METHOD FOR AUTHENTICATING A PORTABLE DATA CARRIER

US 20120331302A1
Filed: 03/07/2011
Published: 12/27/2012
Est. Priority Date: 03/10/2010
Status: Active Grant

First Claim

Patent Images

1-15. -15. (canceled)

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for authenticating a portable data carrier (10) to a terminal device by the following steps: In the data carrier (10) a public session key (PK_Session) is derived (S5) from a public key individual to the data carrier (PK_i) which has in its turn been derived (TS32; S1) from a public group key (PK). Further, a secret session key (SK_Session) is derived (S4) from a secret key individual to the data carrier (SK_i) which has in turn been derived (TS31) from a secret group key (SK). Subsequently, a secret communication key (KK) is agreed on (S7) between the data carrier (10) and the terminal device. Finally, the terminal verifies (S8) the public session key (PK_Session) of the data carrier (10).

16 Citations

View as Search Results

30 Claims

1-15. -15. (canceled)

16. A method for authenticating a portable data carrier to a terminal device, the steps deriving (S5) a public session key (PK_Session) from a public key (PK_i) individual to the data carrier derived (TS32) from a public group key (PK), and deriving (S4) a secret session key (SK_Session) from a secret key (SK_i) individual to the data carrier derived (TS31) from a secret group key (SK), in the data carrier;
- anonymously authenticating (S8) the data carrier to the terminal device, using the secret session key (SK_Session) in either or both the data carrier and the public session key (PK_Session) in the terminal device.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 27, 28, 29, 30)
- - 17. The method according to claim 16, wherein the terminal device verifies the public session key (PK_Session) by a certificate (C_PK) of the public group key (PK), which certificate is stored in the data carrier, by the terminal device first checking (TS81) the certificate (C_PK) and thereafter reconstructing (TS82) the derivation of the public session key (PK_Session) from the public group key (PK) via the public key (PK_i) individual to the data carrier.
  - 18. The method according to claim 16, wherein the public key (PK) individual to the data carrier and the secret key (SK_i) individual to the data carrier are derived from the public group key (PK) and the secret group key (SK), respectively, and stored (S3) in the data carrier (10) in a personalization phase of the data carrier.
  - 19. The method according to claim 16, wherein the secret key (SK_i) individual to the data carrier is derived from the secret group key (SK) while using a first random number (RND_i).
  - 20. The method according to claim 16, wherein the public session key (PK_Session) and the secret session key (SK_Session) are derived from the public key (PK_i) individual the data carrier and the secret key (SK_i) individual to the data carrier, respectively, while using a second random number (RND_Session).
  - 21. The method according to claim 16, including the steps of agreeing on a communication key (KK) between the data carrier and the terminal device while using the public session key (PK_Session) and the secret session key (SK_Session) of the data carrier as well as a public terminal key and a secret terminal key of the terminal device;
    - wherein the communication key (KK) is agreed on by a Diffie-Hellman key exchange method which is based on a specified primitive root (g) modulo a specified prime number,the secret key (SK_i) individual to the data carrier is derived (TS31) from the secret group key (SK) by multiplication by the first random number (RND_i), andthe public key (PK_i) individual to the data carrier formed (TS32) by exponentiation of the primitive root (g) by the secret key individual to the data carrier (SK_i),wherein the public group key (PK) is formed (S1) by exponentiation of the primitive root (g) by the secret group key (SK).
  - 22. The method according to claim 16, wherein the secret session key (SK_Session) is derived (S4) by multiplication of the secret key (SK_i) individual to the data carrier by the second random number (RND_Session), and the public session key (PK_Session) is derived (S5) by exponentiation of the public key (PK_i) individual to the data carrier by the second random number (RND_Session).
  - 23. The method according to claim 16, wherein the data carrier sends to the terminal device the public session key (PK_Session), the product (RND_i*RND_Session) of the first random number (RND_i) and the second random number (RND_Session) as well as the certificate (C_PK) of the public group key (PK).
  - 24. The method according to claim 16, wherein the terminal device, for verifying the public session key (PK_Session), forms an exponentiation of the public group key (PK) by the product (RND_i*RND_Session) of the first random number (RND_i) and the second random number (RND_Session).
  - 25. The method according to claim 16, wherein, for deriving public keys (PK_i) individual to the data carrier and secret keys (SK_i) individual to the data carrier of a plurality of different data carriers, the same public and secret group keys (PK;
    - SK) are respectively used.
  - 27. The data carrier according to claim 26, wherein the data carrier is configured to authenticate itself to a terminal device according to the method recited in claim 16.
  - 28. A terminal device for data communication with the portable data carrier recited in claim 16, wherein the terminal device is arranged, using a public terminal key and a secret terminal key, to agree on a communication key (KK) with the portable data carrier and to verify a public session key (PK_Session) of the data carrier which has been derived from a public group key (PK) via a public key (PK_i) individual to the data carrier.
  - 29. The terminal device according to claim 28, wherein the terminal device is arranged to verify the public session key (PK_Session) of the data carrier by a certificate (C_PK) of the public group key (PK), said certificate being stored in the data carrier, by the terminal device first checking the certificate (C_PK) and thereafter reconstructing the derivation of the public session key (PK_Session) from the public group key (PK) via the public key (PK_i) individual to the data carrier.
  - 30. A system comprising the portable data carrier recited in claim 27 and the terminal device recited in claim 28, arranged to carry out the method recited in claim 17.

26. A portable data carrier, comprising a processor, a memory and a data communication interface providing data communication with a terminal device, as well as an authentication device, wherein the authentication device of the data carrier is configured to derive a public session key PK_Session) from a public key (PK_i) individual to the data carrier that is stored in the memory, to derive a secret session key (PK_Session) from a secret key (SK_i) individual to the data carrier that is stored in the memory, and to use the secret session key (SK_Session) within the framework of an authentication to the terminal device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Giesecke + Devrient Mobile Security GmBH (Giesecke & Devrient GmbH)
Original Assignee
Giesecke & Devrient GmbH
Inventors
Eichholz, Jan, Meister, Gisela

Granted Patent

US 8,966,275 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 2221/2103   Challenge-response

H04L 9/0844   with user authentication or...

H04L 9/0877   using additional device, e....

METHOD FOR AUTHENTICATING A PORTABLE DATA CARRIER

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD FOR AUTHENTICATING A PORTABLE DATA CARRIER

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links