Method of securely loading commands in a smart card

US 6,073,238 A
Filed: 03/28/1997
Issued: 06/06/2000
Est. Priority Date: 03/29/1996
Status: Expired due to Fees

First Claim

Patent Images

1. A method of securely loading a command or commands in a smart card by a first party, the smart card being issued by a second party, the method comprising the steps of:

the second party producing a first authentication code using a first key,a third party producing a second authentication code using a second key,the first party obtaining the first and second authentication codes from the second party and the third party, respectively,the first party transferring command modifications with the obtained first and second authentication codes to the smart card,the smart card validating the command modifications by obtaining a replica of the first and second authentication codes using stored versions of the first and second key, respectively, and comparing the replica of the first and second authentication codes with the obtained first and second authentication codes transferred with the command modifications from the first party to the smart card.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of securely loading and validating commands (COM) in a smart card (SC) is disclosed. Especially in the case where application-specific commands are loaded by an application provider (AP), that is off-line with respect to the card issuer (CI), it must be ensured that the commands are valid. The invention provides a method involving the protection of the commands (COM) by means of authentication codes, these codes (MAC1, MAC2) being produced using two different keys: one key (K1) is stored by the card issuer (CI), the other (K2) by a trusted third party (TTP). A further authentication code (MAC3), produced using a key from a set of keys (K3*), may be utilized to selectively validate commands for individual applications (e.g. AP1, AP2).

Citations

12 Claims

1. A method of securely loading a command or commands in a smart card by a first party, the smart card being issued by a second party, the method comprising the steps of:
- the second party producing a first authentication code using a first key,a third party producing a second authentication code using a second key,the first party obtaining the first and second authentication codes from the second party and the third party, respectively,the first party transferring command modifications with the obtained first and second authentication codes to the smart card,the smart card validating the command modifications by obtaining a replica of the first and second authentication codes using stored versions of the first and second key, respectively, and comparing the replica of the first and second authentication codes with the obtained first and second authentication codes transferred with the command modifications from the first party to the smart card.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A method according to claim 1, further comprising repeating the transferring and the subsequent validating steps when the validating comparison fails, the use of any loaded command being blocked until the validating comparison succeeds.
  - 3. A method according to claim 2, further comprising permanently disabling the loaded command if the validating comparison fails a predetermined number of times, the predetermined number being less than ten.
  - 4. A method according to claim 3, wherein the permanently disabling step is performed by the card changing the first key stored in the card.
  - 5. A method according to claim 1, wherein the command is an application-specific command.
  - 6. A method according to claim 1, wherein the first and/or second authentication codes are message authentication codes produced according to a particular standard.
  - 7. A method according to claim 1, wherein the card contains several applications, each application being provided with an individual third key for validating a command provided with a third authentication code, said third authentication code being produced using the individual third key.
  - 8. A method according to claim 1, further comprising the second party producing a fourth authentication code of, said fourth authentication code not involving the first or second key.
  - 9. A method according to claim 1, further comprising providing the card with a flag register, each flag of the flag register corresponding with a command of a smart card processor, the execution of a command being inhibited if the corresponding flag is set.

10. A smart card, comprising a substrate and an integrated circuit having a processor and a memory, the memory containing at least two keys the integrated circuit being arranged to regenerate, using the at least two keys at least two authentication codes relative to a received command modification request including at least two corresponding request authentication codes and to compare the at least two regenerated authentication codes with the received at least two corresponding request authentication codes to verify an approved modification to commands is being received.
- View Dependent Claims (11, 12)
- - 11. A smart card according to claim 10, wherein the memory comprising a data structure having individual applications, each application containing an individual key (e.g. K3-1, K3-2) for regenerating authentication codes and selectively loading commands associated with the authentication codes when the approved modification is verified.
  - 12. A card according to claim 10, wherein the memory includes a flag register, each flag of the flag register corresponding with a command of the processor, the execution of a command being inhibited if the corresponding flag is set.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Koninklijke KPN NV
Original Assignee
Koninklijke PTT Nederland N.V. (Royal KPN NV)
Inventors
Drupsteen, Michel Marco Paul
Primary Examiner(s)
Wright, Norman M.

Application Number

US08/828,350
Time in Patent Office

1,166 Days
Field of Search

711/163, 711/164, 395/186, 395/187.01, 395/188.01, 380/3, 380/4, 380/21, 380/22, 380/24, 380/43, 380/45, 235/350, 235/387.5, 714/38, 713/200, 713/201, 713/202
US Class Current

726/20
CPC Class Codes

G06F 21/572   Secure firmware programming...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3552   Downloading or loading of p...

G07F 7/082   Features insuring the integ...

G07F 7/1008   Active credit-cards provide...

Method of securely loading commands in a smart card

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Method of securely loading commands in a smart card

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links