Secure Communication Between a Data Processing Device and a Security Module
First Claim
1. A method of creating a secure link between a data processing device (MOB) and a security module (USIM), the data processing device being adapted to communicate with a security module storing a secret data item (k) necessary for the execution by the device of a data processing task, the data processing device and the security module being adapted to communicate with a telecommunications network (RES), wherein the method comprises the steps of:
- a step of identifying the data processing device (MOB) and the module (USIM) for which a secure link is to be set up in order to send said secret data item (k) from the module to the device;
a step of delivering an encryption key (K) in which a trusted server (SC) connected to the telecommunications network delivers an encryption key (K) both to the module (USIM) and to the data processing device (MOB) that have been identified;
an encryption step in which said secret data item (k) is encrypted in the module by means of said encryption key (K);
a transmission step in which the result of the encryption step is sent by the module (USIM) that has been identified to the device (MOB) that has been identified; and
a decryption step in which the device (MOB) decrypts the result that has been received by means of said encryption key (K) that has been received and obtains said secret data item (k).
1 Assignment
0 Petitions
Accused Products
Abstract
A method of creating a secure link between a data processing device (MOB) and a security module (USIM), the data processing device being adapted to communicate with a security module storing a secret data item (k) necessary for the execution by the device of a data processing task, the data processing device and the security module being adapted to communicate with a telecommunications network (RES), wherein the method comprises the steps of: identifying the data processing device (MOB) and the module (USIM) for which a secure link is to be set up in order to send said secret data item (k) from the module to the device; a step of delivering an encryption key (K) in which a trusted server (SC) connected to the telecommunications network delivers an encryption key (K) both to the module (USIM) and to the data processing device (MOB) that have been identified; an encryption step in which said secret data item (k) is encrypted in the module by means of said encryption key (K); a transmission step in which the result of the encryption step is sent by the module (USIM) that has been identified to the device (MOB) that has been identified; and a decryption step in which the device (MOB) decrypts the result that has been received by means of said encryption key (K) that has been received and obtains said secret data item (k).
25 Citations
11 Claims
-
1. A method of creating a secure link between a data processing device (MOB) and a security module (USIM), the data processing device being adapted to communicate with a security module storing a secret data item (k) necessary for the execution by the device of a data processing task, the data processing device and the security module being adapted to communicate with a telecommunications network (RES), wherein the method comprises the steps of:
-
a step of identifying the data processing device (MOB) and the module (USIM) for which a secure link is to be set up in order to send said secret data item (k) from the module to the device; a step of delivering an encryption key (K) in which a trusted server (SC) connected to the telecommunications network delivers an encryption key (K) both to the module (USIM) and to the data processing device (MOB) that have been identified; an encryption step in which said secret data item (k) is encrypted in the module by means of said encryption key (K); a transmission step in which the result of the encryption step is sent by the module (USIM) that has been identified to the device (MOB) that has been identified; and a decryption step in which the device (MOB) decrypts the result that has been received by means of said encryption key (K) that has been received and obtains said secret data item (k). - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A security module (USIM) adapted to communicate with a data processing device (MOB), said module storing a secret data item (k) necessary for execution of a data processing task by the data processing device, the data processing device (MOB) and the security module (USIM) being adapted to communicate with a telecommunications network (RES), wherein the module comprises:
-
receiver means adapted to receive an encryption key (K); encryption means adapted to encrypt said secret data item (k) by means of said encryption key (K) that has been received; and transmission means adapted to send the result of encrypting said secret data item (k) to the device (MOB) executing the data processing task.
-
-
8. A data processing device (MOB) adapted to communicate with a security module (USIM) storing a secret data item (k) necessary for the execution of a data processing task by the device, the data processing device and the security module being adapted to communicate with a telecommunications network (RES), wherein the device comprises:
-
receiver means adapted; to receive an encryption key (K); and to receive the result of an encryption step performed by the module (USIM), the object of the encryption step being to encrypt said secret data item (k) by means of said encryption key (K); decryption means adapted to decrypt the result that has been received by means of said encryption key (K) that has been delivered in order to obtain said secret data item (k); and execution means adapted to use said secret data item (k) to execute the data processing task.
-
-
9. A trusted server (SC) adapted to communicate with a data processing device (MOB) and a security module (USIM) storing at least one secret data item (k) necessary for the execution of a data processing task by the data processing device, the data processing device (MOB) and the security module (USIM) being adapted to communicate with a telecommunications network (RES), wherein the server comprises:
-
means for identifying the data processing device (MOB) and the module (USIM) for which a secure link must be set up for the transmission of said secret data item (k) from the module to the device; and means for delivering an encryption key (K) both to the module (USIM) and to the data processing device (MOB) that have been identified, the function of said key being to encrypt communication between the module and the device.
-
-
10. A computer program adapted to be executed on a trusted server (SC), said server being adapted to communicate with a data processing device (MOB) and a security module (USIM) storing a secret data item (k) necessary for the execution of a data processing task by the data processing device, wherein the program comprises code instructions which perform the following steps when the program is executed in the trusted server:
-
a step of identifying the data processing device (MOB) and the module (USIM) for which a secure link must be set up for the transmission of the secret data item (k) from the module to the device; a step of delivering an encryption key (K) in which the server (SC) delivers an encryption key (K) both to the module (USIM) and to the data processing device (MOB) that have been identified, said key having the function of encrypting communication between the module (USIM) and the device (MOB).
-
-
11. A computer program adapted to be executed in a data processing device (MOB), said device being adapted to communicate with a security module (USIM) storing a secret data item (k) necessary for the execution of a data processing task by the data processing device, wherein the program comprises code instructions that execute the following steps when the program is executed on the data processing device:
-
a step of receiving; an encryption key (K); and the result of an encryption step performed by the module (USIM), the object of the encryption step being to encrypt said secret data item (k) by means of said encryption key (K); a step of decrypting the result that has been received by means of said encryption key (K) that has been delivered, in order to obtain said secret data item (k).
-
Specification
-
- Resources
-
Current AssigneeOrange S.A.
-
Original AssigneeOrange S.A.
-
InventorsFerrazzini, Axel, Chauvaud, Pascal, Anza, Diego
-
Application NumberUS11/918,190Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current713/155CPC Class CodesH04L 63/0428 wherein the data content is...H04L 63/062 for key distribution, e.g. ...H04W 12/0431 Key distribution or pre-dis...H04W 88/02 Terminal devices
