Method and system for securely handling information between two information processing devices
First Claim
1. A method for securely handling an information unit by a first information processing device (2) interoperating with a second secure information processing device (1), whereby the information unit is provided by an issuer, the method comprising the steps:
- transmitting (3, 25, 35) the information unit, from the first issuer to the first information processing device (2), the information unit being processed by a cryptographic process;
providing at least one key for the cryptographic process on the second secure information processing device (1);
the first information processing device (i) receiving the at least one key from the second information processing device, and (ii) cryptographically reprocessing (29, 38) the information unit by using the at least one key;
providing (3, 25, 35) the information unit from the issuer to the first information processing device (2), the information unit being encrypted by using at least a first key;
providing the first key from the issuer to the first information processing device (2), the first key being encrypted by using at least a second key;
providing the at least one second key on the second secure information processing device (1); and
wherein at least a third key is provided for external authentication and/or release control of the respective information unit.
1 Assignment
0 Petitions
Accused Products
Abstract
Described is a mechanism for securely handling an information unit by a first information processing device (2), for instance a terminal device like a chip card reader, which interoperates with a second secure information processing device (1), for instance a portable device like a chip card, whereby the information unit is provided by an issuer. The information unit is provided from the issuer to the first device and encrypted by using a first key. The first key is also encrypted by using a second key. The second key is provided on the second secure device (1) and interconnecting the first and the second device enables to decrypt the first key by using the second key and then to decrypt the information unit by using the first key.
98 Citations
32 Claims
-
1. A method for securely handling an information unit by a first information processing device (2) interoperating with a second secure information processing device (1), whereby the information unit is provided by an issuer, the method comprising the steps:
-
transmitting (3, 25, 35) the information unit, from the first issuer to the first information processing device (2), the information unit being processed by a cryptographic process;
providing at least one key for the cryptographic process on the second secure information processing device (1);
the first information processing device (i) receiving the at least one key from the second information processing device, and (ii) cryptographically reprocessing (29, 38) the information unit by using the at least one key;
providing (3, 25, 35) the information unit from the issuer to the first information processing device (2), the information unit being encrypted by using at least a first key;
providing the first key from the issuer to the first information processing device (2), the first key being encrypted by using at least a second key;
providing the at least one second key on the second secure information processing device (1); and
wherein at least a third key is provided for external authentication and/or release control of the respective information unit. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for securely handling an information unit, comprising a first information processing device (2) interoperating with a second secure information processing device (1), the information unit being provided by an issuer, comprising:
-
the first device (2) comprising a storage for storing the information unit, encrypted by using at least a first key, and a storage for storing the first key, encrypted by using at least a second key; and
the second secure device (1) comprising a storage (6) for storing the at least one second key, and processing means for decrypting the at least first key by using the at least second key;
the first device further comprising (i) means for receiving the at least one key from the second information processing device, and (ii) means for decrypting the information unit by using the at least one key; and
wherein the first device (2) and/or the second secure device (1) comprises a storage (6) for storing at least a third key for external authentication and/or release control of the information unit and processing means (7) for processing the third key. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A chip card (1) for securely handling an information unit by interoperating with an information handling terminal device (2), comprising a storage (6) for storing an at least one key for a cryptographic process, and means for transmitting the at least one key to said handling terminal device to enable said device to cryptographically process an information unit received by said device from an issuer;
-
wherein a processor (7) runs specific functions on the terminal device (2, 5) or on at least a second device attached to the terminal device (2, 5);
further comprising means for transferring of at least one second key to the terminal device (2, 5) and/or means for decrypting of the at least first key by using the at least second key and/or means to initiate transfer of the signature key for signature verification;
wherein is non-erasble storage (6) stores the second key and/or the signature key at time of its issuing; and
further comprising a storage (6) for storing at least a third key external authentication and/or release control of the information unit and processing means (7) for processing the third key. - View Dependent Claims (25, 26)
-
-
27. A chip card accepting device (2), for securely handling an information unit by interoperating with a chip card (1), comprising:
-
a storage for storing the information unit;
means for receiving at least one first key from a chip card, means for cryptographically reprocessing the information unit by using the at least one first keys;
means for receiving at least one second key for decrypting the first key; and
a storage for storing at least a third key for external authentication and/or release control of the information unit and processing means for processing the third key. - View Dependent Claims (28, 29, 30)
-
-
31. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method steps for securely handling an information unit by a first information processing device (2) interoperating with a second secure information processing device (1), whereby the information unit is provided by an issuer, said method steps comprising:
-
transmitting (3, 25, 35) the information unit, in an encrypted form, from the issuer to the first information processing device (2), the information unit being processed by a cryptographic process;
providing at least one key for the cryptographic process on the second secure information processing device (1);
the first information processing device (i) receiving the at least one key from the second information processing device, and (ii) cryptographically reprocessing (29, 38) the information unit by using the at least one key;
providing (3, 25, 35) the information unit from the issuer to the first information processing device (2), the information unit being encrypted by using at least a first key;
providing the first key from the issuer to the first information processing device (2), the first key being encrypted by using at least a second key;
providing the at least one second key on the second secure information processing device (1); and
wherein at least a third key is provided for external authentication and/or release control of the respective information unit. - View Dependent Claims (32)
-
Specification