Terminal and system for performing secure electronic transactions
First Claim
1. A terminal that enables a user to execute secure electronic transactions in conjunction with at least one application installed on an electronic unit, said terminal comprising:
- (a) a terminal module comprising;
(a1) first interface means for interfacing with said application and for receiving from said application high-level requests relating to said transactions, (a2) second interface means for interfacing with said user, (a3) third interface means for interfacing with a personal security device, and (a4) first data processing means comprising (a4i) at least first software means for controlling said first, second and third interface means; and
(b) a personal security device comprising (b1) second data processing means comprising at least (b1i) second software means for executing elementary commands, (b1ii) means for executing cryptographic computations, and (b1iii) first means for securing said second data processing means against physical access and logical access by an unauthorized entity, wherein,(c) said terminal module receives said high-level requests from said application installed on said electronic unit, said high level requests being independent of said personal security device, (d) at least one of said terminal module and said personal security device comprises;
(d1) at least one programmable memory for storing at least one filter program for translating said high-level requests into at least one of either;
(d1i) of at least one elementary command or a sequence of elementary commands for being executed by said second software means of said second data processing means, or (d1ii) at least one sequence of data exchanges between said terminal module and said user via said second interface means, said data exchanges being executed by said first software means of said first data processing means, and (d2) means for protecting said filter program to prevent an unauthorized entity from either reading or modifying said filter program, and (e) at least one of said first data processing means of said terminal module and said second data processing means of said personal security device comprise (e1) a first data processing device for executing said filter program.
4 Assignments
0 Petitions
Accused Products
Abstract
The terminal includes a terminal module (1) and a personal security device (31). The terminal module (1) is adapted to receive high-level requests from an application (Fap) installed on an electronic unit. The high-level requests are independent of the personal security device (31).
The terminal module (1) and/or the personal security device (31) includes a reprogrammable memory for storing and a unit for executing a filter program (F) translating the high-level requests into at least one of either (i) at least one sequence of exchanges of data between the terminal module (1) and the user or (ii) a sequence of at least one elementary command that can be executed by the personal security device, together with a unit for protecting the filter program (F, 62) to prevent any modification of the filter program by an unauthorized entity. The filter program includes a unit for identifying and/or authenticating the source of requests sent by the application (Fap) installed in the electronic unit.
-
Citations
40 Claims
-
1. A terminal that enables a user to execute secure electronic transactions in conjunction with at least one application installed on an electronic unit, said terminal comprising:
-
(a) a terminal module comprising;
(a1) first interface means for interfacing with said application and for receiving from said application high-level requests relating to said transactions, (a2) second interface means for interfacing with said user, (a3) third interface means for interfacing with a personal security device, and (a4) first data processing means comprising (a4i) at least first software means for controlling said first, second and third interface means; and
(b) a personal security device comprising (b1) second data processing means comprising at least (b1i) second software means for executing elementary commands, (b1ii) means for executing cryptographic computations, and (b1iii) first means for securing said second data processing means against physical access and logical access by an unauthorized entity, wherein, (c) said terminal module receives said high-level requests from said application installed on said electronic unit, said high level requests being independent of said personal security device, (d) at least one of said terminal module and said personal security device comprises;
(d1) at least one programmable memory for storing at least one filter program for translating said high-level requests into at least one of either;
(d1i) of at least one elementary command or a sequence of elementary commands for being executed by said second software means of said second data processing means, or (d1ii) at least one sequence of data exchanges between said terminal module and said user via said second interface means, said data exchanges being executed by said first software means of said first data processing means, and (d2) means for protecting said filter program to prevent an unauthorized entity from either reading or modifying said filter program, and (e) at least one of said first data processing means of said terminal module and said second data processing means of said personal security device comprise (e1) a first data processing device for executing said filter program. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
(i) means for commanding the loading, in a secure manner preventing physical interference and logical interference by an unauthorized entity, of said filter program into said programmable memory via one of said first interface means and said third interface means from an entity external to said terminal module, and (ii) first access control means for authorizing said loading of said filter program only in response to at least one predefined condition.
-
-
6. A terminal according to claim 1 further comprising second means that enables said second data processing means to authenticate said first data processing means.
-
7. A terminal according to claim 1 further comprising third means that enable said first data processing means to authenticate said second data processing means.
-
8. A terminal according to claim 6 or claim 7 further comprising (i) a first communication channel between said first data processing means and said second data processing means, said first communication channel including said third interface means and (ii) first means for securing said first communication channel against access by an unauthorized entity.
-
9. A terminal according to claim 1 further comprising fourth means that enable said user to authenticate said terminal module, independently of said personal security device.
-
10. A terminal according to claim 9 wherein said fourth means comprise:
-
means for calculating, on the basis of a first secret parameter stored in said first data processing means, a password known to said user using said first data processing means and means for presenting said calculated password to said user via said second interface means.
-
-
11. A terminal according to claim 1 further comprising fifth means that enable said user to conjointly authenticate said terminal module and said personal security device.
-
12. A terminal according to claim 11 wherein said fifth means comprise:
-
means for computing, on the basis of at least second and third secret paramters stored respectively in memory in said first data processing means and in memory in said second data processing means, a password known to said user said using said first data processing device for executing said filter program and means for presenting said computed password to said user via said second interface means.
-
-
13. A terminal according to claim 1 wherein said terminal module includes said programmable memory for storing said filter program.
-
14. A terminal according to claim 13 wherein said filter program generates first commands for implementing said at least one sequence of data exchanges between said terminal module and said user and wherein:
-
said first data processing means comprise (i) a first microprocessor for controlling at least said second interface means, said first microprocessor being programmed by virtue of said first software means to execute said first commands generated by said filter program and sent to said first microprocessor for implementing said at least one sequence of data exchanges between said terminal module and said user and (ii) a second microprocessor of the integrated circuit card type disposed in said terminal module and including said programmable memory, said second microprocessor executing said filter program to control said at least one sequence of data exchanges between said terminal module and said user by means of said first commands sent to said first microprocessor and for applying said at least one sequence of at least one elementary command to said second data processing means, said second microprocessor comprising second means for securing said second microprocessor against physical access and logical access by an unauthorized entity.
-
-
15. A terminal according to claim 14 wherein said first microprocessor for controlling at least the second interface means comprises a fourth secret parameter stored in memory in said first data processing means,
said second microprocessor being controlled by said filter program to authenticate said first software means for controlling at least the second interface means on the basis of information sent by said first microprocessor and combined at least with said fourth secret parameter. -
16. A terminal according to claim 15 further comprising
(i) a second communication channel between said first microprocessor for controlling at least the second interface means and said second microprocessor of the first data processing means and (ii) third means for securing said second communication channel against access by an unauthorized entity. -
17. A terminal according to claim 16 wherein said second means for securing comprise means for encryption and decryption, by said first software means and by said second microprocessor, of data sent on said second communication channel on the basis of at least a fifth secret parameter stored in memory in said first data processing means and in memory in said second data processing means.
-
18. A terminal according to claim 16 wherein said third securing means comprise first physical means for physically protecting said second communication channel against intrusion.
-
19. A terminal according to claim 15 wherein said first microprocessor of said first data processing means includes a temporary memory for storing said fifth secret parameter and second physical means for physically protecting said temporary memory against intrusion.
-
20. A terminal according to claim 14 wherein said second microprocessor is a microcontroller.
-
21. A terminal according to claim 14 wherein said second data processing means of said personal security device comprise a second data processing device for execution of said filter program in a secure manner preventing physical access and logical access by an unauthorized entity and a programmable memory for loading and storing said filter program,
said first software means of said first data processing means receiving said first commands for implementing said at least one sequence of data exchanges from of one of said first data processing device and said second data processing device respectively installed in said terminal module and said personal security device. -
22. A terminal according to claim 14 wherein said first microprocessor is the microprocessor of a personal computer, said personal computer being also interfaced to said secure microprocessor.
-
23. A terminal according to claim 13 wherein said filter program generates first commands for implementing said at least one sequence of data exchanges between said terminal module and said user and wherein:
-
said first data processing means comprise said first data processing device for executing said filter program, said first data processing device comprising a microprocessor for;
(i) executing said filter program for translating said high-level requests into said at least one sequence of data exchanges between said terminal module and the user and into said at least one elementary command or said sequence of elementary commands for being executed by said second software means of said second data processing means, and (ii) controlling at least said second interface means using said first commands generated by said filter program to implement said at least one sequence of data exchanges between said terminal module and said user and wherein said microprocessor comprises means for securing said microprocessor against physical access and logical access by an unauthorized entity.
-
-
24. A terminal according to claim 23 wherein said microprocessor includes said programmable memory.
-
25. A terminal according to claim 23 wherein said programmable memory is external to said microprocessor.
-
26. A terminal according to claim 25 wherein said filter program is stored in encrypted form in said programmable memory and said microprocessor comprises means for reading and decrypting said filter program to enable said executing of said filter program.
-
27. A terminal according to claim 23 wherein said second data processing means of said personal security device comprise a second data processing device for execution of said filter program in a secure manner preventing physical access and logical access by an unauthorized entity and a programmable memory for loading and storing said filter program,
said first software means of said first data processing means receiving said first commands for implementing said at least one sequence of data exchanges from one of said first data processing device and said second data processing device respectively installed in said terminal module and said personal security device. -
28. A terminal according to claim 13 wherein:
-
said filter program comprises at least one secret parameter, and wherein said second data processing means comprise second means of conditional access control for authorizing execution of said cryptographic computations in response to elementary commands generated by said filter program only if at least a second predefined condition depending on said at least one secret parameter is satisfied.
-
-
29. A terminal according to claim 13 wherein said terminal module comprises a personal computer and wherein
said programmable memory includes the hard disk of said computer. -
30. A terminal according to claim 29 wherein said filter program comprises a loading/decrypting first module and an encrypting second module for said translation of said high-level requests, said first module commanding the loading of said second module into RAM of said computer and decryption of said second module for execution of said filter program by said computer.
-
31. A terminal according to claim 29 wherein said filter program comprises at least one first module installed on said personal computer and at least one second module installed on a security server, said personal computer and said security server being connected by a communication channel, said terminal further comprising means for enabling exchange of data between said first and second modules in a manner protecting against access by an unauthorized entity.
-
32. A terminal according to claim 29 wherein said personal security device is an integrated circuit card.
-
33. A terminal according to claim 1 wherein said personal security device includes said programmable memory for storing said filter program.
-
34. terminal according to claim 33 wherein said filter program generates first commands for implementing said at least one sequence of data exchanges between said terminal module and said user and wherein:
-
said first data processing means comprise a first microprocessor for controlling at least said second interface means, said first microprocessor means being programmed by said first software means to execute said first commands generated by said filter program and sent to said first microprocessor for implementing said at least one sequence of data exchanges between said terminal module and said user, and said second data processing means comprise a second microprocessor of the integrated circuit card type disposed in said personal security device and including said programmable memory, said second microprocessor executing (i) said filter program for controlling said at least one sequence of data exchanges between said terminal module and said user by means of said first commands sent to said first microprocessor and (ii) said elementary commands, said second microprocessor comprising means for securing said second microprocessor against physical access and logical access by an unauthorized entity.
-
-
35. A terminal according to claim 34 wherein said first microprocessor for controlling at least said second interface means comprises one fourth secret parameter stored in memory in said first data processing means and wherein
said second microprocessor of said personal security device is controlled by said filter program to authenticate said first microprocessor on the basis of information sent by said first microprocessor and combined at least with said fourth secret parameter. -
36. A terminal according to claim 34 wherein said second microprocessor of said personal security device commands the loading of said filter program into said programmable memory via said first interface means and said third interface means.
-
37. A terminal according to claims 13 or 33 wherein said terminal module comprises an integrated circuit card reader and wherein
said personal security device comprises an integrated circuit card. -
38. A system for performing secure transactions comprising at least one terminal according to claim 1 and at least one electronic unit including means for transmitting said high-level requests to said terminal.
-
39. A system according to claim 38 wherein said at least one terminal comprises a plurality of terminals, wherein
at least one server constitutes said electronic unit and wherein said system further comprises means for sending digital data between said at least one server and said plurality of terminals. -
40. A system according to claim 1 wherein said programmable memory is a reprogrammable memory.
Specification