WO2006003558A2 - Device for using encrypted data and method thereto - Google Patents

Device for using encrypted data and method thereto Download PDF

Info

Publication number
WO2006003558A2
WO2006003558A2 PCT/IB2005/052062 IB2005052062W WO2006003558A2 WO 2006003558 A2 WO2006003558 A2 WO 2006003558A2 IB 2005052062 W IB2005052062 W IB 2005052062W WO 2006003558 A2 WO2006003558 A2 WO 2006003558A2
Authority
WO
WIPO (PCT)
Prior art keywords
encrypted data
memory
key
datenc
mem2
Prior art date
Application number
PCT/IB2005/052062
Other languages
French (fr)
Other versions
WO2006003558A3 (en
Inventor
Henning Maass
Francesco Gallo
Robert Blake
Original Assignee
Koninklijke Philips Electronics N.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from GB0414648A external-priority patent/GB0414648D0/en
Application filed by Koninklijke Philips Electronics N.V. filed Critical Koninklijke Philips Electronics N.V.
Priority to JP2007518756A priority Critical patent/JP2008504787A/en
Priority to EP05758562A priority patent/EP1763718A2/en
Publication of WO2006003558A2 publication Critical patent/WO2006003558A2/en
Publication of WO2006003558A3 publication Critical patent/WO2006003558A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity

Definitions

  • the invention relates to a device, comprising a first memory, and a more tamper-resistant second memory. Furthermore, the invention relates to a method of using encrypted data stored in said first memory.
  • Permitting only authorized people to access sensitive data is a well known problem in the state of the art.
  • One solution is storing sensitive data in a tamper-resistant area that means in a memory which de facto cannot be read out.
  • Such an area is a smart card for example.
  • Smart cards are widely used for sensitive data in particular for monetary applications.
  • the owner of the data carrier is not the owner of the data itself, which data for instance belongs to a bank. Since it requires a lot of technical features to make a memory tamper resistant, smart cards or such memories are comparatively expensive. Hence it is not economic to store larger amounts of data in high secure memories.
  • a solution is to store encrypted data on mass storage devices and to provide associated keys for authorized people.
  • separate data storage means are used for this reason. So a key can be provided in the form of an electronic access card for example. Or a key is delivered on a floppy disk or just printed on a sheet of paper, whereas encrypted data is stored on a public accessible server for example. Presuming that said key does not get into hands of criminals, data is secure. Under certain circumstances it is useful for data on a storage device to be accessible in decrypted format, whereas the owner of the data carrier is not authorized to change or even read the data.
  • An example is an encrypted executable code which has to be decrypted before it can be executed.
  • the problem of the invention is now to overcome aforesaid drawbacks and to provide a device and a method, wherein encrypted data stored on a device can be used in decrypted format without permitting the owner of the device to access said decrypted data.
  • a device comprising:
  • the problem is furthermore solved by a method of using encrypted data stored in a first memory of a device, which device additionally includes a more tamper-resistant second memory, the method comprising the steps of: — reading encrypted data from the first memory,
  • NFC Near Field Communication
  • the NFC evolved from a combination of contactless identification, namely the RFID technology, and interconnection technologies.
  • NFC operates in the 13.56 MHz frequency range, over a distance of typically a few centimeters, but engineers also work on a system which operates with greater distances of up to Im.
  • NFC technology is standardized in ISO 18092, ECMA 340 and ETSI TS 102 190.
  • NFC is also compatible to the broadly established contactless smart card infrastructure based on ISO 14443.
  • NFC Interfaces are nowadays widely used in mobile phones and other mobile devices. Such an interface usually already comprises a tamper- resistant memory and an encrypt/decrypt module as well. Hence it is favorable to use these modules for the invention.
  • One of the imaginable applications of the invention is a device which emulates several smart cards. Such devices are in general known from WO 01/93212 and WO 04/57890 for instance.
  • the device can communicate with a reader (powered reading device for NFC/RFID communication which is normally also provided for writing data).
  • Encrypted data which represents a smart card application is now decrypted and advantageously loaded into the second memory of the NFC interface.
  • the first memory is additionally arranged for storing functions for operating said device.
  • Devices usually comprise an unsecured main memory for storing the operating system of the device.
  • encrypted data as well as functions for the operating system are stored in the first memory. Therefore, the first memory is used in a synergetic way.
  • said second memory is arranged for storing said key.
  • said key for decrypting encrypted data is stored in the device itself.
  • said key should be stored in the tamper-resistant second memory to avoid abusive use of encrypted data.
  • the device only stores encrypted data such as encrypted smart card applications.
  • encrypted data is to be used, an associated key is sent from a reader to the device and used there for decrypting encrypted data.
  • An advantageous embodiment of the invention is given with a method, wherein the following steps are performed for using one of a multitude of encrypted data sets which form said encrypted data: a) generating a random number, b) encrypting said random number with a key associated with an encrypted data set and transmitting it to a remote device, c) receiving a decrypted number from said remote device, d) comparing the generated random number with the received decrypted number, and e) decrypting said encrypted data set with said associated key and storing the decrypted data set in the second memory if the result of the comparison is true and performing steps a) to e) with a key associated with a further encrypted data set if said result is false.
  • a quite similar embodiment is given with a method, wherein the following steps are performed for using one of a multitude of encrypted data sets which form said encrypted data: a) generating a random number and transmitting it to a remote device, b) receiving an encrypted number from said remote device, c) decrypting said encrypted number with a key associated with an encrypted data set, d) comparing the generated random number with the received decrypted number, and e) decrypting said encrypted data set with said associated key and storing the decrypted data set in the second memory if the result of the comparison is true and performing steps c) to e) with a key associated with a further encrypted data set if said result is false.
  • the places of encryption and decryption of said random number change.
  • a random number is encrypted within the reader and decrypted again within the device, whereas in the embodiment indicated above a random number is encrypted within the device and decrypted again within the reader. Since the random number is encrypted only once here, there is an advantage in processing speed. If y is the integer indicating how many cycles are necessary to find a proper key, there are y+1 encrypting or decrypting steps in the present case, whereas 2y steps are needed when the preceding method is used.
  • Yet another advantageous embodiment is a method, wherein the following steps are performed for using one of a multitude of encrypted data sets which form said encrypted data:
  • a geographic location of the device serves for deciding which encrypted data set is to be used.
  • Means for determining the position are GPS receivers for example.
  • a cell identification of a GSM or UMTS network can be used for determining the location of the device if the resulting larger area is also sufficient for a certain application.
  • a preferred embodiment comprises a table where necessary information is linked together.
  • inventive method comprises the initial steps of:
  • a further beneficial method comprises the initial steps of:
  • encrypted data can be transmitted via an insecure connection.
  • an associated key should be transmitted via a secure connection and subsequently be stored in a secure second memory.
  • a near field radio communication which cannot easily be spied out due to the limited range of such a connection is preferred.
  • an encrypted key is transmitted to the device where it is decrypted by means of a secret algorithm, in particular additionally by means of a user input.
  • a code can be sent to a customer by "normal" mail. Afterwards, the customer can download encrypted data as well as an encrypted key. Both encrypted key and code are inputted to a secret algorithm which cannot be spied out as it runs in a tamper-resistant area. The result of this decryption is the key for decrypting encrypted data, which is subsequently stored in second memory.
  • Figure 1 shows service initialization as well as usage of encrypted data.
  • Figure 2 shows an alternative embodiment for setting up a service.
  • Figure 3 shows a method of choosing one of a multitude of encrypted data sets.
  • Figure 4 shows a table for assigning an encrypted data set to a certain location.
  • Figure 1 shows an arrangement comprising a device DEV as well as two remote devices formed by a server SER and a reader RD.
  • Said device DEV which is a mobile phone or a PDA for this example comprises a first memory MEMl and a more tamper- resistant second memory MEM2 as well as an encrypt/decrypt module ENC/DEC.
  • Said first memory MEMl in this example is assumed to be the memory for the operating system and other data necessary for the use of the device DEV. Since there are usually no or only minor procedures to secure the main memory of a device DEV against abusive use it is normally quite easy to change data stored in such a memory.
  • sensitive data for example the IMSI (International Mobile Subscriber Identity) in case of a mobile phone, is stored in a tamper-resistant memory, for example in a SIM (Subscriber Identification Module).
  • SIM Subscriber Identification Module
  • a further example is smart cards which more and more are part of mobile phones or emulated by mobile phones respectively.
  • NFC Near Field Communication
  • This interface accomplishes the short range communication with a reader RD and normally comprises also a tamper-resistant memory as well as means for encrypting and decrypting.
  • second memory MEM2 and the encrypt/decrypt module ENC/DEC are part of an NFC (Near Field Communication) interface INT.
  • the reader RD which is also capable of communication according to the NFC standard transmits encrypted data DATenc to the device DEV (solid line).
  • encrypted data DATenc represents an application for ticketing in public transport which has to be installed in device DEV before it can be used.
  • encrypted data DATenc is therefore stored in first memory MEMl .
  • encrypted data DATenc can be provided by a server SER as well. This is indicated by a dashed line from server SER to device DEV. In this case it is assumed that server SER is part of the internet and holds the aforesaid application. On request it can be downloaded via a comparably fast (and unsecured) internet connection. Said request can be sent to server SER by the device DEV directly or by reader RD.
  • device DEV is ready to use now.
  • key K is sent from reader RD to device DEV in a second step (solid line).
  • encrypted data DATenc is read from first memory MEMl and decrypted by means of the encrypt/decrypt module ENC/DEC and the key K received from reader RD.
  • data DAT is stored in second memory MEM2. Now communication between device DEV and reader RD can take place as it is known from prior art systems.
  • Data DAT can include variables and code as well.
  • key K is stored in device DEV during initialization of an service that means, when encrypted data DATAenc is received from reader RD or server SER. Encrypted data DATAenc can be transmitted via an unsecured communication channel as shown above. The only restriction is that key K is kept secret. Hence the small key K is transmitted via a slow but secure near field communication (dash- and-dot line) and stored in second memory MEM2.
  • device DEV is ready to use now again wherein the procedure can be started manually for example instead of remotely by the reader RD.
  • key K is not received from reader RD but transmitted from second memory MEM2 to the encrypt/decrypt module ENC/DEC.
  • encrypted data DATenc is decrypted and the result of this decryption, data DAT, is stored in second memory MEM2.
  • Communication between device DEV and reader RD can take place as indicated before.
  • the communication channel between device DEV and reader RD is assumed to be secure.
  • second memory MEM2 is tamper resistant as stated before. Hence it is not possible to misuse the key K for abusively changing encrypted data DATAenc and to buy tickets without paying for instance.
  • the advantage of this method is, that applications which generally use large memory spaces can be stored in a cheap standard memory and are temporarily loaded into an expensive tamper-resistant second memory MEM2 which in this way can be shared between several services as explained later in more detail.
  • Figure 2 shows an alternative embodiment of the inventive device DEV again shown in combination with two remote devices formed by a server SER and a reader RD.
  • device DEV comprises a random number generator RAND which is part of NFC interface INT.
  • data DAT can also be transmitted by server SER (dashed line).
  • server SER dashed line
  • a secure communication channel should exist between server SER and device DEV since data DAT is not encrypted. It is also imaginable that data DAT is transmitted via a tamper-resistant communication channel (for example by means of a company internal network) from server SER to reader RD (dash-and-dot line) and then transmitted to device DEV via a short-range radio communication link.
  • FIG. 3 finally shows how encrypted data sets DSlenc.DSxenc can be used.
  • encrypted data DATenc is divided into several encrypted data sets DSlenc.DSnenc which represent different smart card applications, one for public transport, one for cinema ticketing, one for a company identification card, etc.
  • These encrypted data sets DSlenc.DSnenc have been stored before during initialization routines shown in Figure 1 or 2. It is also possible that applications have been stored in a different way, for example directly by the provider of device DEV (e.g. mobile phone).
  • Each encrypted data set DSlenc.DSnenc has an associated key Kl..Kn which is stored in second memory MEM2.
  • device DEV additionally comprises a comparator COMP and reader RD additionally comprises a encrypt/decrypt module ENC/DEC
  • a random number R is generated by the random number generator RAND.
  • this random number R is encrypted with a key Kx which is also used for decrypting an associated encrypted data set DSx.
  • encrypted random number Rene is transmitted to the reader in a third step.
  • encrypted random number Rene is decrypted with a reader key Krd by means of the encrypt/decrypt module ENC/DEC.
  • reader random number Rrd is then sent back to device DEV and compared with the original random number R by means of comparator COMP in a fifth step.
  • keys KL. Kn are tried in the order in which they are stored in second memory MEM2. It is also possible that keys Kl ..Kn have different weights depending on how often they are used thereby reducing the searching time. Here the search is started with the key Kx that has the biggest chance to be the right one.
  • each encrypted data set DSx is associated with two keys. One for decrypting and one which is identical with a reader key Krd.
  • the encrypt/decrypt module ENC/DEC, the random number generator RAND as well as the comparator COMP are not necessarily part of the NFC interface ESfT. Again the arrangement shown is preferred since NFC interface INT as a whole is assumed to be tamper resistant or at least more tamper resistant than the remaining part of the device DEV. It is further imaginable that the random number R is directly sent to the reader RD and encrypted there by means of the encrypt/decrypt module ENC/DEC and the reader key Krd. Subsequently, the encrypted reader random number Rrd is sent back to device DEV where it is decrypted by means of a key Kx associated with an encrypted data set DSxenc. If original random number R and decrypted reader random number Rrd are the same, again the proper encrypted data set DSxenc is found.
  • an identification ID can be sent from reader device RD to device RD for choosing one of a multitude of encrypted data set DSlenc.DSnenc (dash-and-dot line).
  • Device DEV receives identification ID and determines an associated encrypted data set DSx as well as an associated key Kx. For using encrypted data set DSx it is loaded into second memory MEM2 as stated above.
  • the (geographic) position of the device DEV is determined in a first step. This can be accomplished by using the cell identification in case of a mobile phone as well as latitude and longitude when a GPS receiver is available.
  • an encrypted data set DSxenc which is associated with said position is determined and encrypted data set DSxenc is decrypted by means of an associated key Kx in a third step.
  • decrypted data DSx is stored in second memory MEM2 again.
  • a table is stored in device DEV which comprises all aforesaid links.
  • each line representing a separate application has three fields, one for a link to an encrypted data set DSx, one for the key Kx and one for the position.
  • time dependent execution of an application also possible for method according Figure 3).
  • Figure 4 now shows an exemplary table comprising an identification ID of a service, an address ADDR of encrypted data set DSx (emulated smart card) in first memory MEMl, key K, cell identification CID of radio network, latitude LAT and longitude LON as well as the time range TIM.
  • Two applications are currently stored, one for public transport and a further one for cinema ticketing. Since said table comprises keys K it is preferably stored in second memory MEM2.
  • the table can be separated in two parts, the non- critical data being stored in first memory MEMl, sensitive data being stored in second memory MEM2.
  • the first row of the table comprises data of "London Underground", an operator of an underground railroad.
  • the address ADDR of a relevant encrypted data set DSxenc in first memory MEMl is "OFOl”
  • the key K for decrypting said encrypted data set DSxenc is "Al 5B" both in hexadecimal format. It is assumed that a selection of application is done by means of a GPS receiver for London Underground. Therefore, a cell identification CID is omitted.
  • the position where said application is selected is indicated by latitude LAT 0°12'10" and longitude LON 85°52'60" instead.
  • Figure 4 only shows a simplified table. In general there would be more rows indicating different underground stations.
  • a range of latitude LAT and longitude LON could be associated with a certain application. It is assumed that London Underground is open all day long, hence a field for time range TIM is omitted. Therefore, every time when device DEV is at the location indicated above the associated encrypted data set DSxenc is decrypted and stored in second memory MEM2. This can happen on the change of the location as well as on request of an associated reader RD.
  • the second row of the table contains data of "Universal Pictures", a cinema company.
  • the address ADDR of a relevant encrypted data set DSxenc in first memory MEMl is "OFFA”
  • the key K for decrypting said encrypted data set DSxenc is "3421" both in hexadecimal format again.
  • the cell identification of a mobile network is evaluated. Therefore, the field cell identification CID indicates cell ID 06 of British Telecom, a network provider. Accordingly, latitude LAT and longitude LON are omitted.
  • the application for universal pictures is chosen only during opening times which are from 19:00 until 24:00.
  • associated encrypted data set DSxenc is decrypted and stored in second memory MEM2 if device DEV is within cell ID 06 between 19:00 and 24:00.
  • the invention is not limited to smart card applications. Rather any device where encrypted data has to be decrypted is suitable, in particular adapted PCs having a secure second memory. It is not necessary either that device DEV communicates with a reader RD. It is imaginable that communication takes place between two similar devices DEV (e.g. two NFC compatible mobile phones). One application could be the exchange of (digital) money between two phones each with an encrypted account.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a device (DEV) and a corresponding method of using encrypted data (DATenc) stored in a first memory (MEM1) of said device (DEV), which device (DEV) additionally includes a more tamper-resistant second memory (MEM2). Encrypted data (DATenc) is read from the first memory (MEM1), encrypted data (DATenc) is decrypted with an associated key (K), and decrypted data (DAT) is stored in the second memory (MEM2). Hence encrypted data (DATenc) stored on said device (DEV) can be used in decrypted format without permitting the owner of the device (DEV) to access said decrypted data (DAT). One application is the emulation of a multitude of smart card applications by a mobile device.

Description

Device for using encrypted data and method thereto
FIELD OF THE INVENTION
The invention relates to a device, comprising a first memory, and a more tamper-resistant second memory. Furthermore, the invention relates to a method of using encrypted data stored in said first memory.
BACKGROUND OF THE INVENTION
Permitting only authorized people to access sensitive data is a well known problem in the state of the art. One solution is storing sensitive data in a tamper-resistant area that means in a memory which de facto cannot be read out. Such an area is a smart card for example. Smart cards are widely used for sensitive data in particular for monetary applications. Here the owner of the data carrier is not the owner of the data itself, which data for instance belongs to a bank. Since it requires a lot of technical features to make a memory tamper resistant, smart cards or such memories are comparatively expensive. Hence it is not economic to store larger amounts of data in high secure memories.
For those applications a solution is to store encrypted data on mass storage devices and to provide associated keys for authorized people. In general, separate data storage means are used for this reason. So a key can be provided in the form of an electronic access card for example. Or a key is delivered on a floppy disk or just printed on a sheet of paper, whereas encrypted data is stored on a public accessible server for example. Presuming that said key does not get into hands of criminals, data is secure. Under certain circumstances it is useful for data on a storage device to be accessible in decrypted format, whereas the owner of the data carrier is not authorized to change or even read the data. An example is an encrypted executable code which has to be decrypted before it can be executed. But this incorporates a security risk since data is decrypted and since it is quite impossible to make e.g. a hard disk tamper resistant. Hence data would be accessible for the owner of the data carrier who is not allowed to have access. Therefore, a secure memory such as a smart card for example is the data carrier of choice in this case because data (e.g. coded instructions) can simply be stored as it is and is secure anyway. On the other hand, the ever increasing size of data significantly increases technical effort and hence price for producing large memories which are tamper resistant. OBJECT AND SUMMARY OF THE INVENTION
The problem of the invention is now to overcome aforesaid drawbacks and to provide a device and a method, wherein encrypted data stored on a device can be used in decrypted format without permitting the owner of the device to access said decrypted data.
The problem of the invention is solved by a device, comprising:
- a first memory,
- a more tamper-resistant second memory,
- means for reading encrypted data from a first memory, — means for decrypting encrypted data with an associated key, and
- means for storing decrypted data in a second memory.
The problem is furthermore solved by a method of using encrypted data stored in a first memory of a device, which device additionally includes a more tamper-resistant second memory, the method comprising the steps of: — reading encrypted data from the first memory,
- decrypting encrypted data with an associated key, and
- storing decrypted data in the second memory.
In this way it is possible to overcome the restrictions of the prior art. On the one hand it is possible to use a large, cheap (and unsecured) first memory for permanently storing encrypted data and to use a small, expensive (and secure) second memory for temporarily storing decrypted data when it is to be used. This second memory can be shared by several applications which decreases technical effort and costs.
It is advantageous, when said second memory and said decrypting means are part of an NFC interface. The NFC (Near Field Communication) technology evolved from a combination of contactless identification, namely the RFID technology, and interconnection technologies. NFC operates in the 13.56 MHz frequency range, over a distance of typically a few centimeters, but engineers also work on a system which operates with greater distances of up to Im. NFC technology is standardized in ISO 18092, ECMA 340 and ETSI TS 102 190. NFC is also compatible to the broadly established contactless smart card infrastructure based on ISO 14443. NFC Interfaces are nowadays widely used in mobile phones and other mobile devices. Such an interface usually already comprises a tamper- resistant memory and an encrypt/decrypt module as well. Hence it is favorable to use these modules for the invention.
One of the imaginable applications of the invention is a device which emulates several smart cards. Such devices are in general known from WO 01/93212 and WO 04/57890 for instance. When smart card data to be used has to get into the NFC interface, the device can communicate with a reader (powered reading device for NFC/RFID communication which is normally also provided for writing data). According to the invention encrypted data which represents a smart card application is now decrypted and advantageously loaded into the second memory of the NFC interface.
It is further advantageous, when the first memory is additionally arranged for storing functions for operating said device. Devices usually comprise an unsecured main memory for storing the operating system of the device. In this embodiment encrypted data as well as functions for the operating system are stored in the first memory. Therefore, the first memory is used in a synergetic way.
Finally, it is advantageous when said second memory is arranged for storing said key. For some applications it is beneficial when the key for decrypting encrypted data is stored in the device itself. In this case said key should be stored in the tamper-resistant second memory to avoid abusive use of encrypted data.
An advantageous embodiment of the inventive method is further given, when, in case said data is no longer used, the following steps are performed:
- reading data from the second memory,
- encrypting data with associated key, and - storing encrypted data in the first memory.
Here changed data can be stored for later use. Thus data is read from the second memory, encrypted and written back to the first memory to vacate second memory for another application on the one hand and to permanently store changed data on the other hand.
It is also beneficial, when said key is provided by a remote device. In this case the device only stores encrypted data such as encrypted smart card applications. When encrypted data is to be used, an associated key is sent from a reader to the device and used there for decrypting encrypted data.
An advantageous embodiment of the invention is given with a method, wherein the following steps are performed for using one of a multitude of encrypted data sets which form said encrypted data: a) generating a random number, b) encrypting said random number with a key associated with an encrypted data set and transmitting it to a remote device, c) receiving a decrypted number from said remote device, d) comparing the generated random number with the received decrypted number, and e) decrypting said encrypted data set with said associated key and storing the decrypted data set in the second memory if the result of the comparison is true and performing steps a) to e) with a key associated with a further encrypted data set if said result is false. hi case of a multitude of data sets which represent multiple smart card applications for example, it is necessary to decide which of the encrypted data sets is to be used meaning which smart card application is to be presented to a reader. Presuming that a key, which is associated with an encrypted data set, is stored in the device as well as in a reader (further presuming symmetric ciphering) aforesaid sequence is a beneficial procedure for determining which encrypted data set is to be chosen. When asymmetric ciphering is used, private and public keys have to be used instead of the identical keys. Hence the random number can be encrypted with a private key and decrypted with the public key and vice versa. An advantage of this procedure is that a key never appears in the radio communication which otherwise could theoretically be spied out.
A quite similar embodiment is given with a method, wherein the following steps are performed for using one of a multitude of encrypted data sets which form said encrypted data: a) generating a random number and transmitting it to a remote device, b) receiving an encrypted number from said remote device, c) decrypting said encrypted number with a key associated with an encrypted data set, d) comparing the generated random number with the received decrypted number, and e) decrypting said encrypted data set with said associated key and storing the decrypted data set in the second memory if the result of the comparison is true and performing steps c) to e) with a key associated with a further encrypted data set if said result is false. In simple terms, the places of encryption and decryption of said random number change. In the present case a random number is encrypted within the reader and decrypted again within the device, whereas in the embodiment indicated above a random number is encrypted within the device and decrypted again within the reader. Since the random number is encrypted only once here, there is an advantage in processing speed. If y is the integer indicating how many cycles are necessary to find a proper key, there are y+1 encrypting or decrypting steps in the present case, whereas 2y steps are needed when the preceding method is used.
Yet another advantageous embodiment is a method, wherein the following steps are performed for using one of a multitude of encrypted data sets which form said encrypted data:
— determining the position of said device,
— determining an encrypted data set which is associated with said position, and — decrypting said encrypted data set with an associated key and storing the decrypted data set in the second memory.
Here a geographic location of the device serves for deciding which encrypted data set is to be used. Means for determining the position are GPS receivers for example.
Also a cell identification of a GSM or UMTS network can be used for determining the location of the device if the resulting larger area is also sufficient for a certain application.
Finally, the strength of radio signals from several base stations can be evaluated to determine the position more accurately. A preferred embodiment comprises a table where necessary information is linked together.
Of further advantage is a method, wherein the following steps are performed for using one of a multitude of encrypted data sets which form said encrypted data:
— receiving an identification from a remote device,
— determining an encrypted data set which is associated with said identification, and
— decrypting said encrypted data set with an associated key and storing the decrypted data set in second memory.
This is a further possibility to choose a certain encrypted data set by simply sending an identification of an encrypted data set from a reader to the device. Presuming that a service for public transport is called "London underground" a reader would send this information to the device. By means of a table the proper encrypted data set can easily be found.
It is further beneficial when the inventive method comprises the initial steps of:
— storing said encrypted data in said first memory, and
— storing a key for decrypting said encrypted data in said second memory. To set up a service, encrypted data is transmitted from a remote device to the device and stored in a first memory. Since encrypted data normally does not have a security risk, it can be transmitted via an unsecured connection, for instance via an unsecured internet connection. GPRS download is applicable as well. The key can be provided in a shop of a service provider. Coming back to "London Underground", this would mean that a customer brings his device to the shop where an employee of London Underground stores the key into the device. Hence misuse of encrypted data is more or less impossible. A further beneficial method comprises the initial steps of:
- receiving data in decrypted format from a remote device, — generating a random key in said device,
- encrypting said data with said key and storing encrypted data in said first memory, and
- storing said key in said second memory.
In this case it is necessary for data to be transmitted via a secure connection since it is not encrypted. Imaginable possibilities are secure internet connections as well as a near field communication. Further imaginable is service initialization in a shop as mentioned above. When data is received, it is encrypted with a random key. Afterwards encrypted data is stored in a first memory, the key is stored in a second memory therewith completing service initialization. Finally it is advantageous for the inventive method to comprise the initial steps of:
- receiving said encrypted data from a remote device,
- receiving said key via a tamper-resistant communication channel,
- storing said encrypted data it in said first memory, and — storing said key in said second memory.
As stated above, encrypted data can be transmitted via an insecure connection. In contrast, an associated key should be transmitted via a secure connection and subsequently be stored in a secure second memory. Hence a near field radio communication which cannot easily be spied out due to the limited range of such a connection is preferred. It is further possible that an encrypted key is transmitted to the device where it is decrypted by means of a secret algorithm, in particular additionally by means of a user input. Hence a code can be sent to a customer by "normal" mail. Afterwards, the customer can download encrypted data as well as an encrypted key. Both encrypted key and code are inputted to a secret algorithm which cannot be spied out as it runs in a tamper-resistant area. The result of this decryption is the key for decrypting encrypted data, which is subsequently stored in second memory.
It is noted that once a key for an encrypted data set is stored in the second memory, it is easy to update said encrypted data set. Presuming "London underground" has done a software upgrade, the customers can download updated encrypted data via unsecured connections without bringing their devices to shops of a service provider again.
BRIEF DESCRIPTION OF THE DRAWINGS
The invention is now explained in more detail by means of figures which show advantageous embodiments of the invention. It is noted that the examples may not serve to narrow the broad scope of the invention.
Figure 1 shows service initialization as well as usage of encrypted data. Figure 2 shows an alternative embodiment for setting up a service. Figure 3 shows a method of choosing one of a multitude of encrypted data sets. Figure 4 shows a table for assigning an encrypted data set to a certain location.
DESCRIPTION OF EMBODIMENTS
Figure 1 shows an arrangement comprising a device DEV as well as two remote devices formed by a server SER and a reader RD. Said device DEV which is a mobile phone or a PDA for this example comprises a first memory MEMl and a more tamper- resistant second memory MEM2 as well as an encrypt/decrypt module ENC/DEC. Said first memory MEMl in this example is assumed to be the memory for the operating system and other data necessary for the use of the device DEV. Since there are usually no or only minor procedures to secure the main memory of a device DEV against abusive use it is normally quite easy to change data stored in such a memory. Hence sensitive data, for example the IMSI (International Mobile Subscriber Identity) in case of a mobile phone, is stored in a tamper-resistant memory, for example in a SIM (Subscriber Identification Module). A further example is smart cards which more and more are part of mobile phones or emulated by mobile phones respectively. In this context also an interface operating according to the standard for Near Field Communication, NFC for short, has to be mentioned. This interface accomplishes the short range communication with a reader RD and normally comprises also a tamper-resistant memory as well as means for encrypting and decrypting. Hence it is assumed for this example that second memory MEM2 and the encrypt/decrypt module ENC/DEC are part of an NFC (Near Field Communication) interface INT.
The function of the arrangement is as follows: In a first step the reader RD which is also capable of communication according to the NFC standard transmits encrypted data DATenc to the device DEV (solid line). In the present case encrypted data DATenc represents an application for ticketing in public transport which has to be installed in device DEV before it can be used. Upon reception, encrypted data DATenc is therefore stored in first memory MEMl .
Alternatively, encrypted data DATenc can be provided by a server SER as well. This is indicated by a dashed line from server SER to device DEV. In this case it is assumed that server SER is part of the internet and holds the aforesaid application. On request it can be downloaded via a comparably fast (and unsecured) internet connection. Said request can be sent to server SER by the device DEV directly or by reader RD.
In principle, device DEV is ready to use now. Hence, when device DEV is in the vicinity of the reader RD, key K is sent from reader RD to device DEV in a second step (solid line). In a third step encrypted data DATenc is read from first memory MEMl and decrypted by means of the encrypt/decrypt module ENC/DEC and the key K received from reader RD. In a fourth step the result of this decryption, data DAT is stored in second memory MEM2. Now communication between device DEV and reader RD can take place as it is known from prior art systems. Data DAT can include variables and code as well.
In an alternative embodiment key K is stored in device DEV during initialization of an service that means, when encrypted data DATAenc is received from reader RD or server SER. Encrypted data DATAenc can be transmitted via an unsecured communication channel as shown above. The only restriction is that key K is kept secret. Hence the small key K is transmitted via a slow but secure near field communication (dash- and-dot line) and stored in second memory MEM2.
In principle device DEV is ready to use now again wherein the procedure can be started manually for example instead of remotely by the reader RD. Additionally, in contrast to the method indicated above, key K is not received from reader RD but transmitted from second memory MEM2 to the encrypt/decrypt module ENC/DEC. Again encrypted data DATenc is decrypted and the result of this decryption, data DAT, is stored in second memory MEM2. Communication between device DEV and reader RD can take place as indicated before.
The communication channel between device DEV and reader RD is assumed to be secure. Also second memory MEM2 is tamper resistant as stated before. Hence it is not possible to misuse the key K for abusively changing encrypted data DATAenc and to buy tickets without paying for instance. The advantage of this method is, that applications which generally use large memory spaces can be stored in a cheap standard memory and are temporarily loaded into an expensive tamper-resistant second memory MEM2 which in this way can be shared between several services as explained later in more detail.
Figure 2 shows an alternative embodiment of the inventive device DEV again shown in combination with two remote devices formed by a server SER and a reader RD. In addition to Figure 1 device DEV comprises a random number generator RAND which is part of NFC interface INT.
The function of the arrangement of Figure 2 is as follows: First of all unencrypted data DAT is transmitted from the reader RD to device DEV via a short-range communication (solid line) and stored there in second memory MEM2. In a second step a random key K is generated by the random number generator RAND and stored in second memory MEM2 as well as sent to encrypt/decrypt module ENC/DEC. In a third step data DAT is encrypted with said key K by means of encrypt/decrypt module ENC/DEC. Finally, as a result of this step, the encrypted data DATenc is stored in first memory MEMl in a fourth step.
Again the data DAT can also be transmitted by server SER (dashed line). In contrast to the embodiment of Figure 1 here a secure communication channel should exist between server SER and device DEV since data DAT is not encrypted. It is also imaginable that data DAT is transmitted via a tamper-resistant communication channel (for example by means of a company internal network) from server SER to reader RD (dash-and-dot line) and then transmitted to device DEV via a short-range radio communication link.
Figure 3 finally shows how encrypted data sets DSlenc.DSxenc can be used. For this example it is assumed that encrypted data DATenc is divided into several encrypted data sets DSlenc.DSnenc which represent different smart card applications, one for public transport, one for cinema ticketing, one for a company identification card, etc. These encrypted data sets DSlenc.DSnenc have been stored before during initialization routines shown in Figure 1 or 2. It is also possible that applications have been stored in a different way, for example directly by the provider of device DEV (e.g. mobile phone). Each encrypted data set DSlenc.DSnenc has an associated key Kl..Kn which is stored in second memory MEM2. In contrast to Figure 2 device DEV additionally comprises a comparator COMP and reader RD additionally comprises a encrypt/decrypt module ENC/DEC
The function of the arrangement of Figure 3 is as follows: When device DEV is in the proximity of a reader RD it has to be determined which of the applications represented by encrypted data set DSlenc.DSnenc has to be chosen. This can happen by manual selection. But to unburden the user of device DEV, the following procedure is proposed.
In a first step a random number R is generated by the random number generator RAND. In a second step this random number R is encrypted with a key Kx which is also used for decrypting an associated encrypted data set DSx. Subsequently, encrypted random number Rene is transmitted to the reader in a third step. In a fourth step encrypted random number Rene is decrypted with a reader key Krd by means of the encrypt/decrypt module ENC/DEC. As a result of this operation, reader random number Rrd is then sent back to device DEV and compared with the original random number R by means of comparator COMP in a fifth step.
If the result of said comparison is true, meaning that random number R and reader random number Rrd are identical, right key Kx is found (for correct operation symmetrical encryption and identical keys Kx and Krd are assumed). Then in a sixth step encrypted data set Dsxenc, which is associated with said key Kx, is decrypted by means of the encrypt/decrypt module ENC/DEC with key Kx. In a seventh step the result of the decryption, data DSx, is stored in second memory MEM2 (dashed line). Now device DEV is ready to use for public transport for example.
If the result of said comparison is false, meaning that random number R and reader random number Rrd are not identical, a new random number R is generated and the cycle is started again with the next encrypted data set DSx+lenc and the next associated key Kx+1. Said cycle is performed recursively until the result of the aforesaid comparison is true.
It is not essential that keys KL. Kn are tried in the order in which they are stored in second memory MEM2. It is also possible that keys Kl ..Kn have different weights depending on how often they are used thereby reducing the searching time. Here the search is started with the key Kx that has the biggest chance to be the right one.
It is also imaginable that a key different from a key Kx for decrypting an associated encrypted data set DSx is used for choosing the proper application. So each encrypted data set DSx is associated with two keys. One for decrypting and one which is identical with a reader key Krd.
It is further not necessary that symmetrical encryption is used. It is also imaginable that asymmetric encryption using a public and a private key is used.
It should also be noted that the encrypt/decrypt module ENC/DEC, the random number generator RAND as well as the comparator COMP are not necessarily part of the NFC interface ESfT. Anyway the arrangement shown is preferred since NFC interface INT as a whole is assumed to be tamper resistant or at least more tamper resistant than the remaining part of the device DEV. It is further imaginable that the random number R is directly sent to the reader RD and encrypted there by means of the encrypt/decrypt module ENC/DEC and the reader key Krd. Subsequently, the encrypted reader random number Rrd is sent back to device DEV where it is decrypted by means of a key Kx associated with an encrypted data set DSxenc. If original random number R and decrypted reader random number Rrd are the same, again the proper encrypted data set DSxenc is found.
Finally an identification ID can be sent from reader device RD to device RD for choosing one of a multitude of encrypted data set DSlenc.DSnenc (dash-and-dot line). Device DEV receives identification ID and determines an associated encrypted data set DSx as well as an associated key Kx. For using encrypted data set DSx it is loaded into second memory MEM2 as stated above.
In a last embodiment choosing an application is done in a different way. Here the (geographic) position of the device DEV is determined in a first step. This can be accomplished by using the cell identification in case of a mobile phone as well as latitude and longitude when a GPS receiver is available. In a second step an encrypted data set DSxenc which is associated with said position is determined and encrypted data set DSxenc is decrypted by means of an associated key Kx in a third step. Finally, decrypted data DSx is stored in second memory MEM2 again.
Preferably a table is stored in device DEV which comprises all aforesaid links. Hence a line in said table; each line representing a separate application has three fields, one for a link to an encrypted data set DSx, one for the key Kx and one for the position. Also imaginable is the time dependent execution of an application (also possible for method according Figure 3).
Figure 4 now shows an exemplary table comprising an identification ID of a service, an address ADDR of encrypted data set DSx (emulated smart card) in first memory MEMl, key K, cell identification CID of radio network, latitude LAT and longitude LON as well as the time range TIM. Two applications are currently stored, one for public transport and a further one for cinema ticketing. Since said table comprises keys K it is preferably stored in second memory MEM2. Anyway the table can be separated in two parts, the non- critical data being stored in first memory MEMl, sensitive data being stored in second memory MEM2.
The first row of the table comprises data of "London Underground", an operator of an underground railroad. The address ADDR of a relevant encrypted data set DSxenc in first memory MEMl is "OFOl", the key K for decrypting said encrypted data set DSxenc is "Al 5B" both in hexadecimal format. It is assumed that a selection of application is done by means of a GPS receiver for London Underground. Therefore, a cell identification CID is omitted. The position where said application is selected is indicated by latitude LAT 0°12'10" and longitude LON 85°52'60" instead. Figure 4 only shows a simplified table. In general there would be more rows indicating different underground stations. Alternatively, a range of latitude LAT and longitude LON could be associated with a certain application. It is assumed that London Underground is open all day long, hence a field for time range TIM is omitted. Therefore, every time when device DEV is at the location indicated above the associated encrypted data set DSxenc is decrypted and stored in second memory MEM2. This can happen on the change of the location as well as on request of an associated reader RD.
The second row of the table contains data of "Universal Pictures", a cinema company. The address ADDR of a relevant encrypted data set DSxenc in first memory MEMl is "OFFA", the key K for decrypting said encrypted data set DSxenc is "3421" both in hexadecimal format again. In this case the cell identification of a mobile network is evaluated. Therefore, the field cell identification CID indicates cell ID 06 of British Telecom, a network provider. Accordingly, latitude LAT and longitude LON are omitted. In contrast to the service of row 1 the application for universal pictures is chosen only during opening times which are from 19:00 until 24:00. In conclusion, associated encrypted data set DSxenc is decrypted and stored in second memory MEM2 if device DEV is within cell ID 06 between 19:00 and 24:00.
It should be noted that selecting an encrypted data set DSx can be done manually as well. In particular when it is not possible to choose a proper data set DSx automatically this is a valuable additional possibility.
It should further be mentioned that the invention is not limited to smart card applications. Rather any device where encrypted data has to be decrypted is suitable, in particular adapted PCs having a secure second memory. It is not necessary either that device DEV communicates with a reader RD. It is imaginable that communication takes place between two similar devices DEV (e.g. two NFC compatible mobile phones). One application could be the exchange of (digital) money between two phones each with an encrypted account.
Finally, it should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be capable of designing many alternative embodiments without departing from the scope of the invention as defined by the appended claims. In the claims, any reference signs placed in parentheses shall not be construed as limiting the claims. The word "comprising" and "comprises", and the like, does not exclude the presence of elements or steps other than those listed in any claim or the specification as a whole. The singular reference of an element does not exclude the plural reference of such elements and vice- versa. In a device claim enumerating several means, several of these means may be embodied by one and the same item of hardware or software. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.

Claims

1. Device (DEV), comprising:
- a first memory (MEMl),
- a more tamper-resistant second memory (MEM2), - means for reading encrypted data (DATenc) from said first memory (MEMl),
- means for decrypting (ENC/DEC) said encrypted data (DATenc) with an associated key (K), and
- means for storing said decrypted data (DAT) in said second memory (MEM2).
2. Device (DEV) as claimed in claim 1, wherein said second memory (MEM2) and said decrypting means (ENC/DEC) are part of an NFC interface (INT).
3. Device (DEV) as claimed in claim 1, wherein said first memory (MEMl) is additionally arranged for storing functions for operating said device (DEV).
4. Device (DEV) as claimed in one of claims 1 to 3, wherein said second memory (MEM2) is arranged for storing said key (K).
5. Method for using encrypted data (DATenc) stored in a first memory (MEMl) of a device (DEV), which device (DEV) additionally includes a more tamper-resistant second memory (MEM2), the method comprising the steps of:
- reading said encrypted data (DATenc) from said first memory (MEMl), - decrypting said encrypted data (DATenc) with an associated key (K), and
- storing decrypted data (DAT) in said second memory (MEM2).
6. Method as claimed in claim 5 wherein, when said data (DAT) is no longer used, the following steps are performed: - reading said data (DAT) from the second memory (MEM2), - encrypting said data (DAT) with said associated key (K), and
- storing encrypted data (DATenc) in said first memory (MEMl).
7. Method as claimed in claim 5, wherein said key (K) is provided by a remote device (RD).
8. Method as claimed in claim 5, wherein the following steps are performed for using one of a multitude of encrypted data sets (DSlenc.DSnenc) which form said encrypted data (DATenc): a) generating a random number (R), b) encrypting said random number (R) with a key (Kx) associated with an encrypted data set (DSxenc) and transmitting it to a remote device (RD), c) receiving a decrypted number (Rrd) from said remote device (RD), d) comparing said generated random number (R) with the received decrypted number (Rrd), and e) decrypting said encrypted data set (DSxenc) with said associated key (Kx) and storing the decrypted data set (DSx) in said second memory (MEM2) if the result of the comparison is true and performing steps a) to e) with a key (Kx+ 1) associated with a further encrypted data set (DSx+lenc) if said result is false.
9. Method as claimed in claim 5, wherein the following steps are performed for using one of a multitude of encrypted data sets (DSlenc.DSnenc) which form said encrypted data (DATenc): a) generating a random number (R) and transmitting it to a remote device (RD), b) receiving an encrypted number (Rrd) from said remote device (RD), c) decrypting said encrypted number (Rrd) with a key (Kx) associated with an encrypted data set (DSxenc), d) comparing said generated random number (R) with said received decrypted number (Rrd), and e) decrypting said encrypted data set (DSxenc) with said associated key (Kx) and storing the decrypted data set (DSx) in said second memory (MEM2) if the result of the comparison is true and performing steps c) to e) with a key (Kx+ 1) associated with a further encrypted data set (DSx+lenc) if said result is false.
10. Method as claimed in claim 5, wherein the following steps are performed for using one of a multitude of encrypted data sets (DSlenc.DSnenc) which form said encrypted data (DATenc):
- determining the position (CID, LAT, LON) of said device (DEV), - determining an encrypted data set (DSxenc) which is associated with said position (CID, LAT, LON), and
- decrypting said encrypted data set (DSxenc) with an associated key (Kx) and storing the decrypted data set (DSx) in the second memory (MEM2).
11. Method as claimed in claim 5, wherein the following steps are performed for using one of a multitude of encrypted data sets (DSlenc.DSnenc), which form said encrypted data (DATenc):
- receiving an identification (ID) from a remote device (RD),
- determining an encrypted data set (DSxenc) which is associated with said identification (ID), and
- decrypting said encrypted data set (DSxenc) with an associated key (Kx) and storing the decrypted data set (DSx) in the second memory (MEM2).
12. Method as claimed in one of claims 5 to 11, comprising the initial steps of: - storing said encrypted data (DATenc) in said first memory (MEMl), and
- storing a key (K) for decrypting said encrypted data (DATenc) in said second memory (MEM2).
13. Method as claimed in one of claims 5 to 11, comprising the initial steps of: - receiving data (DAT) in decrypted format from a remote device (SER, RD),
- generating a random key (K) in said device (DEV),
- encrypting said data (DAT) with said key (K) and storing the encrypted data (DATenc) in said first memory (MEMl), and
- storing said key (K) in said second memory (MEM2).
14. Method as claimed in one of claims 5 to 11, comprising the initial steps of:
- receiving said encrypted data (DATenc) from a remote device (SER, RD),
- receiving said key (K) via a tamper-resistant communication channel, - storing said encrypted data (DATenc) in said first memory (MEMl), and
- storing said key (K) in said second memory (MEM2).
PCT/IB2005/052062 2004-06-30 2005-06-23 Device for using encrypted data and method thereto WO2006003558A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2007518756A JP2008504787A (en) 2004-06-30 2005-06-23 Apparatus and method using encrypted data
EP05758562A EP1763718A2 (en) 2004-06-30 2005-06-23 Device for using encrypted data and method thereto

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
GB0414648A GB0414648D0 (en) 2004-06-30 2004-06-30 Multi-application communication device
GB0414648.6 2004-06-30
EP04106887 2004-12-22
EP04106887.5 2004-12-22

Publications (2)

Publication Number Publication Date
WO2006003558A2 true WO2006003558A2 (en) 2006-01-12
WO2006003558A3 WO2006003558A3 (en) 2006-03-30

Family

ID=34972270

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2005/052062 WO2006003558A2 (en) 2004-06-30 2005-06-23 Device for using encrypted data and method thereto

Country Status (4)

Country Link
EP (1) EP1763718A2 (en)
JP (1) JP2008504787A (en)
KR (1) KR20070030237A (en)
WO (1) WO2006003558A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8532295B2 (en) 2007-03-07 2013-09-10 Inside Secure Method for the secure loading in a NFC chipset of data allowing access to a service

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1079581A2 (en) * 1999-08-17 2001-02-28 Hewlett-Packard Company Robust encryption and decryption of packetized data transferred across communications networks
US20020129245A1 (en) * 1998-09-25 2002-09-12 Cassagnol Robert D. Apparatus for providing a secure processing environment
WO2003042799A2 (en) * 2001-11-14 2003-05-22 International Business Machines Corporation Device and method with reduced information leakage
US20030235310A1 (en) * 2002-03-20 2003-12-25 Seiko Epson Corporation Data transfer control device, electronic instrument, and data transfer control method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020129245A1 (en) * 1998-09-25 2002-09-12 Cassagnol Robert D. Apparatus for providing a secure processing environment
EP1079581A2 (en) * 1999-08-17 2001-02-28 Hewlett-Packard Company Robust encryption and decryption of packetized data transferred across communications networks
WO2003042799A2 (en) * 2001-11-14 2003-05-22 International Business Machines Corporation Device and method with reduced information leakage
US20030235310A1 (en) * 2002-03-20 2003-12-25 Seiko Epson Corporation Data transfer control device, electronic instrument, and data transfer control method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
MENEZES, VANSTONE, OORSCHOT: "Handbook of Applied Cryptography" 1997, CRC PRESS LLC , USA , XP002344093 page 400 - page 402 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8532295B2 (en) 2007-03-07 2013-09-10 Inside Secure Method for the secure loading in a NFC chipset of data allowing access to a service

Also Published As

Publication number Publication date
KR20070030237A (en) 2007-03-15
WO2006003558A3 (en) 2006-03-30
JP2008504787A (en) 2008-02-14
EP1763718A2 (en) 2007-03-21

Similar Documents

Publication Publication Date Title
CN102204111B (en) Systems, methods, and computer readable media for providing for secure offline data transfer between wireless smart devices
CN100562902C (en) Be used for the method and system that safety management is stored in the data on the electronic tag
US9740847B2 (en) Method and system for authenticating a user by means of an application
US20090018964A1 (en) Methods, systems, and computer program products for performing a transaction in which a certifier provides identification information for authenticating a customer at the point of sale
US20120159612A1 (en) System for Storing One or More Passwords in a Secure Element
US20120123868A1 (en) System and Method for Physical-World Based Dynamic Contactless Data Emulation in a Portable Communication Device
US11943617B2 (en) Method for acquiring access rights to conditional access content
EP3698535A1 (en) Privacy preserving tag
WO2006003562A1 (en) Method of choosing one of a multitude of data sets being registered with a device and corresponding device
EP2779682A2 (en) Method for acquiring access rights to a product or a service and system for implementing this method
US10341301B2 (en) Method for transmitting encrypted data, method for receiving, corresponding devices and computer programs
WO2006003558A2 (en) Device for using encrypted data and method thereto
CN103778530A (en) Industry application account over-the-air transferring method, system and apparatus
CN102487320A (en) Method and system used for automatic teller machine identity authentication
CN1981474A (en) Device for using encrypted data and method thereto
CN106251147A (en) A kind of method of payment and device
KR20050112188A (en) Method and system for adding and issuing finance card function on ic card
KR20050031155A (en) Credit card settlement system using transmission signal of a wireless communication terminal
WO2013130651A2 (en) System for storing one or more passwords in a secure element

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2005758562

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2007518756

Country of ref document: JP

Ref document number: 1020067027585

Country of ref document: KR

WWE Wipo information: entry into national phase

Ref document number: 200580022349.4

Country of ref document: CN

NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Ref document number: DE

WWE Wipo information: entry into national phase

Ref document number: 366/CHENP/2007

Country of ref document: IN

WWP Wipo information: published in national office

Ref document number: 1020067027585

Country of ref document: KR

WWP Wipo information: published in national office

Ref document number: 2005758562

Country of ref document: EP

WWW Wipo information: withdrawn in national office

Ref document number: 2005758562

Country of ref document: EP