Contactless electronic identification system

US 20040025035A1
Filed: 08/05/2003
Published: 02/05/2004
Est. Priority Date: 10/23/2000
Status: Abandoned Application

First Claim

Patent Images

1. Contactless electronic identification system comprising at least one read unit (5) and at least one data storage unit or transponder (1) capable of being interrogated by said read unit (5), this transponder including storage means (18) including a segmented memory space (180) for receiving application data (APPL. DATA i) relating to a plurality of distinct applications (APPL. i), the read unit (5) including security means (50, 60) for securing access to said application data (APPL. DATA i) during management operations of said application data, characterised in that said application data (APPL. DATA i) is encrypted by said read unit by means of at least a first encoding key prior to being stored in said storage means (18) of the transponder (1).

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention concerns a non-contact electronic identification system comprising at least a reading unit (5) and at least a data storage medium or transponder (1) adapted to be interrogated by the reading unit, said reading unit comprising security means (50, 60) for making secure access to application data (APPL. DATA i) during operations managing said application data. According to the invention the transponder (1) comprises storage means (18) including a segmented memory workspace (180) for receiving application data (APPL. DATA i) concerning a plurality of separate applications, said application data being encrypted by said reading unit (5) using at least a first encoding key before being stored in said storage means (18) of the transponder.

44 Citations

View as Search Results

35 Claims

1. Contactless electronic identification system comprising at least one read unit (5) and at least one data storage unit or transponder (1) capable of being interrogated by said read unit (5), this transponder including storage means (18) including a segmented memory space (180) for receiving application data (APPL. DATA i) relating to a plurality of distinct applications (APPL. i), the read unit (5) including security means (50, 60) for securing access to said application data (APPL. DATA i) during management operations of said application data, characterised in that said application data (APPL. DATA i) is encrypted by said read unit by means of at least a first encoding key prior to being stored in said storage means (18) of the transponder (1).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. System according to claim 1, characterised in that said read unit (5) is arranged to manage at least a first determined application from among the plurality of distinct applications, said security means of the read unit (5) comprising encrypting means (53) for encrypting the application data relating to said first application prior to storage thereof in said transponder (1), identification means (52) for checking whether application data relating to this first application is stored in said transponder (1) and decrypting means (53) for decrypting application data relating to the first application stored in said transponder (1).
  - 3. System according to claim 2, characterised in that said memory space (180) of the storage means (18) is divided into a plurality of memory segments (181, 182, 183,184) each for storing application data (APPL. DATA), and an additional memory segment (187) for storing directory data (DIRECTORY) containing an indication of each application stored in said transponder.
  - 4. System according to claim 3, characterised in that each application is associated with a distinct application identifier (APPL. IDENTIFIER), in that said directory data (DIRECTORY) stored in said storage means (18) include the application identifier of the application concerned as well as the memory position of the application data relating to the application concerned, and in that the read unit (5) includes at least the application identifier associated with a determined application from among said plurality of distinct applications, said identification means (52) being arranged to check the presence of this application identifier in said directory data (DIRECTORY).
  - 5. System according to claim 1, characterised in that said application data (APPL. DATA i) is encrypted and decrypted by means of at least one basic encoding key derived from a code that is peculiar and unique to each transponder, such as a unique transponder serial number (DEVICE SERIAL NUMBER).
  - 6. System according to claim 5, characterised in that said application data (APPL. DATA i) is further encrypted and decrypted by means of an additional encoding key derived from the memory position of said application data.
  - 7. System according to claim 4, characterised in that said application data (APPL. DATA i) is particularly encrypted and decrypted by means of an encoding key derived from the application identifier (APPL. IDENTIFIER) of the application concerned.
  - 8. System according to any of claims 1 to 7, characterised in that said memory space (180) further includes a memory segment (185) including data (APPL. VALIDITY) relating to a time validity of the application concerned, and in that said read unit (5) includes clock means (170) for determining the expiry of validity of the application concerned and for freeing, if the application concerned has expired, the corresponding memory part of the memory space (180) of the transponder storage means (18).
  - 9. System according to any of claims 1 to 7, characterised in that said memory space (180) further includes a memory segment (186) including transponder identification data (TAG IDENTIFICATION) for checking conformity of the transponder with said identification system.
  - 10. System according to any of claims 1 to 7, characterised in that said security means (50, 60) of the read unit (5) further include means for entering a personal identification code or means for measuring a biometric parameter.
  - 11. System according to any of claims 1 to 7, characterised in that said transponder (1) is incorporated into a portable object and in that the portable object includes means for entering a personal identification code or means for measuring a biometric parameter to protect access to said application data stored in said transponder (1).
  - 12. System according to any of claims 1 to 7, characterised in that said read unit (5) is connected to a local area or wide area computer network (800) to authorise access to data stored in a server (85) of said network.
  - 13. System according to any of claims 1 to 7, characterised in that said read unit (5) is connected to a local area or wide area computer network (800) to authorise access to data stored in a server (85) of said network and in that said server is fitted with an additional unit (5*) having similar functions to said read unit (5), this additional unit (5*) and said read unit (5) being arranged to authenticate each other.

14. Method for formatting and managing data in storage means (18) of a data storage unit or transponder (1) of a contactless electronic identification system, this method including in particular an initial segmentation step of a memory space (180) of said transponder storage means (18) into a plurality of memory segments (181, 182, 183, 184) to receive application data (APPL. DATA i) relating to a plurality of distinct applications (APPL. i), this method being characterised in that it further includes the following steps:
- encrypting, by means of at least one first encoding key, application data of a least a first determined application from among said plurality of distinct applications;
  
  transmitting encrypted application data to said transponder; and
  
  storing said encrypted application data in at least one of said memory segments.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
- - 15. Method according to claim 14, characterised in that it further includes the following steps:
    - verification (S1, S2, S3) that said transponder (1) belongs to said electronic identification system;
      
      if the transponder forms part of said electronic identification system, verification (S5, S6, S7) of the presence, in said transponder (18) storage means, of the application data of said at least first determined application; and
      
      if such application data is present, reading (S8) then decrypting (S9), by means of at least said first encoding key, of the application data of said first determined application.
  - 16. Method according to claim 14, characterised in that said memory space (180) of the storage means (18) is divided into a plurality of memory segments (181, 182, 183, 184) each for storing application data (APPL. DATA i), and an additional memory segment (187) for storing directory data (DIRECTORY) containing an indication of each application stored in said transponder.
  - 17. Method according to claim 16, characterised in that each application is associated with a distinct application identifier (APPL. IDENTIFIER), and in that said directory data (DIRECTORY) stored in said storage means (18) include the application identifier of the application concerned.
  - 18. Method according to claim 14, characterised in that said application data (APPL. DATA i) is encrypted and decrypted by means of at least one basic encoding key derived from a code peculiar and unique to each transponder, such as a unique transponder serial number (DEVICE SERIAL NUMBER).
  - 19. Method according to claim 18, characterised in that said application data (APPL. DATA i) is further encrypted and decrypted by means of least one additional encoding key derived from the memory position of said application data.
  - 20. Method according to claim 17, characterised in that said application data (APPL. DATA i) is particularly encrypted and decrypted by means of an encoding key derived from the application identifier (APPL. IDENTIFIER) associated with each application.
  - 21. Method according to any of claims 14 to 20, characterised in that said memory space (180) further includes a memory segment (185) including data (APPL. VALIDITY) relating to a time validity of the application concerned, the method further including the following steps, after verification of the presence of the application data of said at least first application:
    - verification of the expiry of validity of said first application; and
      
      if said first application has expired, deletion of the application data of said first application in order to free the corresponding memory part of said memory space of the transponder storage means (18).
  - 22. Method according to any of claims 14 to 20, characterised in that access to said application data (APPL. DATA i) stored in said transponder (1) is protected by a personal identification code or measurement of a biometric parameter.

23. Read unit (5) for contactless electronic identification of at least one data storage unit or transponder (1) including storage means (18), this read unit including a read/write interface (51) for conversing without contact, with said transponder (1), said storage means (18) including a memory space (180) segmented into a plurality of memory segments (181, 182,183, 184) for receiving application data (APPL. DATA i) relating to a plurality of distinct application data (APPL. i), characterised in that the read unit further includes:
- encrypting means (53) for encrypting application data by means of at least a first encoding key prior to transmission and storage thereof in said transponder; and
  
  decrypting means (53) for decrypting application data stored in said transponder after it has been read.
- View Dependent Claims (24, 25, 26, 27, 28, 31, 32)
- - 24. Read unit according to claim 23, characterised in that it is arranged to manage at least a first determined application from among said plurality of distinct applications, and in that it further includes identification means (52) for checking whether application data relating to said first determined application is stored in said transponder.
  - 25. Read unit according to claim 24, characterised in that said memory space (180) of the storage means (18) is divided into a plurality of memory segments (181, 182, 183, 184) each for storing application data (APPL. DATA), and an additional memory segment (187) for storing directory data (DIRECTORY) containing an indication of each application stored in said transponder, in that each application is associated with a distinct application identifier (APPL. IDENTIFIER), in that said directory data (DIRECTORY) stored in said storage means (18) include the application identifier of the application concerned, in that the read unit (5) includes at least the application identifier associated with a determined application from among said plurality of distinct applications, said identification means (52) being arranged to verify the presence of said application identifier in said directory data (DIRECTORY).
  - 26. Read unit according to any of claims 23 to 25, characterised in that it includes:
    - a hardware part (50) including said read/write interface (51), said encrypting and decrypting means (53), and data processing means (52) for processing said application data;
      
      a first memory part (60), called the protected memory, arranged to store, at least temporarily and in encrypted form, the application data (APPL. DATA i); and
      
      a second memory part (70), called the application memory, arranged to store, at least temporarily and in decrypted form, said application data (APPL. DATA i).
  - 27. System according to any of claims 23 to 25, characterised in that said memory space (180) further includes a memory segment (185) including data (APPL. VALIDITY) relating to a time validity of the application concerned, and in that the read unit (5) includes clock means (170) for determining the expiry of validity of the application concerned and freeing, if the application concerned has expired, the corresponding memory part of the memory space (180) of the transponder storage means (18).
  - 28. Read unit according to any of claims 23 to 25, characterised in that it further includes means for entering a personal identification code or means for measuring a biometric parameter to prevent unauthorised access to the application data stored in said transponder.
  - 31. Transponder according to claim 28, characterised in that said application data (APPL. DATA i) is encrypted by means of at least one basic encoding key derived from a code that is peculiar and unique to each transponder, such as a unique transponder serial number (DEVICE SERIAL NUMBER).
  - 32. Transponder according to claim 31, characterised in that said application data (APPL. DATA i) is further encrypted by means of least one additional encoding key derived from the memory position of said application data.

29. Transponder for contactless electronic identification system, said transponder including in particular storage means (18) comprising a memory space (180) segmented into a plurality of memory segments (181, 182, 183, 184) for receiving application data (APPL. DATA i) relating to a plurality of distinct applications, characterised in that said application data is stored in encrypted form, and in that said memory space (180) further includes an additional memory segment (187) for storing directory data (DIRECTORY) including an indication of each application stored in said transponder.
- View Dependent Claims (30, 33, 34, 35)
- - 30. Transponder according to claim 29, characterised in that each application is associated with a distinct application identifier (APPL. IDENTIFIER), and in that said directory data (DIRECTORY) stored in said storage means (18) include the application identifier of the application concerned as well as the memory position of the application data relating to the application concerned.
  - 33. Transponder according to claim 30, characterised in that said application data (APPL. DATA i) is in particular encrypted by means of an encoding key derived from the application identifier (APPL. IDENTIFIER) of the application concerned.
  - 34. Portable object including a transponder according to any of claims 29 to 33.
  - 35. Portable object according to claim 34, characterised in that it includes means for entering a personal identification code or means for measuring a biometric parameter in order to protect access to said application data stored in said transponder (1).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Omega Electronics Incorporated
Original Assignee
Omega Electronics Incorporated
Inventors
Jean-Claude, Rais, Abdul-Hamid, Kayal, Pierre, Desarzens

Application Number

US10/399,854
Publication Number

US 20040025035A1
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06K 19/0719   at least one of the integra...

G06K 19/0723   the record carrier comprisi...

G06K 7/0008   General problems related to...

Contactless electronic identification system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

44 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Contactless electronic identification system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links