Method For The Authentication Of Applications
First Claim
1. Authentication method of at least one application working in a equipment connected by a network to a control server, said equipment being locally connected to a security module, said application being at least one of loadable and executable via an application execution environment of the equipment and being adapted to use resources stored in the security module, the method comprising:
- reception by the control server, via the network, of data comprising at least the identifier of the equipment and the identifier of the security module, analysis and verification by the control server of said data, generation of a cryptogram comprising a digest of the application, data identifying the equipment and the security module and instructions intended for said module, transmission of said cryptogram, via the network and the equipment, to the security module, and verification of the application by comparing the digest extracted from the cryptogram received with a digest determined by the security module, wherein, during at least one of initialization and activation of the application, the security module executes the instructions extracted from the cryptogram and at least one of releases, and blocks access to certain resources of said security module according to a result of the verification suited to this application carried out previously.
3 Assignments
0 Petitions
Accused Products
Abstract
A method is disclosed for the authentication of applications both at the time of their downloading, as well as at the time of their execution. At least one application works in an equipment connected by a network to a control server, the equipment being locally connected to a security module. The application is loaded and/or executed via an application execution environment of the equipment and uses resources stored in the security module. The authentication method includes reception by the control server, via the network, of data including at least the identifier of the equipment and the identifier of the security module, analysis and verification by the control server of the data; generation of a cryptogram including a digest of the application, data identifying the equipment and the security module and instructions intended for the module; transmission of the cryptogram, via the network and the equipment, to the security module; and verification of the application by comparing the digest extracted from the cryptogram received with a digest determined by the security module. Further, said method further comprising steps wherein, during the initialization and/or the activation of the application, the security module executes the instructions extracted from the cryptogram, to at least one of release and block the access to certain resources of the security module according to the result of the verification suited to this application carried out previously.
81 Citations
19 Claims
-
1. Authentication method of at least one application working in a equipment connected by a network to a control server, said equipment being locally connected to a security module, said application being at least one of loadable and executable via an application execution environment of the equipment and being adapted to use resources stored in the security module, the method comprising:
-
reception by the control server, via the network, of data comprising at least the identifier of the equipment and the identifier of the security module, analysis and verification by the control server of said data, generation of a cryptogram comprising a digest of the application, data identifying the equipment and the security module and instructions intended for said module, transmission of said cryptogram, via the network and the equipment, to the security module, and verification of the application by comparing the digest extracted from the cryptogram received with a digest determined by the security module, wherein, during at least one of initialization and activation of the application, the security module executes the instructions extracted from the cryptogram and at least one of releases, and blocks access to certain resources of said security module according to a result of the verification suited to this application carried out previously. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 19)
-
- 17. Security module comprising resources intended to be accessed locally by at least one application installed in an equipment connected to a network, said equipment including means for reading and transmitting data including at least an identifier of the equipment and an identifier of the security module, said module further comprising means for reception, storage and analysis of a cryptogram containing among other data, a digest of said application and instructions, means for verification of said application, and means for extraction and execution of the instructions contained in the cryptogram, for at least one of releasing and blocking certain resources according to the result of the verification of the application.
Specification