Classifications

• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
  • H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
• • G—PHYSICS
  • G06—COMPUTING OR CALCULATING; COUNTING
  • G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
  • G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
  • G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
  • G06K19/067—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
  • G06K19/07—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
  • H04L2209/60—Digital content management, e.g. content distribution
  • H04L2209/603—Digital right managament [DRM]
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
  • H04L2209/80—Wireless

Definitions

• the present invention relates to a method for producing a secure counter on an on-board computer system having a smart card.
• a monotone counter is a counter that ensures that its value changes with each call, that is to say, it never returns twice the same value.
• Such counters are very useful in computer systems for example for the generation of unique identifiers, as well as for the fight against so-called "replay” security attacks (an attacker having spotted at a moment t a value which is authorized may at the instant t + delta, "replay", that is to say, provide the value previously identified in the hope that it will always be authorized by the system).
• Monotonic counters are also mostly incremental because it does not present any particular difficulty to implement. In this case, the meter further provides the guarantee that each call, it returns a larger value than the previous call. Time is for example a universal incremental source. Monotonic incremental counters are particularly interesting for ordering events by compared to others. For example, in some timestamp systems, one simply wants to know that document A was archived before document B. Rather than using an internal clock (usually expensive, not precise and not secure - that is, say that an attacker could change the time at will), computer systems commonly use an incremental monotone counter.
• Monotonous incremental counters are also very popular in DRM (Digital Rights Management), especially to control that a previously played song can not be played once the associated rights expire.
• DRM Digital Rights Management
• the object of the invention is more particularly to provide a reliable and inexpensive solution for producing a monotonic counter, in cases where the on-board environment has an intelligent smart card (this is particularly the case for mobile phones, with the SIM card).
• the requesting entity ER may act on behalf of another application, a system or a natural person interacting with the onboard system.
• the requesting entity ER will be previously authenticated.
• the counter request will only be executed if authentication has been successful.
• the verification of the signature contained in the response to the counter request can be performed using a public key stored in persistent memory on the embedded system.
• the monotone counter is implemented as an application running within a smart card (equipped with a microprocessor).
• This application can be native (that is to say directly executable directly on the microprocessor) or interpreted by an interpretation engine (example: a Java virtual machine, a script interpreter ).
• an interpretation engine example: a Java virtual machine, a script interpreter .
• Hardware resistance in terms of security
• the single figure is a block diagram illustrating the operation detail of the monotone counter in the case where the public key is on the embedded system.
• the embedded system has a smart card (block 2) comprising a private persistent memory (block 3) in which is stored a counter Cpt, a private key Cf stored in the part of the zone rewritable persistent memory (block 3), read-protected, and an FC count function.
• a smart card comprising a private persistent memory (block 3) in which is stored a counter Cpt, a private key Cf stored in the part of the zone rewritable persistent memory (block 3), read-protected, and an FC count function.
• the counter Cpt and the private key Cf are accessible from the only counting function FC.
• the modification of the counter Cpt by the counting function FC consists of a increment +1.
• This application which uses the private key Cf, can be automatically launched as soon as the card 2 is powered on, or manually by the owner of the card 2. It responds to requests made by a caller from outside the card.
• the embedded system 1 further comprises a public key Cp (or a public key certificate Cep) stored in a public persistent memory (block 6) (ideally, protected in integrity - that is to say that one can not modify it unduly) for example in memory OTP ("One-Time Programmable Memory”: memory programmable once) since such memories do not present any particular problem of integration or financial (mobile phones have for example).
• a public key Cp or a public key certificate Cep
• a public persistent memory block 6
• OTP One-Time Programmable Memory
• This solution which corresponds to that indicated in the single figure, makes it possible to counter the cases where an attacker tries to build a false monotone counter application, with another pair of keys, and replace the authentic public key with the public key of the false application.
• the public key Cp can be stored:
• the smart card (block 2) in cases where the embedded system (block 1) does not have (or not enough) OTP memory, the public key Cp can be kept in the persistent memory (block 3) of the smart card (block 2) To ensure its integrity, the smart card (block 2) must guarantee that no other application than the monotone counter can write / modify this area.
• the public key Cp can also be obtained by the embedded system by other means, for example via a PKI architecture ("Public Key Infrastructure”) dedicated.
• PKI architecture Public Key Infrastructure
• the public key Cp can also be certified by an authority certifying that the public key Cp corresponds to the application of the monotone counter 5. In this case, it is sufficient to store the certificate Cep containing the public key Cp.
• the public key Cp is used to check the counter signature.
• the Requesting Entity ER first sends a monotone counter request to the application 5 located on the smart card (block 2).
• this secret data may be for example a PESF ("Personal Identify Number"), a password or a secret key known to both entities.
• Authenticating the Requesting Entity ER ensures that the Requesting Entity ER is authorized to request a value from the monotone counter and thereby avoid denial of service attacks where an attacker would continually request a value thereby rendering the service unavailable to other (legitimate) callers.
• the application 5 increments its internal counter.
• This counter is saved in the persistent memory (block 3) of the smart card (block 2), and is accessible only to the application of monotone counter 5.
• the counter can be kept encrypted (by the key public application). This prevents unauthorized entities from knowing the current value of the monotone counter. In particular, in case of careful visualization, the value revealed would be encrypted and therefore unusable.
• the current value of the counter is then signed by the private key of the application, and the set value of the counter + signature is returned to the Applicant Entity ER. Finally, the Requesting Entity ER retrieves the public key Cp of the application.
• this public key Cp can be retrieved in memory in the embedded system (block 1), on the smart card (block 2), or from the outside. In the last two cases, it is necessary to check (if it exists) the imprint of the public key Cp, then the signature of the counter. Then if the signature matches, the caller is certain that the value of the counter is authentic. He can use it.
• the monotone counter application 5 is very easily implemented either as a native application (provided access to persistent memory and cryptographic functions is possible), either as interpreted application.
• the application 5 can be implemented as an applet within Java Card (registered trademark).

Landscapes

• Engineering & Computer Science (AREA)
• Computer Security & Cryptography (AREA)
• Computer Networks & Wireless Communication (AREA)
• Signal Processing (AREA)
• Computer Hardware Design (AREA)
• Microelectronics & Electronic Packaging (AREA)
• Physics & Mathematics (AREA)
• General Physics & Mathematics (AREA)
• Theoretical Computer Science (AREA)
• Storage Device Security (AREA)

Priority Applications (5)

Applications Claiming Priority (2)

Publications (1)

Family

ID=36729349

Family Applications (1)

Country Status (7)

Cited By (2)

Families Citing this family (147)

Citations (3)

Family Cites Families (21)

• 2005
  • 2005-12-23 FR FR0513241A patent/FR2895608B1/fr not_active Expired - Fee Related
• 2006
  • 2006-12-14 CN CN2006800525130A patent/CN101379759B/zh active Active
  • 2006-12-14 US US12/158,991 patent/US8082450B2/en active Active
  • 2006-12-14 JP JP2008546510A patent/JP5046165B2/ja active Active
  • 2006-12-14 EP EP06841969.6A patent/EP1964307B8/fr active Active
  • 2006-12-14 KR KR1020087018062A patent/KR101395749B1/ko active Active
  • 2006-12-14 WO PCT/FR2006/002766 patent/WO2007080289A1/fr not_active Ceased

Patent Citations (3)

Also Published As

Similar Documents

Legal Events