METHOD OF PERFORMING A SECURE APPLICATION IN AN NFC DEVICE

US 20120011572A1
Filed: 07/07/2011
Published: 01/12/2012
Est. Priority Date: 07/08/2010
Status: Active Grant

First Claim

Patent Images

1. A method of executing a secure application in an NFC device, the method comprising:

establishing a contactless link between a first NFC device and a second NFC device,transmitting, by the first NFC device over the contactless link, an identifier of a secure processor of the first NFC device,transmitting, by the second NFC device over the contactless link, an application identifier,transmitting, by the secure processor over the contactless link, first authentication data allowing the authentication of the secure processor of the first NFC device,transmitting, by the second NFC device, the first authentication data to an application server,transmitting, by the application server, the first authentication data and second authentication data allowing for the authentication of the application corresponding to the application identifier to an authentication server, andverifying, by the authentication server the authentication data and authorizing the two NFC devices to execute the application only if the secure processor and the application are authenticated.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to a method of executing a secure application in an NFC device, the method comprising steps during which: a contactless link is established between first and second NFC devices, the first NFC device transmits by the contactless link an identifier of a secure processor of the first NFC device, the second NFC device transmits by the contactless link an application identifier, the secure processor transmits by the contactless link first authentication data allowing the authentication of the secure processor of the first NFC device, the second NFC device transmits to an application server the first authentication data, the application server transmits to an authentication server the first authentication data and second authentication data) to authenticate the application and authorizes the two NFC devices to execute the application only if the secure processor and the application are authenticated.

Citations

15 Claims

1. A method of executing a secure application in an NFC device, the method comprising:
- establishing a contactless link between a first NFC device and a second NFC device,transmitting, by the first NFC device over the contactless link, an identifier of a secure processor of the first NFC device,transmitting, by the second NFC device over the contactless link, an application identifier,transmitting, by the secure processor over the contactless link, first authentication data allowing the authentication of the secure processor of the first NFC device,transmitting, by the second NFC device, the first authentication data to an application server,transmitting, by the application server, the first authentication data and second authentication data allowing for the authentication of the application corresponding to the application identifier to an authentication server, andverifying, by the authentication server the authentication data and authorizing the two NFC devices to execute the application only if the secure processor and the application are authenticated.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method according to claim 1, wherein:
    - the first NFC device transmits to the authentication server an application installation request comprising an application identifier of an application to install and the first authentication data allowing the authentication of the secure processor of the first NFC device,the authentication server verifies the first authentication data, and if the secure processor is authenticated, transmits to the first NFC device an application download address, andthe first NFC device downloads the application from the received download address and installs the downloaded application.
  - 3. The method according to claim 2, wherein, after the installation of the application, the first NFC device informs the authentication server of the installation of the application by supplying thereto the identifier of the installed application and the first authentication data, andthe authentication server verifies the first authentication data, and if the secure processor is authenticated, the authentication server stores the application identifier in association with the identifier of the secure processor of the first NFC device.
  - 4. The method according to claim 3, wherein the authentication server does not transmit to the first NFC device an application download address if the application identifier is already stored in association with the identifier of the secure processor of the first NFC device.
  - 5. The method according to claim 3, wherein the authentication server does not authorize the execution of the application by the two NFC devices if the application identifier is not stored in association with the identifier of the secure processor of the first NFC device.
  - 6. The method according to claim 1, wherein the first authentication data comprises the identifier of the secure processor and a first cryptogram calculated by the secure processor by applying a cryptographic calculation using a secret key stored by the secure processor to the identifier of the secure processor.
  - 7. The method according to claim 6, wherein the second authentication data comprises the identifier of the secure processor, the application identifier, and a second cryptogram calculated by the application server by applying a cryptographic calculation using a secret key specific to the application to the application identifier.
  - 8. The method according to claim 7, wherein the second cryptogram is calculated by applying the cryptographic calculation to the application identifier and to the first cryptogram.
  - 9. The method according to claim 6, wherein the first and/or the second cryptograms are calculated with the aid of a symmetric encryption algorithm using a secret key, or of an asymmetric encryption algorithm using a private key, or of a hashing function applied to the data to encrypt and to the secret key.
  - 10. The method according to claim 6, wherein the verification of each of the first and second cryptograms is performed by recalculating the cryptogram from the same data and by using an encryption key accessible to the authentication server
  - 11. A system for executing a secure application in an NFC device, comprising:
    - a first NFC device comprising an NFC component to establish a contactless communication with another NFC device, and a secure processor connected to the NFC component,a second NFC device connected to an application server to execute an application with another NFC device, andan authentication server accessible to the application server and to the first NFC device, the system being configured to execute the method according to claim 1.

12. An ensemble comprising:
- a secure processor, andan NFC component coupled to the secure processor and configured to establish a contactless communication with an NFC device,wherein the secure processor comprises a software component associated with a secure processor identifier, configured to;
  
  establish a contactless communication with an NFC device by the intermediary of an NFC controller, and transmit by the contactless link an identifier,receive by the contactless link an application identifier, andtransmit by the contactless link authentication data of the software component.
- View Dependent Claims (13, 14, 15)
- - 13. The ensemble according to claim 12, wherein the software component is configured to verify whether the received application identifier figures or not in a list of applications stored by the secure processor.
  - 14. The ensemble according to claim 12, wherein the authentication data comprises the secure processor identifier and a first cryptogram calculated by the secure processor by applying a cryptographic calculation using a secret key stored by the secure processor to the secure processor identifier.
  - 15. The ensemble according to claim 14, wherein the first cryptogram is calculated by the secure processor with the aid of a symmetric encryption algorithm using a secret key, or of an asymmetric encryption algorithm using a private key, or a hashing function applied to the data to encrypt and to the secret key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verimatrix Incorporated (Verimatrix SA)
Original Assignee
Inside Secure SA
Inventors
CHEW, Gary, WALTON, Charles

Granted Patent

US 8,850,527 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

H04W 12/06   Authentication

H04W 12/068   using credential vaults, e....

H04W 12/08   Access security

H04W 4/00   Services specially adapted ...

H04W 4/80   Services using short range ...

METHOD OF PERFORMING A SECURE APPLICATION IN AN NFC DEVICE

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD OF PERFORMING A SECURE APPLICATION IN AN NFC DEVICE

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links