METHOD FOR SECURE TRANSFER OF AN APPLICATION FROM A SERVER INTO A READING DEVICE UNIT

US 20130031357A1
Filed: 03/25/2011
Published: 01/31/2013
Est. Priority Date: 03/29/2010
Status: Active Grant

First Claim

Patent Images

1-13. -13. (canceled)

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and a system for secure transfer of an application from a server (S) into a reading device unit (2) with authentication of a user with a data carrier unit (1), the server (S) making available the application, wherein, between the data carrier unit (1) and the server (S), a first cryptographically secured channel (K1) is set up based on first cryptographic information (A), and between a security module (3) of the reading device unit (2) and the server (S) a second cryptographically secured channel (K2) is set up based on second cryptographic information (B). The application is transferred from the server to the reading device unit via the second cryptographically secured channel (K2).

31 Citations

View as Search Results

25 Claims

1-13. -13. (canceled)

14. A method for secure transfer of an application from a server (S) into a reading device unit with authentication of a user by means of data carrier unit, the server making available the application, comprising the steps:
- setting up between the data carrier unit and the server (S) a first cryptographically secured channel (K1) based on first cryptographic information (A);
  
  setting up between a security module of the reading device unit and the server (S) a second cryptographically secured channel (K2) based on second cryptographic information (B);
  
  transferring the application from the server to the reading device unit via the second cryptographically secured channel (K2);
  
  installing the application on the security module of the reading device unit; and
  
  managing the application by the security module of the reading device unit.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 25)
- - 15. The method according to claim 14, wherein the application is personalized for the user before the transfer.
  - 16. The method according to claim 14, wherein after the installation of the application, the application is personalized for the user on the security module of the reading device.
  - 17. The method according to claim 14, wherein the data carrier unit negotiates with the server (S) a first cryptographic key (A) via which the first cryptographically secured channel (K1) is set up, and the reading device unit negotiates with the server (S) a second cryptographic key (B) via which the second cryptographically secured channel (K2) is set up.
  - 18. The method according to claim 14, wherein the server (S) is a signature terminal for electronic identity documents and via secure messaging, setting up, based on a password-based protocol, the first and/or second cryptographically secured channel (K1, K2) between the signature terminal and the data carrier unit, said data carrier unit comprising an electronic identity document.
  - 19. The method according to claim 14, whereinthe data carrier unit is used with a contactless interface,the security module of the reading device unit is used with a contactless interface, the contactless interface of the data carrier unit and of the security module being employed for setting up the first cryptographically secured channel (K1).
  - 20. The method according to claim 14, wherein the security module in the reading device unit is used with a contactless interface and/or the reading device unit moreover is used with a contact-type interface, the contactless and/or the contact-type interfaces being employed for setting up the first and/or second cryptographically secured channel (K1, K2).
  - 21. The method according to claim 14, wherein,the data carrier unit is used with a contactless interface,the security module of the reading device unit is used with a contactless interface, the contactless interface of the data carrier unit and of the security module being employed for setting up the first cryptographically secured channel (K1),wherein the reading device unit is incorporated in a data processing device and the data processing device employs a secure data connection, through a transport layer security (TLS), to the server (S) for setting up the first and/or second cryptographically secured channel (K1, K2).
  - 22. The method according to claim 14, wherein,the security module in the reading device unit is used with a contactless interface and/or the reading device unit moreover is used with a contact-type interface, the contactless and/or the contact-type interface being employed for setting up the first and/or second cryptographically secured channel (K1, K2),and wherein the reading device unit and the security module are connected via the contact-type interface with the data processing device.
  - 23. The method according to claim 14, wherein the application is enabled only by authentication of the user by the data carrier unit at the reading device unit by restricted identification.
  - 25. The system according to claim 24, configured to carry out the method recited in claim 14.

24. A system comprising a server (S), data carrier unit and reading device unit, which is configured so that in the operation of the system:
- between the data carrier unit and the server (S) a first cryptographically secured channel (K1) is set up based on first cryptographic information (A) for the purpose of the authentication of a user by means of the data carrier unit at the server (S);
  
  between a security module of the reading device unit and the server (S) a second cryptographically secured channel (K2) is set up based on second cryptographic information (B);
  
  an application is transferred from the server (S) to the reading device unit via the second cryptographically secured channel (K2), and whereinthe application, after the transfer, is installed and managed on the security module of the reading device unit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Giesecke + Devrient Mobile Security GmBH (Giesecke & Devrient GmbH)
Original Assignee
Giesecke & Devrient GmbH
Inventors
Weiss, Dieter, Meister, Gisela, Eichholz, Jan, Gawlas, Florian

Granted Patent

US 9,325,504 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/152
CPC Class Codes

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/3215   using a plurality of channe...

H04L 9/3234   involving additional secure...

METHOD FOR SECURE TRANSFER OF AN APPLICATION FROM A SERVER INTO A READING DEVICE UNIT

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

25 Claims

Specification

Use Cases

Quick Links

Others

METHOD FOR SECURE TRANSFER OF AN APPLICATION FROM A SERVER INTO A READING DEVICE UNIT

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

25 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others