to the security module 5 via the internal interface 3 without causing the command APDU to be executed.
  • the Si Security module 5 carries out cryptographic protection of the command APDU and transmits the cryptographically secured command APDU in a step S2 to the electronics 2 of the terminal 1 via the internal interface 3.
  • the transmission also takes place in step S2 so that the command is executed - APDU is omitted.
  • the procedure in this regard is explained with reference to FIG. 3.
  • the electronics 2 of the terminal 1 sends the cryptographically secured command APDU in a step S3 via the external interface 4 for execution to the user chip card 6.
  • the user chip card 6 executes the command APDU and responds in a step S4 with a cryptographically secured response APDU, which is supplied to the electronics 2 of the terminal 1 via the external interface 4.
  • a step S5 the electronics 2 of the terminal 1 forwards the encrypted data of the cryptographically secured response APDU to the security module 5 via the internal interface 3.
  • the security module 5 determines the data of the response APDU in plain text and transmits them in a step S6 to the electronics 2 of the terminal 1 via the internal interface 3. Details of the procedure described above are explained with reference to FIG. 2.
  • FIG. 2 shows a schematic illustration for handling the communication of the terminal 1 with the user chip card 6 including the data units used according to the exemplary embodiment shown in FIG. 1.
  • the data flow between the electronics 2 of the terminal 1 and the two interfaces 3 and 4 is shown in each case.
  • the forwarding of the data units between the internal interface 3 and the security module 5 and between the external interface 4 and the user chip card 6 takes place as in FIG. 1 shown.
  • C-APDU command APDU
  • Lc field Three elements are provided as the body, which are designated as Lc field, data field and Le field.
  • the class byte CLA can be used to identify applications and their specific instruction set.
  • the instruction byte INS represents an encoding of the command of the command APDU, the command being specified in more detail by the parameter bytes P1 and P2.
  • the elements Lc field and Le field represent length specifications. Lc field specifies the length of the data part that is sent with the command APDU.
  • Le field specifies the length of the data expected for the corresponding response APDU (R-APDU). The data itself is contained in the element data field.
  • step SI Since the command APDU in step SI is not transmitted to the security module 5 for execution, but rather for the implementation of cryptographic security measures, it is packaged overall for transmission in another command APDU, ie it is part of the data field element of the further command. APDU.
  • the security module 5 takes the command APDU transmitted in step SI from the element data field of the further command APDU and carries out cryptographic protection of the command APDU.
  • This protection can consist, for example, of adding a cryptographic checksum to the command APDU and encrypting the data contained in the data field element.
  • the elements Lc field, data field and Le field of the command APDU are changed to new Lc field, new data field and new Le field by the cryptographic security and the command APDU is designed for secure messaging (SM). Secure messaging and / or an indication of whether the command header is included in a MAC calculation (Message Au- thentication code) is received.
  • a CLA byte that indicates secure messaging is called CLA *.
  • the response APDU consists of a body and a trailer as standard, the body having an element data field for receiving data and the trailer containing two status words SW1 and SW2.
  • the status words SW1 and SW2 contain information about the execution of the command APDU from which the response APDU was triggered.
  • the response APDU transmitted in step S2 is not itself cryptographically secured, but contains a cryptographically secured command APDU in the element data field.
  • the electronics 2 of the terminal 1 takes the cryptographically secured command APDU from the data field element of the response APDU transmitted in step S2 and sends them in step S3 to the user chip card 6 for execution via the external interface 4. Details of this embodiment are provided explained with reference to FIG. 3. As a result of the execution, in step S4 the user chip card 6 transmits a cryptographically secured response APDU via the external interface 4 to the electronics 2 of the terminal 1. Since the electronics 2 of the terminal 1 contains the cryptographically secured data in the element data field of the response. APDU cannot evaluate them, packs them into a command APDU and sends them in step S5 via the internal interface 3 to the security module 5.
  • the security module 5 decrypts the cryptographically secured data of the element data field of the transmitted command APDU, checks the MAC and sends the decrypted data in the form of a in step S6 Answer APDU via the internal interface 3 to the electronics 2 of the terminal 1.
  • a complete command APDU for cryptographic security is transmitted from the electronics 2 of the terminal 1 to the security module 5 in the manner described above.
  • the cryptographically secured command APDU is sent back to the electronics 2 of the terminal 1 and from there forwarded to the user chip card 6 for execution.
  • step S7 the secure messaging data of the command APDU is checked by a secure messaging layer of the user chip card 6.
  • step S8 the command APDU is executed.
  • a response APDU is then generated in a step S9.
  • the response APDU is cryptographically secured in a step S10 and output to the terminal 1.
  • FIG. 4 shows a schematic illustration for handling the communication of the terminal 1 with the user chip card 6 including the data units used according to a second exemplary embodiment of the method according to the invention.
  • the second exemplary embodiment differs from the first exemplary embodiment essentially in that the security module 5 is able to design command APDUs provided for the transmission to the user chip card 6, ie for the cryptographic protection of the APDUs they do not have to be clear in advance the electronics 2 of the terminal 1 are transmitted to the security module 5.
  • the Security module 5 protocol sequences for data exchange with the user chip card 6 are known.
  • secure communication of the terminal 1 with the user chip card 6 in the second exemplary embodiment can take place as follows:
  • a step S11 the electronics 2 of the terminal 1 transmit a command APDU for execution to the security module 5 in plain text via the internal interface 3 in order to select a desired application.
  • the security module 5 also replies in plain text with a response APDU. This answer does not have a data field element, since only the execution of the selection is confirmed.
  • the electronics 2 of the terminal 1 transmit a command APDU in plain text via the internal interface 3 for execution to the security module 5 in order to request a secure command APDU provided for the user chip card 6.
  • the security module 5 determines the desired cryptographically secured command APDU.
  • steps S2 to S6 of the first exemplary embodiment follow in an identical manner, i.
  • the cryptographically secured command APDU is transmitted to the electronics 2 of the terminal 1 and from there to the user chip card 6 for execution.
  • the user chip card 6 transmits to the electronics 2 of the terminal 1 a cryptographically secured response APDU, the data of which are forwarded to the security module 5, decrypted by the security module 5 and transmitted back to the electronics 2 of the terminal 1 in plain text.
  • the security module 5 can be designed in such a way that it is able to keep counters, to increase them and to take them into account in the cryptographic security. Furthermore, the security module 5 can in each case be able to take challenges into account in the cryptographic security. For this purpose, the challenge is transferred to the security module 5 or generated in the security module 5. The cryptographic keys and the managed counters can be negotiated in an authentication between the security module 5 and the user chip card 6. There is also the possibility that these are transferred to the security module 5 or are already present in the security module 5.
  • the security module 5 provides cryptographically secured response APDUs analogously to the procedure described above.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Finance (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé de protection cryptographique de la communication avec un support de données (6) portable. Au moins une unité de commande réalisée dans un format standard et protégée par voie cryptographique est transmise au support de données (6) portable. Ce procédé est caractérisé en ce que l'unité de commande réalisée dans un format standard et protégé par voie cryptographique est mise à dispositif par un module de sécurité (5).
PCT/EP2004/009692 2003-09-01 2004-08-31 Procede de protection cryptographique de la communication avec un support de donnees portable WO2005024736A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE10340181.4 2003-09-01
DE10340181A DE10340181A1 (de) 2003-09-01 2003-09-01 Verfahren zur kryptographischen Absicherung der Kommunikation mit einem tragbaren Datenträger

Publications (1)

Publication Number Publication Date
WO2005024736A1 true WO2005024736A1 (fr) 2005-03-17

Family

ID=34202291

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2004/009692 WO2005024736A1 (fr) 2003-09-01 2004-08-31 Procede de protection cryptographique de la communication avec un support de donnees portable

Country Status (2)

Country Link
DE (1) DE10340181A1 (fr)
WO (1) WO2005024736A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9076280B2 (en) 2010-02-05 2015-07-07 Giesecke & Devrient Gmbh Completion of portable data carriers

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102006047650A1 (de) * 2006-10-09 2008-04-10 Giesecke & Devrient Gmbh Kryptographische Berechnungen für VoIP-Verbindung
DE102009037223A1 (de) * 2009-08-12 2011-02-17 Deutsche Telekom Ag Verfahren und Vorrichtung zum Ausführen von Anwendungen in einer sicheren, autonomen Umgebung

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5577121A (en) * 1994-06-09 1996-11-19 Electronic Payment Services, Inc. Transaction system for integrated circuit cards
EP0807907A1 (fr) * 1996-05-13 1997-11-19 Thomas De La Rue Limited Système pour l'accès sécurisé aux données de cartes intelligentes
EP0889449A1 (fr) * 1997-07-01 1999-01-07 International Business Machines Corporation Module de paiement intégré pour un terminal
FR2765985A1 (fr) * 1997-07-10 1999-01-15 Gemplus Card Int Procede de gestion d'un terminal securise
WO1999062037A1 (fr) * 1998-05-22 1999-12-02 Activcard Terminal et systeme pour la mise en oeuvre de transactions electroniques securisees
WO2001086580A1 (fr) * 2000-05-09 2001-11-15 Wincor Nixdorf International Gmbh Utilisation d'un module de securite dans un lecteur de cartes
WO2001095274A1 (fr) * 2000-06-08 2001-12-13 Bull Cp8 Procede de securisation de la phase de pre-initialisation d'un systeme embarque a puce electronique, notamment d'une carte a puce, et systeme embarque mettant en oeuvre le procede
FR2825495A1 (fr) * 2001-05-31 2002-12-06 Schlumberger Systems & Service Terminal electronique de paiement, carte a puce adaptee a un tel terminal et procede de chargement d'une cle secrete dans un tel terminal
WO2003075232A1 (fr) * 2002-03-01 2003-09-12 Activcard Ireland, Limited Procede et systeme permettant d'effectuer des changements de configuration et de donnees post-emission dans un dispositif de securite personnelle utilisant un canal de communication

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5923759A (en) * 1995-04-20 1999-07-13 Lee; Philip S. System for securely exchanging data with smart cards
WO1999064996A1 (fr) * 1998-06-05 1999-12-16 Landis & Gyr Communications S.A.R.L. Carte a circuit integre prechargee et procede d'authentification d'une telle carte
US6807561B2 (en) * 2000-12-21 2004-10-19 Gemplus Generic communication filters for distributed applications
FR2822272B1 (fr) * 2001-03-13 2003-06-27 St Microelectronics Sa Carte a puce sans contact avec systeme d'exploitation utilise dans les cartes a contacts et lecteur de telles cartes sans contact
US7363486B2 (en) * 2001-04-30 2008-04-22 Activcard Method and system for authentication through a communications pipe
US20030097582A1 (en) * 2001-11-19 2003-05-22 Yves Audebert Method and system for reducing personal security device latency
JP4348190B2 (ja) * 2001-12-07 2009-10-21 エセブス・リミテッド スマートカード・システム

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5577121A (en) * 1994-06-09 1996-11-19 Electronic Payment Services, Inc. Transaction system for integrated circuit cards
EP0807907A1 (fr) * 1996-05-13 1997-11-19 Thomas De La Rue Limited Système pour l'accès sécurisé aux données de cartes intelligentes
EP0889449A1 (fr) * 1997-07-01 1999-01-07 International Business Machines Corporation Module de paiement intégré pour un terminal
FR2765985A1 (fr) * 1997-07-10 1999-01-15 Gemplus Card Int Procede de gestion d'un terminal securise
WO1999062037A1 (fr) * 1998-05-22 1999-12-02 Activcard Terminal et systeme pour la mise en oeuvre de transactions electroniques securisees
WO2001086580A1 (fr) * 2000-05-09 2001-11-15 Wincor Nixdorf International Gmbh Utilisation d'un module de securite dans un lecteur de cartes
WO2001095274A1 (fr) * 2000-06-08 2001-12-13 Bull Cp8 Procede de securisation de la phase de pre-initialisation d'un systeme embarque a puce electronique, notamment d'une carte a puce, et systeme embarque mettant en oeuvre le procede
FR2825495A1 (fr) * 2001-05-31 2002-12-06 Schlumberger Systems & Service Terminal electronique de paiement, carte a puce adaptee a un tel terminal et procede de chargement d'une cle secrete dans un tel terminal
WO2003075232A1 (fr) * 2002-03-01 2003-09-12 Activcard Ireland, Limited Procede et systeme permettant d'effectuer des changements de configuration et de donnees post-emission dans un dispositif de securite personnelle utilisant un canal de communication

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"ISO/IEC 7816-4 : Interindustry command for interchange", INTERNET ARTICLE, 1 September 1995 (1995-09-01), XP002258173 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9076280B2 (en) 2010-02-05 2015-07-07 Giesecke & Devrient Gmbh Completion of portable data carriers

Also Published As

Publication number Publication date
DE10340181A1 (de) 2005-03-24

Similar Documents

Publication Publication Date Title
EP0355372B1 (fr) Terminal commandé par support de données dans un système d'échange de données
EP2218028B1 (fr) Procédé pour protéger une carte à puce contre une utilisation non autorisée, carte à puce et terminal pour cartes à puce
EP2289225B1 (fr) Procédé pour personnaliser un élément de sécurité d un terminal mobile
EP2215609B1 (fr) Procédé de déverrouillage d'une fonction de carte à puce au moyen d'un contrôle à distance
DE102006024041B4 (de) Verfahren zum Personalisieren eines Sicherheitsmoduls eines Telekommunikations-Endgerätes
EP2122588A2 (fr) Carte à puce ayant une fonction de premier utilisateur, procédé de sélection d'une identification et système informatique
DE19527715C2 (de) Verfahren zur Nutzeridentifikation und -authentifikation bei Datenfunkverbindungen, zugehörige Chipkarten und Endgeräte
EP1073019A2 (fr) Méthode et dispositif pour le transfert de données aux cartes à puce
EP1326216A1 (fr) Procédé et dispositif pour paiements électroniques avec des dispositifs de communication portables
EP1183895A1 (fr) Procede pour la protection de la premiere utilisation d'une carte a puce microprocesseur
WO2005024736A1 (fr) Procede de protection cryptographique de la communication avec un support de donnees portable
EP2996299B1 (fr) Procédé et système d'autorisation d'une action sur un système auto-commandé
EP2715681B1 (fr) Procédé de génération d'un code de déblocage à usage unique, actuellement valide pour un verrou électronique
DE19818998B4 (de) Verfahren zum Schutz vor Angriffen auf den Authentifizierungsalgorithmus bzw. den Geheimschlüssel einer Chipkarte
DE102008047639A1 (de) Verfahren und Vorrichtung zum Zugriff auf ein maschinenlesbares Dokument
WO2004107282A1 (fr) Procede de chargement de supports de donnees portatifs, en donnees
DE10259270A1 (de) Personalisierung von Sicherheitsmoduln
WO2006133934A1 (fr) Procede pour faire fonctionner un support de donnees portable
EP1288768A2 (fr) Clé électronique intelligente
EP1063862A2 (fr) Système et méthode pour la mise en place d'une communication entre un réseau et un terminal
DE102009013551A1 (de) Einmalkennwortmaske zum Ableiten eines Einmalkennworts
DE10300898A1 (de) Authentifizierungsmodul
WO2005073826A1 (fr) Systeme comprenant au moins un ordinateur et au moins un support de donnees portatif
DE19742796C2 (de) Mobiles Funkfernsprechgerät
EP0910841B1 (fr) Systeme de transmission d'informations

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase