Certification of cryptographic keys for chipcards

US 6,076,162 A
Filed: 01/21/1998
Issued: 06/13/2000
Est. Priority Date: 01/22/1997
Status: Expired due to Term

First Claim

Patent Images

1. Method for certification of a cryptographic key for a chipcard comprising the steps of:

a) generating at a trusted authority, an asymmetrical algorithm cryptography key pair;

b) generating at the trusted authority, a hash of a public key of the key pair and administrative information related to the public key;

c) generating at the trusted authority, a digital signature by decoding the hash using a certified secret key of a certified key pair of the asymmetrical algorithm, a certified public key of the certified key pair having been previously transferred to the chipcard from the trusted authority;

d) transferring to the chipcard, a certificate having a first part including the administrative information and the public key and a second part including the digital signature of the first part of the certificate;

e) encoding the digital signature of the second part of the certificate in the chipcard using the certified public key of the certified key pair previously transferred to the chipcard;

f) generating in the chipcard, a hash of the first part of the certificate;

g) comparing the encoded digital signature with the hash of the first part of the certificate;

h) accepting the public key as a certified key for the chipcard when the hash of the first part of the certificate agrees with the encoded digital signature of the second part of the certificate.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to a procedure for the certification of cryptographic keys for use in chipcards. In this procedure, a certification key and a certificate are transferred to the chipcard. The first part of the certificate includes the cryptographic key and the second part of the certificate includes a digital signature of the first part of the certificate. The digital certificate is subsequently checked by means of the certification key on the chipcard.

Citations

16 Claims

1. Method for certification of a cryptographic key for a chipcard comprising the steps of:
- a) generating at a trusted authority, an asymmetrical algorithm cryptography key pair;
  
  b) generating at the trusted authority, a hash of a public key of the key pair and administrative information related to the public key;
  
  c) generating at the trusted authority, a digital signature by decoding the hash using a certified secret key of a certified key pair of the asymmetrical algorithm, a certified public key of the certified key pair having been previously transferred to the chipcard from the trusted authority;
  
  d) transferring to the chipcard, a certificate having a first part including the administrative information and the public key and a second part including the digital signature of the first part of the certificate;
  
  e) encoding the digital signature of the second part of the certificate in the chipcard using the certified public key of the certified key pair previously transferred to the chipcard;
  
  f) generating in the chipcard, a hash of the first part of the certificate;
  
  g) comparing the encoded digital signature with the hash of the first part of the certificate;
  
  h) accepting the public key as a certified key for the chipcard when the hash of the first part of the certificate agrees with the encoded digital signature of the second part of the certificate.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. Method of claim 1 wherein the step of accepting the public key as a certified key is carried out by storing the public key in a given memory area of the chipcard.
  - 3. Method of claim 1 wherein the step of accepting the public key as a certified key is carried out by means of setting a bit in a status-byte of the public key.
  - 4. Method of claim 1 wherein the step of generating a hash of the first part of the certificate further comprises:
    - accessing the administrative information for hash algorithm information regarding the hash algorithm to be used.
  - 5. Method of claim 1 wherein the step of encoding the digital signature further comprises the step of:
    - allowing the public key to be used for carrying out non-security sensitive instructions before the public key has been certified.
  - 6. Method of claim 1 further comprising the step of:
    - i) using the certified key as a certified public key for the certification of a further public key.
  - 7. Method of claim 1 wherein the certified key is assigned to one or several applications of the chipcard by means of the administrative data.

8. Method for certification of a cryptographic key for a chipcard comprising the steps of:
- a) generating at a trusted authority, an asymmetrical algorithm cryptography key pair;
  
  b) generating at the trusted authority, a hash of a public key of the key pair and administrative information related to the public key;
  
  c) generating at the trusted authority, a digital signature by encoding the hash using a certified secret key of a certified key pair of the asymmetrical algorithm, a certified public key of the certified key pair having been previously transferred to the chipcard from the trusted authority;
  
  d) transferring to the chipcard, a certificate having a first part including the administrative information and the public key and a second part including the digital signature of the first part of the certificate;
  
  e) decoding the digital signature of the second part of the certificate in the chipcard using the certified public key of the certified key pair previously transferred to the chipcard;
  
  f) generating in the chipcard, a hash of the first part of the certificate;
  
  g) comparing the encoded digital signature with the hash of the first part of the certificate;
  
  h) accepting the public key as a certified key for the chipcard when the hash of the first part of the certificate agrees with the encoded digital signature of the second part of the certificate.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. Method of claim 8 wherein the step of accepting the public key as a certified key is carried out by storing the public key in a given memory area of the chipcard.
  - 10. Method of claim 8 wherein the step of accepting the public key as a certified key is carried out by means of an entry of the public key in a table in the chipcard.
  - 11. Method of claim 8 wherein the step of accepting the public key as a certified key is carried out by means of setting a bit in a status-byte of the public key.
  - 12. Method of claim 8 wherein the step of encoding the digital signature further comprises the step of:
    - allowing the public key to be used for carrying out non-security sensitive instructions before the public key has been accepted as a certified key.
  - 13. Method of claim 8 further comprising the step of:
    - i) using the certified key further comprises using the certified key as a certified public key for the certification of a further public key.
  - 14. Method of claim 8 wherein the certified key is assigned to one or several applications of the chipcard by means of the administrative data.

15. A chipcard having a computer for certification of a cryptographic key to be used on the chipcard, the computer carrying out the steps of:
- a) receiving at the chipcard from a trusted source, a certificate having a first part including administrative information and a public key of an asymmetrical algorithm cryptography key pair, and a second part including a digital signature of a hash of the first part of the certificate;
  
  b) encoding the digital signature of the second part of the certificate in the chipcard using a certified public key of a certified key pair previously transferred to the chipcard from the trusted source;
  
  c) generating in the chipcard, a hash of the first part of the certificate;
  
  d) comparing the encoded digital signature with the hash of the first part of the certificate;
  
  e) accepting the public key as a certified key for the chipcard when the hash of the first part of the certificate agrees with the encoded digital signature of the second part of the certificate.
- View Dependent Claims (16)
- - 16. The chipcard of claim 15 wherein the computer step of generating in the chipcard, a hash of the first part of the certificate further comprises:
    - accessing the administrative information for hash algorithm information regarding the hash algorithm to be used to hash the first part.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Schaal, Albert, Deindl, Michael, Hanel, Walter
Primary Examiner(s)
Swann, Tod R.
Assistant Examiner(s)
Smithers, Matthew

Application Number

US09/010,339
Time in Patent Office

874 Days
Field of Search

380/23, 380/25, 380/282, 380/285, 713/159, 713/156, 713/181
US Class Current

713/159
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/40975   using encryption therefor

G07F 7/082   Features insuring the integ...

G07F 7/1008   Active credit-cards provide...

G07F 7/1016   Devices or methods for secu...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

Certification of cryptographic keys for chipcards

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Certification of cryptographic keys for chipcards

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links