WO2017163204A1 - Système et procédé de gestion de mémoire - Google Patents

Système et procédé de gestion de mémoire Download PDF

Info

Publication number
WO2017163204A1
WO2017163204A1 PCT/IB2017/051673 IB2017051673W WO2017163204A1 WO 2017163204 A1 WO2017163204 A1 WO 2017163204A1 IB 2017051673 W IB2017051673 W IB 2017051673W WO 2017163204 A1 WO2017163204 A1 WO 2017163204A1
Authority
WO
WIPO (PCT)
Prior art keywords
memory
secure
hash value
output interface
input
Prior art date
Application number
PCT/IB2017/051673
Other languages
English (en)
Inventor
Craig Michael Horn
Original Assignee
Craig Michael Horn
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Craig Michael Horn filed Critical Craig Michael Horn
Publication of WO2017163204A1 publication Critical patent/WO2017163204A1/fr
Priority to ZA2018/06333A priority Critical patent/ZA201806333B/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/77Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2129Authenticate client device independently of the user
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2143Clearing memory, e.g. to prevent the data from being stolen

Definitions

  • This patent application relates to a memory management system and method, typically for a self-authenticating chip.
  • Self-authenticating chips are known in the industry for example as described in published patent application no WO 2015/154185. in order for the self-authenticating chip described in this patent application to work, an area of the memory of the chip needs to be secure so that an authentication code stored in this area of the memory cannot be accessed by anything other than a comparator built into the chip which will use this authentication code for self-authenticating purposes.
  • the present invention provides a memory management system and method which allows an area of a memory (possibly of a standard chip) to be secured for any purpose.
  • a memory management system including: a memory with at least a portion of the memory being designated as a secure portion for secure data storage; an input/output interface for receiving read and write commands from an externa! device; at least one processor having software executing thereon, the processor adapted for: receiving a read or write or delete command from an external device via the input/output interface; determining if the command is addressed to the secure portion of the memory; if the command is addressed to the secure portion of the memory then generating an incorrect reference response and transmitting this via the input/output interface to the externa!
  • the processor may be further adapted so that if the hash value comparison does not match then the processor generates an incorrect reference response and transmits this via the input/output interface to the external device.
  • the processor may be further adapted so that if the hash value comparison does not match then the processor deletes the contents of the secure portion of the memory.
  • the secure data stored in the secure memory portion is an authentication code.
  • the system may be used for a self-authenticating chip.
  • a memory management method including: receiving a read or write or delete command from an external device via an input/output interface; determining if the command is addressed to a secure portion of a memory; if the command is addressed to the secure portion of the memory then generating an incorrect reference response and transmitting this via the input/output interface to the external device; receiving via the input/output interface an access code requesting access to the secure memory portion and in response generating a cryptographic hash value from a secure key and comparing this cryptographic hash value with a stored cryptographic hash value; if the hash value comparison matches then allowing the contents of the secure portion of the memory to be accessed; and if the hash value comparison does not match then ignoring the read or write command.
  • Figure 1 shows a schematic drawing of an example chip in which the present invention is implemented
  • Figure 2 shows a block flow diagram of one example methodology according to the present invention
  • FIG. 3 shows a block flow diagram of another example methodology according to the present invention.
  • Figure 4 shows a block flow diagram of an example methodology of allowing access to the secure memory range.
  • the present invention provides a memory management system and method which allows an area of a memory (possibly of a standard chip) to be secured for any purpose.
  • any form of memory could be protected using the below described methodology including volatile and non-voiatile memories such as protecting the area of a hard drive of a computer or protecting any form of RAM or ROM of a computer or memory of any sort of computing device computing device without limitation.
  • the chip 10 forms part of a credit or debit card which are well-known and are used for payments.
  • the chip could also form part of any other type of card such as a sim cards or an ID card, to name but a few examples.
  • These cards often include an embedded chip which are used to secure the card to make it more difficult to clone the card and then use the cloned card to make fraudulent payments.
  • the embedded chips can also be cloned.
  • the chip 10 includes an input/output interface 12, a processor 14 and a memory 16.
  • the input/output interface 12 is typically via a single t/O port that is controlled by the processor 14 to ensure that communications are standardized, in the form of APDUs (Application Protocol Data Unit).
  • APDUs Application Protocol Data Unit
  • the processor 14 is traditionally an 8-bit microcontroller but increasingly more powerful 16 and 32-bit chips are being used. However, none have multi-threading and other powerful features that are common in standard computers.
  • the processor 14 typically executes machine instructions at a speed of approximately 1 MIPS. A co-processor is often included to improve the speed of encryption computations.
  • the memory 16 is made up of a RAM portion 16a, a ROM portion 16b and an EEPROM (Electrically Erasable PROM) portion 16c.
  • the RAM 16a is needed for fast computation and response. Only a tiny amount is available.
  • the ROM 16b stores the Operating System and other basic software like encryption algorithms.
  • the EEPROM 16c is typically 256K. Unlike RAM, its contents are not lost when power is lost.
  • the card is read by an interface device (IFD) which is usually referred to as a smart card reader.
  • IFD interface device
  • the smart card reader generally supplies power and a clock signal to run programs executing on the chip 10 when it is in contact with the card.
  • the chip 10 acts as nothing more than a storage device when not in contact with the smart card reader.
  • the smart card reader is responsible for opening a communication channel between application software on the smart card reader and the operating system on the chip.
  • This communication channel is half-duplex. This means that data can either flow from the smart card reader to the card or from the card to the smart card reader but data cannot flow in both directions at the same time.
  • the receivers on both the smart card reader and the input/output interface 12 are required to sample the signal on the serial line at the same rate as the transmitters send the data in order for the correct data to be received. This rate is known as the bit rate or baud rate.
  • Data received by and transmitted from the chip 10 is stored in a buffer in the RAM 16a.
  • RAM 16a As there isn't very much RAM, relatively small packets (10 - 100 bytes) of data are moved in each message.
  • an area of the EEPROM 16c needs to be secure so that an authentication code stored in this area of the memory cannot be accessed by anything other than a comparator built into the chip which will use this authentication code for self-authenticating purposes.
  • the present invention addresses this by manipulation of the software and protocols to effect a hidden and inaccessible area within the EEPROM 16c.
  • the ISO standard 7816-4 defines the protocol and APDU structure in accessing the EEPROM.
  • the ROM 16b holds the card operating system and is supplied by the card supplier that emphasizes in smart card operating systems.
  • the card operating system includes the concept of filters. This is a means by which the operating system can transfer control to an application program that has been loaded into the EEPROM memory.
  • the card operating system provides the ability to set a vectored address to a defined memory location. When the operating system is executing it will examine this address at the appropriate moment ⁇ e.g. on receipt of a command from the serial port) and if the address has been set then control will be transferred to the new application program residing in the EEPROM memory.
  • the card operating system allows some flexibility in the way these filters are managed. Security may be enhanced but without having to wait for the delay in reprog ramming (and developing) the mask ROM operating system.
  • the application protocol data units are manipulated either from within the card operating system or by manipulation from an application called in the EEPROM.
  • an application protocol data unit is the communication unit between a smart card reader and a smart card.
  • the structure of the APDU is defined by ISO/I EC 7816-4.
  • a command APDU is sent by the reader to the card - it contains a mandatory 4-byte header and from 0 to 65 535 bytes of data.
  • a response APDU is sent by the card to the reader - it contains from 0 to 65 536 bytes of data, and 2 mandatory status bytes (SW1 , SW2). in any event, in a first embodiment, the card operating system manipulates the APDU and this is illustrated in Figure 2.
  • An APDU is received from the card reader, in this example, self- authentication would have had to occur first.
  • the APDU is then parsed by the card operating system.
  • the card operating system will identify the protocol, then the request. If the request is a read/write command, the card operating system will further investigate the address range that the command has asked to access.
  • a preset (on initialisation of the chip) "protected" or hidden memory range wil! be stored in the card operating system or ROM. if the APDU requests access to the restricted memory area (read/write/delete) by any one of:
  • the card operating system after receiving an APDU request, the card operating system will pass control of the APDU request to an application on the EEPROM, as described above.
  • this APDU requests a read/write to the preset "protected" memory EEPROM address range then the application installed in the EEPROM will stop the card operating system from accessing this memory range by blocking the request either via the card operating system or an assembler written IC microcontroller interrupt call.
  • the card operating system will respond to the card reader with a responding APDU that informs the card reader of an error.
  • the SW1 return status byte of the APDU will have a value of 6B which means - Incorrect reference. If after self authentication the received APDU includes a request for a read for financial data, then the application executing on the EEPROM will respond by performing its task of double encryption of this data and sending that back to the card reader with a successful SW1 response.
  • the application executing on the EEPROM has a unique access code to access the hidden memory when required.
  • This memory range has at its core an assembler routine (referred to in the figure as AWatchX) triggered by an interrupt.
  • AWatchX assembler routine
  • the assembler code is triggered. it will first ask for a cryptographic hash function to proceed.
  • This cryptographic hash function is generated from an embedded secure key SCKeyX within the application program.
  • this secure key may be stored in an unreadable memory area only accessible by authorized access.
  • the cryptographic hash function using the secure key is run over at least part of the AWatchX software, but typically the entire software, to arrive at a hash value.
  • the assembler will allow the EEPROM hidden range to be accessed.
  • microprocessor primitive interrupt is triggered and will respond with a code 6B - Incorrect reference to the card reader and disable the card.
  • the assembler code iabelied AWatchX in Figure 4 is a type of memory barrier.
  • a barrier instruction that causes a CPU or compiler to enforce an ordering constraint on memory operations issued before and after the barrier instruction. This typically means that operations issued prior to the barrier are guaranteed to be performed before operations issued after the barrier.
  • AuthX EEPROM secure memory range
  • the card operating system is a front line filter. So if a request for a valid transaction occurs the ROM card operating system parses the APDU and hands over processing to the CDXDriver application to do self authorisation.
  • the reason for this architecture is to protect the EEPROM directly where a fraudulent access of direct connection to the EEPROM is attempted (bypassing the ROM).
  • an interrupt has been referred to. This includes by means of any conditional command being accessed by means of a priority directive. This is a priority command that is urgent and has a condition in it where it decides on predetermined condition(s) or states whether access to a certain non-volatile memory area is granted?
  • Full-duplex is typically used in non-volatile memory such as in a PC, tablet, laptop environment where the IO bus channels allow full duplex.
  • Another example embodiment of the methodology described above can be used to provide authentication and protection between two physically separate memories managed systems. That is an extended non-physical but logical memory area as in a network or Wi-Fi (LAN or WLAN). This may be a shared memory region spanning multiple disks or separate machines/servers that may or may not be physically located together.
  • LAN local area network
  • WLAN wireless local area network
  • the present invention provides a memory management system and method which allows an area of a memory of a standard chip to be secured for this purpose without any hardware changes to the chip being required.
  • One example implementation of the above methodology is for use in conjunction with a secure communications protocol, one example of which is the public key infrastructure (PKl) or point to point protocol which is based upon the Internet Protocol Security (IPsec) model or methodology.
  • PKl public key infrastructure
  • IPsec Internet Protocol Security
  • the IPsec protocol is basically a digital ianguage that digital devices use to communicate with each other but the protocol does have some limitations.
  • the above described memory management methodology is used to add another layer of security and to introduce authentication and encryption into the communication protocol, for example the IPsec model, as follows.
  • any communication protocol there are two computing devices communicating with one another.
  • a first computer wishing to transmit a data message to a second computer will first self authenticate according to the methodology described above.
  • a hash function using a secure key will be run over a part or the entire software used to access the secure memory portion and a hash value generated. This will be compared with a stored hash value and only if these match will access to the secure memory area be allowed.
  • Stored in the secure memory area will be a common key known to both the first and second computers. This common key will be used to generate another hash value which will be transmitted to the second computer for authentication.
  • a dynamic key is generated based upon the common key together with a date/time element.
  • This dynamic key/token key is then used in the SHA3 hash algorithm to create a hash value on the request for authentication from the sending device.
  • the request data (that is hashed) may be a dedicated (proprietary) string or simpiy part of the standard ATR (answer to request) that is sent between the devices. It is customisable.
  • This hash value together with a date/time stamp is sent to the receiving device.
  • the second computer Upon receiving the hash value and date/time stamp, the second computer will first undergo self-authentication as described above.
  • the receiving computer then computes a hash value of its own with the received data/time stamp and compares. If they match the receiver then creates a hash (with the current data/time - which will differ) and with a new token key (common key -> Trinity-*- date/time generates a common temp/token key) over the standard ATR message and sends this to the sender with the date/time stamp it used.
  • the sender then creates a hash value and compares. If these compare favourably then communication between the first and second computers can continue using the relevant communication protocol such as !Psec, for example.
  • devices will have to first dynamically and mutually authenticate with each other before any encrypted data is sent between them.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mathematical Physics (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un système de gestion de mémoire comprenant une mémoire, au moins une partie de la mémoire étant désignée comme une partie sécurisée pour un stockage de données sécurisé. Une interface d'entrée/sortie est utilisée pour recevoir des instructions de lecture et d'écriture d'un dispositif externe. Un processeur comporte un logiciel s'exécutant sur celui-ci, le processeur étant conçu pour recevoir une instruction de lecture ou d'écriture ou de suppression d'un dispositif externe par le biais de l'interface d'entrée/sortie et pour déterminer si la commande est adressée à la partie sécurisée de la mémoire. Si l'instruction est adressée à la partie sécurisée de la mémoire, une réponse de référence incorrecte est générée, puis celle-ci est transmise au dispositif externe par le biais de l'interface d'entrée/sortie, ce qui interdit l'accès à la zone de mémoire sécurisée. Le processeur reçoit également, par le biais de l'interface d'entrée/sortie, un code d'accès demandant un accès à la partie de mémoire sécurisée et, en réponse, génère une valeur de hachage cryptographique à partir d'une clé sécurisée, puis compare cette valeur de hachage cryptographique à une valeur de hachage cryptographique stockée. Si la comparaison des valeurs de hachage correspond, l'accès au contenu de la partie sécurisée de la mémoire est autorisé et, si la comparaison des valeurs de hachage ne correspond pas, l'instruction de lecture ou d'écriture est ignorée.
PCT/IB2017/051673 2016-03-23 2017-03-23 Système et procédé de gestion de mémoire WO2017163204A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
ZA2018/06333A ZA201806333B (en) 2016-03-23 2018-09-20 A memory management system and method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ZA2016/02025 2016-03-23
ZA201602025 2016-03-23

Publications (1)

Publication Number Publication Date
WO2017163204A1 true WO2017163204A1 (fr) 2017-09-28

Family

ID=58461398

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2017/051673 WO2017163204A1 (fr) 2016-03-23 2017-03-23 Système et procédé de gestion de mémoire

Country Status (2)

Country Link
WO (1) WO2017163204A1 (fr)
ZA (1) ZA201806333B (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019183459A1 (fr) * 2018-03-23 2019-09-26 Micron Technology, Inc. Modification authentifiée de dispositif de stockage
WO2020139539A1 (fr) * 2018-12-28 2020-07-02 Micron Technology, Inc. Limitation d'accès non autorisés à la mémoire
FR3124287A1 (fr) * 2021-06-25 2022-12-23 Orange Procédé et dispositif de contrôle d’accès à un support de stockage.

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8051263B2 (en) * 2007-05-04 2011-11-01 Atmel Corporation Configurable memory protection
US20140189370A1 (en) * 2013-01-02 2014-07-03 Samsung Electronics Co., Ltd. Memory devices, and systems and methods for verifying secure data storage
WO2015154185A1 (fr) 2014-04-09 2015-10-15 Cardex Systems Inc. Puces d'auto-authentification

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8051263B2 (en) * 2007-05-04 2011-11-01 Atmel Corporation Configurable memory protection
US20140189370A1 (en) * 2013-01-02 2014-07-03 Samsung Electronics Co., Ltd. Memory devices, and systems and methods for verifying secure data storage
WO2015154185A1 (fr) 2014-04-09 2015-10-15 Cardex Systems Inc. Puces d'auto-authentification
US20150295920A1 (en) * 2014-04-09 2015-10-15 De Sonneville International Ltd. Self-authenticating chips

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
RONALD FAGIN ET AL: "Comparing information without leaking it", COMMUNICATIONS OF THE ACM, ASSOCIATION FOR COMPUTING MACHINERY, INC, UNITED STATES, vol. 39, no. 5, 1 May 1996 (1996-05-01), pages 77 - 85, XP058213129, ISSN: 0001-0782, DOI: 10.1145/229459.229469 *

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019183459A1 (fr) * 2018-03-23 2019-09-26 Micron Technology, Inc. Modification authentifiée de dispositif de stockage
KR20200123487A (ko) * 2018-03-23 2020-10-29 마이크론 테크놀로지, 인크. 저장 디바이스의 인증 변경
JP2021517409A (ja) * 2018-03-23 2021-07-15 マイクロン テクノロジー,インク. ストレージデバイスの認証修正
KR102420035B1 (ko) 2018-03-23 2022-07-13 마이크론 테크놀로지, 인크. 저장 디바이스의 인증 변경
US11902449B2 (en) 2018-03-23 2024-02-13 Micron Technology, Inc. Storage device authenticated modification
WO2020139539A1 (fr) * 2018-12-28 2020-07-02 Micron Technology, Inc. Limitation d'accès non autorisés à la mémoire
KR20210096685A (ko) * 2018-12-28 2021-08-05 마이크론 테크놀로지, 인크. 부정한 메모리 액세스 완화
US11256427B2 (en) 2018-12-28 2022-02-22 Micron Technology, Inc. Unauthorized memory access mitigation
KR102544548B1 (ko) 2018-12-28 2023-06-20 마이크론 테크놀로지, 인크. 부정한 메모리 액세스 완화
US11755210B2 (en) 2018-12-28 2023-09-12 Micron Technology, Inc. Unauthorized memory access mitigation
FR3124287A1 (fr) * 2021-06-25 2022-12-23 Orange Procédé et dispositif de contrôle d’accès à un support de stockage.
WO2022269207A1 (fr) * 2021-06-25 2022-12-29 Orange Procede et dispositif de controle d'acces a un support de stockage

Also Published As

Publication number Publication date
ZA201806333B (en) 2019-12-18

Similar Documents

Publication Publication Date Title
US11743721B2 (en) Protection of a communication channel between a security module and an NFC circuit
US7636844B2 (en) Method and system to provide a trusted channel within a computer system for a SIM device
US7139915B2 (en) Method and apparatus for authenticating an open system application to a portable IC device
US7010684B2 (en) Method and apparatus for authenticating an open system application to a portable IC device
US7392404B2 (en) Enhancing data integrity and security in a processor-based system
CN108055133B (zh) 一种基于区块链技术的密钥安全签名方法
US7861015B2 (en) USB apparatus and control method therein
US20080155268A1 (en) Secure data verification via biometric input
US9430650B2 (en) Method for managing memory space in a secure non-volatile memory of a secure element
WO2012055166A1 (fr) Dispositif à mémoire amovible et système et procédé de traitement de données basés sur le dispositif
CN107111728B (zh) 安全密钥导出功能
JPWO2004006075A1 (ja) 開放型汎用耐攻撃cpu及びその応用システム
WO2017163204A1 (fr) Système et procédé de gestion de mémoire
JP4744674B2 (ja) プログラムインストール方法、プログラムインストールシステム、プログラム実行装置及び記憶媒体
US20090119516A1 (en) Secure device and reader-writer
US20030191943A1 (en) Methods and arrangements to register code
CA2940465C (fr) Dispositif et methode de securisation de commandes echangees entre un terminal et un circuit integre
CN116868195A (zh) 数据处理方法及系统
CN116226870B (zh) 安全增强系统及方法
Horsch et al. CoKey: fast token-based cooperative cryptography
JP4899499B2 (ja) Icカード発行方法、icカード発行システムおよびicカード
Spitz et al. Silicon-Integrated Security Solutions Driving IoT Security.
KR20200086251A (ko) 비접촉 ic칩 기반 보안 처리 방법
CN116094767A (zh) 一种基于可信执行环境的终端数据安全模型
Karger et al. Design of a Secure Smart Card Operating System for Pervasive Applications

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17714903

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 17714903

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 17714903

Country of ref document: EP

Kind code of ref document: A1