Method and system for performing post issuance configuration and data changes to a personal security device using a communications pipe
First Claim
1. A post issuance system for performing data or configuration changes within a PSD, said system comprising said PSD, including at least one functional application and PSD cryptographic means, a local client functionally connected to said PSD, a first server functionally connected to said local client, said PSD and said first server comprising first means for mutual authentication. at least one HSM, including HSM cryptographic means complementary to said PSD cryptographic means, said at least one HSM being functionally connected to said first server, a communications pipe, established between said PSD and said at least one HSM, storing means for storing or generating said data or configuration changes, said storing means being functionally connected to said first server, said at least one HSM comprising controlling means for controlling said data or configuration changes sent through said communications pipe to said PSD.
1 Assignment
0 Petitions
Accused Products
Abstract
This invention provides a mechanism for performing secure configuration and data changes between a PSD and a hardware security module (HSM) using a communications pipe established between said PSD and said HSM. The data changes and configuration changes include but are not limited to installing, updating, replacing, deleting digital certificates, cryptographic keys, applets, other digital credentials, attributes of installed objects, or other stored proprietary information.
-
Citations
31 Claims
-
1. A post issuance system for performing data or configuration changes within a PSD, said system comprising
said PSD, including at least one functional application and PSD cryptographic means, a local client functionally connected to said PSD, a first server functionally connected to said local client, said PSD and said first server comprising first means for mutual authentication. at least one HSM, including HSM cryptographic means complementary to said PSD cryptographic means, said at least one HSM being functionally connected to said first server, a communications pipe, established between said PSD and said at least one HSM, storing means for storing or generating said data or configuration changes, said storing means being functionally connected to said first server, said at least one HSM comprising controlling means for controlling said data or configuration changes sent through said communications pipe to said PSD.
-
19. A post issuance method for performing data or configuration changes within a PSD, said method comprising
establishing a communications pipe between said PSD and at least one HSM, wherein said PSD is functionally connected to a local client and said at least one HSM is functionally connected to a first server, mutually authenticating said PSD and said first server, selecting at least one functional application within said PSD associated with said existing data or configurations. generating or retrieving HSM cryptographic means complementary to cryptographic means included inside said PSD retrieving said data or configuration changes. processing said data or configuration changes by said first server, encrypting said processed data or configuration changes by said at least one HSM using said complementary HSM cryptographic means, routing said encrypted processed data or configuration changes through said communications pipe into said PSD, and decrypting and processing said processed data or configuration changes by said at least one functional application using said PSD cryptographic means.
Specification