Making secure data exchanges between controllers

US 20030119482A1
Filed: 11/25/2002
Published: 06/26/2003
Est. Priority Date: 05/26/2000
Status: Abandoned Application

First Claim

Patent Images

1. A method for protecting data exchanges between first and second controllers (SIM, CA), the first controller (SIM) managing communications to a telecommunications network (RR) for applications implemented in the second controller, the second controller containing a controller identifier (NS) and keys (KA) of the applications derived from a mother key (KM), characterised by the following steps for each application selected (AP) in the second controller (CA):

transmitting (E3, E4) the identifier (NS) of the second controller (CA) and an identifier (AID) of the selected application (AP) from the second controller (CA) to a distant protection means (SO;

SO, SP) through the first controller (SIM), making a mother key (KM) in the protection means correspond (E5, E9) to the identifier of the second controller (NS), determining (E6, E11) the key (KA) of the selected application according to the selected-application identifier transmitted (AID), the corresponding mother key (KM) and the second-controller identifier (NS) in the protection means, transmitting (E7, E8;

E12-E15) at least one parameter (KA;

SSi, RSi) dependent on the determined application key (KA) from the distant protection means to the first controller (SIM), and using (A11-A25;

a10-a29) the parameter in at least the first controller (SIM) in order to make secure at least one data exchange related to the selected application between the first and second controllers.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention concerns a method for making secure data exchanges between first and second controllers (SIM, CA) such as an identity card (SIM) of a radiotelephone terminal (TE) managing communications to a telecommunications network (RR) for applications in an additional card (CA). A server (SO) of the identity card operator, or a server (SP) of the additional card transmitter matches with the identifier a mother key to determine the key of an application selected in the additional card. At least a parameter depending on the key is transmitted to the identity card (SIM) to make secure a data exchange. The identity card is thus customized on line for each application.

61 Citations

View as Search Results

10 Claims

1. A method for protecting data exchanges between first and second controllers (SIM, CA), the first controller (SIM) managing communications to a telecommunications network (RR) for applications implemented in the second controller, the second controller containing a controller identifier (NS) and keys (KA) of the applications derived from a mother key (KM), characterised by the following steps for each application selected (AP) in the second controller (CA):
- transmitting (E3, E4) the identifier (NS) of the second controller (CA) and an identifier (AID) of the selected application (AP) from the second controller (CA) to a distant protection means (SO;
  
  SO, SP) through the first controller (SIM), making a mother key (KM) in the protection means correspond (E5, E9) to the identifier of the second controller (NS), determining (E6, E11) the key (KA) of the selected application according to the selected-application identifier transmitted (AID), the corresponding mother key (KM) and the second-controller identifier (NS) in the protection means, transmitting (E7, E8;
  
  E12-E15) at least one parameter (KA;
  
  SSi, RSi) dependent on the determined application key (KA) from the distant protection means to the first controller (SIM), and using (A11-A25;
  
  a10-a29) the parameter in at least the first controller (SIM) in order to make secure at least one data exchange related to the selected application between the first and second controllers.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method according to claim 1, according to which the said parameter is the determined application key itself (KA) which is transmitted (E7-E8;
    - E12-E15) in enciphered form (KACI, KAC) from the distant protection means (SO;
      
      SO, SP) to the first controller (SIM).
  - 3. A method according to claim 1 or 2, according to which the distant protection means is a server (SO) in the said telecommunications network (RR) and contains a table (E5) for making sets of second-controller identifiers (NS) correspond to mother keys (KM).
  - 4. A method according to claim 1 or 2, according to which the distant protection means comprises a first server (SO) included in the telecommunications network (RR) and containing a table (E9) for making sets of second-controller identifiers (NS) correspond to addresses (ASP) of second servers, and second servers (SP) connected to the first server (SO) and associated respectively with sets of second-controller identifiers (NS) corresponding to mother keys, and according to which the second server (SP) is addressed by the first server (SO) in response to the identifier (NS) of the second controller transmitted, determines (E11) the key (KA) of the selected application and transmits (E12) at least the said parameter (KA) to the first controller (CA) through the first server (SO).
  - 5. A method according to claim 3 or 4, according to which the said parameter is the determined application key itself (KA) and is used in the first controller (SIM) in order to participate in an authentication (A1) of one of the first and second controllers by the other controller, and then in an authentication (A2) of the other controller by the said controller in response to the authenticity of the said one controller, before executing a selected application session solely in response to the authenticity of the said other controller.
  - 6. A method according to claim 3 or 4, according to which the said parameter is the determined key itself (KA) of the selected application (AP) and is used in the first controller (SIM) in order to determine (A26) an enciphering key (KC) dependent on a first random number (NC) supplied (A12) by the second controller (CA) to the first controller (SIM) and a second random number (NS), which is supplied (A22) by the first controller (SIM) to the second controller (CA) in order to determine (A27) the enciphering key in the second controller, so as to encipher and/or sign (A28, A29) a data unit (APDU) with the enciphering key (KC) to be transmitted from one of the controllers to the other.
  - 7. A method according to claim 4, according to which several sets of parameters (NCi, SSi, NSi, RSi) dependent on the determined key (KA) and not comprising this are transmitted by the second server (SP) to the first controller (SIM), and each set of parameters comprises a number (NCi) which is determined according to the determined key (KA) and a respective integer number (NSE), a signature (SSi) resulting from the application of the determined key (KA) and the determined number (NCi) to a first algorithm (AA1), a random number (NSi), and a result (RSi) resulting from the application of the determined key (KA) and of the random number to a second algorithm (AA2).
  - 8. A method according to claim 7, comprising, before the execution of each section of the selected application (AP) in the second controller (CA), the following steps:
    - incrementing (a111) an integer number (NSE) of a unit modulo the number of sets of parameters in order to determine (a112), with the application key (KA), a number (NCi), transmitting (a12) the said determined number (NCi) to the first controller (SIM) in order to select (a13) the set of parameters (NCi, SSi, NSi, RSi) containing the said determined number in the first controller (SIM), authenticating (a1) the first controller (SIM) in the second controller (CA) by comparing the signature (SSi) of the selected set and a result (RCi) of the application of said determined number (NCi) and of the key (KA) to the first algorithm (AA1), communicating (a22) the random number (NSi) of the selected set to the second controller (CA), and authenticating (a2) the second controller (CA) in the first controller (SIM) by comparing (a25) the result (RSi) of the selected set and a signature (SCi) resulting (a23) from the application of the random number communicated (NSi) and of the key (KA) to the second algorithm (AA2) in the second controller (CA).
  - 9. A method according to claim 7, according to which incrementing (a111) an integer number (NSE) of a unit in order to determine (a112), with the application key (KA), a number (NCi), transmitting (a12) the said determined number (NCi) to the first controller (SIM) in order to select (a13) the set of parameters (NCi, SSi, NSi, RSi) containing the said determined number in the first controller (SIM), determining (a14) the result (RCi) of the set of parameters selected according to the application of the said determined number (NCi) and of the key (KA) to the first algorithm (AA1) in the second controller (CA), communicating (a22) the random number (NSi) of the set of selected parameters to the second controller (CA), determining (a23) the signature (SCi) of the set of parameters selected by applying the communicated random number (NSi) and the key (KA) to the second algorithm (AA2) in the second controller (CA), and determining (a26, a27) an enciphering key (KCi) according to the said selected set of parameters in the first and second controllers (SIM, CA), so as to encipher and/or sign a data unit (APDU) with the enciphering key (KC) to be transmitted from one of the controllers to the other.
  - 10. A method according to any one of claims 1 to 9, according to which the first controller is that of an identity card (SIM) in a mobile radio telephone terminal (TE) and the second controller is that of an additional card (CA) able to be inserted in a reader (LE) of the terminal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gemplus (Thales SA)
Original Assignee
Gemplus (Thales SA)
Inventors
Girard, Pierre

Application Number

US10/296,547
Publication Number

US 20030119482A1
Time in Patent Office

Days
Field of Search
US Class Current

455/411
CPC Class Codes

G07F 7/1016   Devices or methods for secu...

H04L 63/0853   using an additional device,...

H04W 12/0431   Key distribution or pre-dis...

H04W 12/06   Authentication

H04W 88/02   Terminal devices

Making secure data exchanges between controllers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

61 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Making secure data exchanges between controllers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links