Tamper resistant module certification authority

US 20070255955A1
Filed: 02/16/2007
Published: 11/01/2007
Est. Priority Date: 02/21/1997
Status: Active Grant

First Claim

Patent Images

1. A method for securely loading a software application onto at least one tamper resistant module (TRM), said method comprising:

determining, based at least upon an encrypted personalization data block, whether the at least one TRM is part of a qualified set of TRM'"'"'s to accept loading of said application; and

loading the application onto the TRM only after the determining step determines that the TRM is qualified to accept the loading of the application.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparati for securely loading one or more computer software applications onto a tamper resistant module (TRM) (107) and for securely deleting one or more applications from the TRM. An embodiment of the invention comprises a method for determining, based at least upon an encrypted personalization data block, whether a TRM (107) is part of a qualified set of TRM'"'"'s to accept loading of an application. Thereafter, the method provides for loading the application onto the TRM (107) only after the first step determines that the TRM (107) is qualified to accept the loading of the application. Another embodiment comprises a method for determining, based at least upon an encrypted personalization data block, whether a TRM (107) is part of a qualified set of TRM'"'"'s to accept deleting of an application. Thereafter, the method provides for deleting the application from the TRM (107) only when the first step determines that the TRM (107) is qualified to accept the deleting of the application.

111 Citations

View as Search Results

52 Claims

1. A method for securely loading a software application onto at least one tamper resistant module (TRM), said method comprising:
- determining, based at least upon an encrypted personalization data block, whether the at least one TRM is part of a qualified set of TRM'"'"'s to accept loading of said application; and
  
  loading the application onto the TRM only after the determining step determines that the TRM is qualified to accept the loading of the application.

2. A method for securely deleting a software application from at least one tamper resistant module (TRM), the method comprising:
- determining, based at least upon an encrypted personalization data block, whether the at least one TRM is part of a qualified set of TRM'"'"'s to accept deleting of said application; and
  
  deleting the application from the TRM only after the determining step determines that the TRM is qualified to accept the deleting of the application.

3. Secure apparatus comprising:
- a certification authority for which a key pair comprising a public key and a private key are generated;
  
  at least one multiple application tamper resistant module (TRM) comprising said public key of said certification authority and a TRM identifier for uniquely identifying each said TRM;
  
  means for creating at said certification authority a personalization data block for at least one TRM identifier, means for encrypting at least one personalization data block and forwarding said at least one encrypted data block to a personalization bureau;
  
  means for loading at said personalization bureau each said encrypted data block onto the TRM having the TRM identifier matching said encrypted personalization data block;
  
  means for determining, based on said at least one encrypted personalization data block, whether at least one of said TRM'"'"'s is qualified to accept the loading of a specific software application;
  
  means for authenticating said application for loading onto said at least one TRM by using said public key of said certification authority; and
  
  loading means responsive to said determining and authenticating means for securely loading said application onto said at least one TRM.
- View Dependent Claims (4, 5, 6, 7, 8, 9)
- - 4. The apparatus of claim 3 wherein said at least one TRM further comprises memory means for storing an operating system for instructing said determining means, said authenticating means, and said loading means.
  - 5. The apparatus of claim 3, further comprising personalization means for activating at least one of said TRM'"'"'s at said personalization bureau.
  - 6. The apparatus of claim 5 wherein said personalization means comprises means for compiling a list of said TRM identifiers and means for forwarding said list to said authority.
  - 7. The apparatus of claim 3 wherein said personalization data block comprises TRM personalization data and an individual key set.
  - 8. The apparatus of claim 3 wherein said at least one TRM further comprises a TRM enablement key for facilitating TRM specific confidentiality.
  - 9. The apparatus of claim 8 further comprising means for checking whether said TRM enablement key has been set, and wherein:
    - said means for loading said encrypted data block loads said block only in the event said enablement key has not been set; and
      
      said TRM enablement key is set upon loading said encrypted data block.

10. Secure apparatus comprising:
- at least one multiple application tamper resistant module (TRM), each said TRM comprising a public key for authenticating a source of any message to said TRM from an authority holding a corresponding secret key, a TRM enablement key for facilitating TRM specific confidentiality, a TRM identifier for uniquely identifying each TRM, and memory storing an operating system;
  
  personalization means for activating each said TRM at a personalization bureau, said personalization means comprising means for compiling a list of said TRM identifiers and means for forwarding said list to said authority;
  
  means for creating at said authority a personalization data block for each TRM identifier forwarded to said authority, each said data block comprising TRM personalization data and an individual key set for each of said corresponding TRM'"'"'s;
  
  means for encrypting each of said data blocks;
  
  means for forwarding said encrypted data blocks to said personalization bureau;
  
  means for checking whether each said TRM enablement key has been set and, when not set, for matching said corresponding TRM identifier with said encrypted data block, loading said encrypted data block onto its matched corresponding TRM, and setting said corresponding enablement key;
  
  means for determining whether a TRM is qualified to accept the loading of a specific software application;
  
  checking means for authenticating said specific application to be loaded by checking whether said application has been signed by said authority; and
  
  means responsive to said determining and checking means for loading said specific application onto at least one TRM.

11. A method for securely loading at least one software application onto a tamper resistant module (TRM), said method comprising:
- transmitting security data, comprising a public key of a certification authority, onto said TRM;
  
  creating at said certification authority a personalization data block for said TRM, encrypting said data block, and forwarding said encrypted data block to a personalization bureau;
  
  loading said encrypted data block onto said TRM;
  
  determining, based at least on said encrypted data block, whether said TRM is qualified to accept the loading of a specific software application;
  
  authenticating said application for loading onto said TRM by using said public key; and
  
  loading said application in the event said TRM is qualified and said application is authenticated.

12. A method for securely deleting one or more software applications from a tamper resistant module (TRM), said method comprising the steps of:
- transmitting security data, comprising a public key of a certification authority, onto said TRM;
  
  creating at said certification authority a personalization data block for said TRM;
  
  encrypting said data block and forwarding said encrypted data block to a personalization bureau;
  
  loading said encrypted data block onto said TRM;
  
  determining, based at least on said encrypted data block, whether said TRM is qualified to accept the deleting of a specific software application; and
  
  deleting said application in the event said TRM is qualified.

13. Apparatus comprising:
- at least one tamper resistant module (TRM); and
  
  a software application;
  
  wherein;
  
  each TRM comprises TRM personalization data representative of said TRM, and said application is assigned a permissions data set representing at least one TRM upon which said application is permitted to be loaded;
  
  said apparatus further comprising means for determining whether said TRM personalization data falls within said permissions data set.

14. Apparatus comprising:
- at least one tamper resistant module (TRM), a software application to be loaded onto a TRM, and means for determining whether a TRM is qualified to accept the loading of said application onto said TRM, wherein each TRM comprises TRM personalization data, and said application is assigned application permissions data representing at least one TRM upon which said application is permitted to be loaded.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The apparatus of claim 14, wherein said determining means compares said TRM personalization data with said application permissions data.
  - 16. The apparatus of claim 15, wherein whether said application is loaded onto said TRM depends on the result of said comparison, such that in the event the TRM personalization data matches said permissions data set, the TRM is qualified and the application is loaded.
  - 17. The apparatus of claim 14, wherein said personalization data comprises data representative of a unique TRM identification designation.
  - 18. The apparatus of claim 14, wherein said personalization data comprises data representative of a TRM issuer.
  - 19. The apparatus of claim 14, wherein said personalization data comprises data representative of a product class.
  - 20. The apparatus of claim 14, wherein said personalization data comprises data representative of a date.

21. Apparatus comprising:
- at least one tamper resistant module (TRM); and
  
  a software application;
  
  wherein;
  
  said TRM comprises TRM personalization data representative of said TRM, and said application is assigned a permissions data set representing at least one TRM upon which said application is permitted to be loaded;
  
  said apparatus further comprising means for determining whether said personalization data falls within said permissions data set.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
- - 22. The apparatus of claim 21, wherein said application is loaded onto said TRM in the event said determining means determines that said personalization data falls within said set.
  - 23. The apparatus of claim 21, wherein said personalization data comprises data representing a TRM identification designation and an issuer of said TRM.
  - 24. The apparatus of claim 21, wherein said personalization data comprises data representing a product class and a date.
  - 25. The apparatus of claim 21, wherein said permissions data set comprises a plurality of TRM identification designations.
  - 26. The apparatus of claim 21, wherein said permissions data set comprises one or more issuers of said TRM.
  - 27. The apparatus of claim 21, wherein said permissions data set comprises one or more product classes.
  - 28. The apparatus of claim 21, wherein said permissions data set comprises a range of dates.

29. A method for loading a software application onto a TRM, said method comprising:
- determining whether said TRM is qualified to accept the loading of said application onto said TRM, wherein said determining step comprises the substeps of;
  
  providing said TRM with personalization data;
  
  assigning to said application permissions data representing at least one set of TRM'"'"'s upon which said application is permitted to be loaded;
  
  comparing said personalization data with said permissions data; and
  
  loading said application onto said TRM, provided said personalization data falls within said set of TRM'"'"'s upon which said application is permitted to be loaded.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 30. The method of claim 29, wherein said personalization data comprises data representative of a TRM identification designation.
  - 31. The method of claim 29, wherein said personalization data comprises data representative of a TRM issuer.
  - 32. The method of claim 29, wherein said personalization data comprises data representative of a product class.
  - 33. The method of claim 29, wherein said personalization data comprises data representative of a date.
  - 34. The method of claim 29, comprising the step of, prior to the determining step, enabling said TRM to be loaded with said application.
  - 35. The method of claim 34, wherein said enabling step comprises setting an enablement bit indicating that the TRM has been enabled.
  - 36. The method of claim 34, wherein said enabling step comprises storing personalization data onto said TRM.
  - 37. The method of claim 36, wherein said enabling step comprises setting an enablement bit indicating that the TRM has been enabled.
  - 38. The method of claim 34, wherein, prior to said enabling step, a checking step is performed to determine whether said TRM has been enabled.

39. A method for deleting a software application from a TRM, said method comprising the steps of:
- determining whether said TRM is qualified to delete said application based upon permissions data associated with said application, wherein said determining step comprises the substeps of;
  
  providing said TRM with personalization data;
  
  assigning to said application permissions data representing at least one set of TRM'"'"'s from which said application is permitted to be deleted;
  
  comparing said personalization data with said permissions data; and
  
  deleting said application from said TRM provided said personalization data falls within said set of TRM'"'"'s from which said application is permitted to be deleted.
- View Dependent Claims (40, 41, 42, 43)
- - 40. The method of claim 39, wherein said personalization data comprises data representative of a TRM identification designation.
  - 41. The method of claim 39, wherein said personalization data comprises data representative of a TRM issuer.
  - 42. The method of claim 39, wherein said personalization data comprises data representative of a product class.
  - 43. The method of claim 39, wherein said personalization data comprises data representative of a date.

44. Apparatus comprising:
- at least one tamper resistant module (TRM);
  
  a software application to be deleted from said TRM; and
  
  means for determining whether a TRM is qualified to delete said application from said TRM, wherein each TRM comprises TRM personalization data, and said application is assigned application permissions data representing at least one TRM from which said application is permitted to be deleted.
- View Dependent Claims (45, 46)
- - 45. The apparatus of claim 44, wherein said determining means makes a comparison between said TRM personalization data and said application permissions data.
  - 46. The apparatus of claim 45, wherein whether said application is deleted from said TRM depends on the result of said comparison, such that in the event the TRM personalization data matches said application permissions data the TRM is qualified and the application is deleted.

47. Secure apparatus comprising:
- a certification authority for which a key pair comprising a public key and a private key are generated;
  
  a personal computer (PC) having at least one multiple application tamper resistant module (TRM), each PC and TRM combination (PC/TRM) comprising said public key of said certification authority and an identifier for uniquely identifying each said PC/TRM;
  
  means for creating at said certification authority a personalization data block for at least one PC/TRM identifier;
  
  means for encrypting at least one personalization data block and forwarding said at least one encrypted data block to a personalization bureau;
  
  means for loading at said personalization bureau each said encrypted data block onto the PC/TRM having the PC/TRM identifier matching said encrypted personalization data block;
  
  means for determining, based on said at least one encrypted personalization data block, whether at least one of said PC/TRM'"'"'s is qualified to accept the loading of a specific software application;
  
  means for authenticating said application for loading onto said at least one PC/TRM by using said public key of said certification authority; and
  
  loading means responsive to said determining and authenticating means for securely loading said application onto said at least one PC/TRM.

48. Secure apparatus comprising:
- a personal computer (PC) having at least one multiple application tamper resistant module (TRM), each said PC and TRM combination (PC/TRM) having a public key for authenticating a source of any message to said PC/TRM from an authority holding a corresponding secret key, a PC/TRM enablement key for facilitating PC/TRM specific confidentiality, an identifier for uniquely identifying each PC/TRM, and memory storing an operating system;
  
  personalization means for activating each said PC/TRM at a personalization bureau, said personalization means comprising means for compiling a list of said PC/TRM identifiers and means for forwarding said list to said authority;
  
  means for creating at said authority a personalization data block for each PC/TRM identifier forwarded to said authority, each said data block comprising PC/TRM personalization data and an individual key set for each of said corresponding PC/TRM'"'"'s;
  
  means for encrypting each of said data blocks;
  
  means for forwarding said encrypted data blocks to said personalization bureau;
  
  means for checking whether each said PC/TRM enablement key has been set and, when not set, for matching said corresponding PC/TRM identifier with said encrypted data block, loading said encrypted data block onto its matched corresponding PC/TRM, and setting said corresponding enablement key;
  
  means for determining whether a PC/TRM is qualified to accept the loading of a specific software application;
  
  checking means for authenticating said specific application to be loaded by checking whether said application has been signed by said authority; and
  
  means responsive to said determining and checking means for loading said specific application onto at least one PC/TRM.

49. Apparatus comprising:
- a personal computer (PC) having at least one tamper resistant module (TRM); and
  
  a software application;
  
  wherein;
  
  each PC and TRM combination (PC/TRM) comprises PC/TRM personalization data representative of said PC/TRM, and said application is assigned a permissions data set representing at least one PC/TRM upon which said application is permitted to be loaded;
  
  said apparatus further comprising means for determining whether said PC/TRM personalization data falls within said permissions data set.

50. Apparatus comprising:
- a personal computer (PC) having at least one tamper resistant module (TRM), a software application to be loaded onto a PC and TRM combination (PC/TRM), and means for determining whether a PC/TRM is qualified to accept the loading of said application onto said PC/TRM, wherein each PC/TRM comprises PC/TRM personalization data, and said application is assigned application permissions data representing at least one PC/TRM upon which said application is permitted to be loaded.

51. Apparatus comprising:
- a personal computer (PC), having at least one tamper resistant module (TRM); and
  
  a software application;
  
  wherein;
  
  each PC and TRM combination (PC/TRM) comprises PC/TRM personalization data representative of said PC/TRM, and said application is assigned a permissions data set representing at least one PC/TRM upon which said application is permitted to be loaded;
  
  said apparatus further comprising means for determining whether said personalization data falls within said permissions data set.

52. Apparatus comprising:
- a personal computer (PC) having at least one tamper resistant module (TRM);
  
  a software application to be deleted from a PC and TRM combination (PC/TRM); and
  
  means for determining whether a PC/TRM is qualified to delete said application from said PC/TRM, wherein each PC/TRM comprises PC/TRM personalization data, and said application is assigned application permissions data representing at least one PC/TRM from which said application is permitted to be deleted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Multos Ltd
Original Assignee
Multos Ltd
Inventors
Simmons, Ian, Miller, Stuart, Everett, David, Viner, John, Richards, Timothy, Peacham, Anthony

Granted Patent

US 7,584,358 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/172
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/57   Certifying or maintaining t...

G06F 21/77   in smart cards

G06F 2221/2115   Third party

G06K 19/0719   at least one of the integra...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/355   Personalisation of cards fo...

G06Q 20/3552   Downloading or loading of p...

G06Q 20/3574   Multiple applications on card

G06Q 20/35765   Access rights to memory zones

G06Q 20/4097   using mutual authentication...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

G07F 7/1016   Devices or methods for secu...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/3263   involving certificates, e.g...

Tamper resistant module certification authority

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

111 Citations

52 Claims

Specification

Solutions

Use Cases

Quick Links

Tamper resistant module certification authority

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

111 Citations

52 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links