METHOD AND SYSTEM FOR ACTIVATING A PORTABLE DATA CARRIER

US 20120159171A1
Filed: 09/01/2010
Published: 06/21/2012
Est. Priority Date: 09/03/2009
Status: Active Grant

First Claim

Patent Images

1-14. -14. (canceled)

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to a method for activating a portable data carrier (1) in which a first portable data carrier (1) is supplied in an inactive state to a user, after the user has requested the first data carrier (1) with the aid of a second portable data carrier (2) from a central instance, whereby the first and the second data carrier (1, 2) have access to authentication data for mutual authentication. In the method according to the invention a communication connection is set up between the first and the second data carrier (1, 2), via which the first and the second data carrier (1, 2) mutually authenticate each other on the basis of the authentication data and establish a cryptographically secured end-to-end connection. Via this end-to-end connection then the second data carrier (2) activates the first data carrier (1) by transmitting activation data to the first data carrier (1).

34 Citations

View as Search Results

28 Claims

1-14. -14. (canceled)

15. A method for activating a first portable data carrier with the aid of a second portable data carrier, comprising the steps:
- a communication connection is set up between the first and the second data carrier, via which the first and the second data carrier mutually authenticate each other on the basis of authentication data and establish a cryptographically secured end-to-end connection;
  
  an activation of the first data carrier is carried out, by the second data carrier activating the first data carrier via the end-to-end connection by transmitting activation data;
  
  the first portable data carrier is supplied in an inactive state to a user, after the user has requested the first data carrier with the aid of a second portable data carrier from a central instance, so that, to the first portable data carrier authentication data are applied which permit a mutual authentication exclusively with the second portable data carrier, so that the first and the second portable data carrier have access to the authentication data; and
  
  within the framework of the activation all authorizations and functionalities present on the second data carrier are transferred from the latter to the first portable data carrier and the latter is immediately ready for use, and usable with all functionalities after the conclusion of the activation.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 16. The method according to claim 15, wherein at least one of the first and the second data carrier comprise at least one of an electronic identification document and at least one of an electronic visa and at least one of an electronic ticket and at least one of an electronic health card and an electronic bank card.
  - 17. The method according to claim 15, wherein the first data carrier is supplied on the basis of an online request by the user.
  - 18. The method according to claim 15, wherein the first data carrier in the inactive state is already personalized at least partly optically and/or electronically.
  - 19. The method according to claim 15, wherein the communication connection set up between the first and the second data carrier is a local communication connection in the area of influence of the user.
  - 20. The method according to claim 15, wherein the mutual authentication is a symmetric authentication with a symmetric key.
  - 21. The method according to claim 15, wherein the mutual authentication is an asymmetric authentication with an asymmetric pair of keys of a private and a public key.
  - 22. The method according claim 15, wherein the setup of the communication connection is preceded by a user authentication.
  - 23. The method according to claim 15, wherein the activation data comprise personalization data, to be stored on the first data carrier.
  - 24. The method according to claim 15, wherein the activation data comprise at least one of several cryptographic keys and electronic certificates.
  - 25. The method according to claim 15, wherein the activation data comprise a password to be input by the user.
  - 26. The method according to claim 15, wherein after the activation of the first data carrier the second data carrier becomes inactive.

27. A system for activating a portable data carrier, the system comprising a first and a second portable data carrier, which are configured so as to enable the following steps to be carried out:
- the first data carrier is supplied in an inactive state to a user, after the user has requested the first data carrier with the aid of the second data carrier from a central instance, so that the first portable data carrier authentication data are applied that permit a mutual authentication exclusively with the second portable data carrier, so that the first and the second data carrier have access to the authentication data;
  
  a communication connection is set up between the first and the second data carrier, via which the first and the second data carrier mutually authenticate each other on the basis of the authentication data and establish a cryptographically secured end-to-end connection;
  
  the second data carrier activates the first data carrier via the end-to-end connection by transmitting activation data to the first data carrier.
- View Dependent Claims (28)
- - 28. The system according to claim 27, wherein the system is configured so as to enable the method according to claim 27 to be carried out with the system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Giesecke + Devrient Mobile Security GmBH (Giesecke & Devrient GmbH)
Original Assignee
Giesecke & Devrient GmbH
Inventors
Eichholz, Jan, Meister, Gisela, Daum, Henning

Granted Patent

US 9,411,981 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/169
CPC Class Codes

G06F 21/445   by mutual authentication, e...

G06F 21/606   by securing the transmissio...

G06F 21/6245   Protecting personal data, e...

G06F 21/77   in smart cards

G06Q 20/354   Card activation or deactiva...

G07C 2209/41   with means for the generati...

G07C 9/25   using biometric data, e.g. ...

G07F 7/1008   Active credit-cards provide...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/3263   involving certificates, e.g...

H04L 9/3273   for mutual authentication n...

METHOD AND SYSTEM FOR ACTIVATING A PORTABLE DATA CARRIER

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR ACTIVATING A PORTABLE DATA CARRIER

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links