Making secure data exchanges between controllers
First Claim
1. A method for protecting data exchanges between first and second controllers (SIM, CA), the first controller (SIM) managing communications to a telecommunications network (RR) for applications implemented in the second controller, the second controller containing a controller identifier (NS) and keys (KA) of the applications derived from a mother key (KM), characterised by the following steps for each application selected (AP) in the second controller (CA):
- transmitting (E3, E4) the identifier (NS) of the second controller (CA) and an identifier (AID) of the selected application (AP) from the second controller (CA) to a distant protection means (SO;
SO, SP) through the first controller (SIM), making a mother key (KM) in the protection means correspond (E5, E9) to the identifier of the second controller (NS), determining (E6, E11) the key (KA) of the selected application according to the selected-application identifier transmitted (AID), the corresponding mother key (KM) and the second-controller identifier (NS) in the protection means, transmitting (E7, E8;
E12-E15) at least one parameter (KA;
SSi, RSi) dependent on the determined application key (KA) from the distant protection means to the first controller (SIM), and using (A11-A25;
a10-a29) the parameter in at least the first controller (SIM) in order to make secure at least one data exchange related to the selected application between the first and second controllers.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention concerns a method for making secure data exchanges between first and second controllers (SIM, CA) such as an identity card (SIM) of a radiotelephone terminal (TE) managing communications to a telecommunications network (RR) for applications in an additional card (CA). A server (SO) of the identity card operator, or a server (SP) of the additional card transmitter matches with the identifier a mother key to determine the key of an application selected in the additional card. At least a parameter depending on the key is transmitted to the identity card (SIM) to make secure a data exchange. The identity card is thus customized on line for each application.
61 Citations
10 Claims
-
1. A method for protecting data exchanges between first and second controllers (SIM, CA), the first controller (SIM) managing communications to a telecommunications network (RR) for applications implemented in the second controller, the second controller containing a controller identifier (NS) and keys (KA) of the applications derived from a mother key (KM), characterised by the following steps for each application selected (AP) in the second controller (CA):
-
transmitting (E3, E4) the identifier (NS) of the second controller (CA) and an identifier (AID) of the selected application (AP) from the second controller (CA) to a distant protection means (SO;
SO, SP) through the first controller (SIM),making a mother key (KM) in the protection means correspond (E5, E9) to the identifier of the second controller (NS), determining (E6, E11) the key (KA) of the selected application according to the selected-application identifier transmitted (AID), the corresponding mother key (KM) and the second-controller identifier (NS) in the protection means, transmitting (E7, E8;
E12-E15) at least one parameter (KA;
SSi, RSi) dependent on the determined application key (KA) from the distant protection means to the first controller (SIM), andusing (A11-A25;
a10-a29) the parameter in at least the first controller (SIM) in order to make secure at least one data exchange related to the selected application between the first and second controllers. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
Specification