Pre-control of a program in an additional chip card of a terminal

US 6,925,560 B1
Filed: 06/05/2000
Issued: 08/02/2005
Est. Priority Date: 06/03/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A process for pre-controlling the execution of a program contained in a second chip card, inserted in a terminal, in addition to a first chip card, containing data and connected to a telecommunication network to which the terminal is linked, comprising the step of authenticating one of the first and second cards by the other, prior to the execution of the program, by means of the following steps:

applying an identifier of the program which is transmitted from the second card to the first card and a key to an algorithm, contained in the first card, to produce a result, andcomparing the result and a certificate which is transmitted by the second card to the first card in order to execute the program only in case the latter two are equal.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Prior to the execution of a program contained in a second chip card inserted in a terminal such as a mobile radio telephone terminal, in addition to a first chip card containing data and connected to a telecommunication network to which the terminal is linked, one of the cards is authenticated by the other, or the two cards are authenticated mutually. This double authentication ensures the authenticity of the program for its overall execution in the terminal and the origin of the second card, distributed through conventional channels, for the network operator.

47 Citations

View as Search Results

18 Claims

1. A process for pre-controlling the execution of a program contained in a second chip card, inserted in a terminal, in addition to a first chip card, containing data and connected to a telecommunication network to which the terminal is linked, comprising the step of authenticating one of the first and second cards by the other, prior to the execution of the program, by means of the following steps:
- applying an identifier of the program which is transmitted from the second card to the first card and a key to an algorithm, contained in the first card, to produce a result, andcomparing the result and a certificate which is transmitted by the second card to the first card in order to execute the program only in case the latter two are equal.
- View Dependent Claims (2, 3, 5, 6, 7, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The process in accordance with claim 1, further including the step of selecting the key in a table of keys contained in the first card as a function of the program identifier.
  - 3. The process in accordance with claim 1, wherein the authentication involves an authentication of the second card by the first card, and comprises the following steps:
    - transmitting a random number from the first card to the second card;
      
      applying the transmitted random number and a key to an algorithm contained in the second card to produce a signature that is transmitted to the first card;
      
      applying the random number and a key to an algorithm contained in the first card to produce a result; and
      
      comparing the result to the signature transmitted to the first card so as to execute the program only when the two are equal.
  - 5. The process in accordance with claim 1, wherein the authentication involves an authentication of the first card by the second card, and comprises the following steps:
    - transmitting a predetermined field of a number from the first card to the second card; and
      
      comparing the predetermined field to a number in the second card so as to execute the program or to read its content only when the two are equal.
  - 6. The process in accordance with claim 5, wherein the predetermined field comprises at least the call sign of the telecommunication network contained in an identity number of the first card.
  - 7. The process in accordance with claim 1, wherein the authentication involves an authentication of the first card by the second card, and comprises the following steps:
    - reading a random number from the first card into the second card;
      
      applying the random number and a key to an algorithm contained in the first card so as to produce a signature transmitted to the second card;
      
      applying the random number and a key to an algorithm contained in the second card so as to produce a result; and
      
      comparing the result to the signature transmitted to the second card so as to execute the program or read its content only when the two are equal.
  - 9. The process in accordance with claim 1, comprising a first authentication of one card by the other card and a second authentication of the other card by said one card which follows the first authentication when said one card is authenticated by the other card and which is followed by the execution of the program when the other card is authenticated by said one card.
  - 10. The process in accordance with claim 1, wherein at least one part of the authentication is executed only in response to an authentication request, transmitted from the second card to the first card.
  - 11. The process in accordance with claim 1, wherein authentication steps are executed in a server of the telecommunication network in response to a request from the first card.
  - 12. The process according to claim 1, further including the steps of reading of the characteristics for the execution of the program in the second card, by the first card or the terminal in response to an introduction of the second card in a reading means linked to the terminal, and analysis of the characteristics in comparison to the material and software capacities of the first card and/or the terminal to reject the second card when said characteristics are incompatible with the first card and/or the terminal.
  - 13. The process in accordance with claim 1, further including the step, between the authentication of card and the execution of the program, of remotely loading the program from the second card into the first card for a program execution in the first card.
  - 14. The process in accordance with claim 1, wherein the program is launched on command from the first card to be executed in the second card and exchanges of commands and responses are made between the second card and the terminal.
  - 15. The process of claim 14 wherein said exchanges are made directly between the second card and the terminal.
  - 16. The process of claim 14 wherein said exchanges between the second card and the terminal are made through the first card.
  - 17. The process in accordance with claim 1, further including the step, between the authentication of card and the execution of program, of remotely loading the program from the second card into the terminal for program execution in the terminal.
  - 18. The process in accordance with claim 1, wherein the telecommunication network is a radio telephone network, the terminal is a mobile radio telephone terminal, and the first card is a subscriber identity card.

4. A process for pre-controlling the execution of a program contained in a second chip card, inserted in a terminal, in addition to a first chip card, containing data and connected to a telecommunication network to which the terminal is linked, comprising the step of authenticating one of the first and second cards by the other, prior to the execution of the program, by means of the following steps:
- selecting a key from a table of keys contained in the first card as a function of a program identifier transmitted from the second card to the first card;
  
  transmitting a random number from the first card to the second card;
  
  applying the transmitted random number and the key to an algorithm contained in the second card to produce a signature that is transmitted to the first card;
  
  applying the random number and the key to an algorithm contained in the first card to produce a result; and
  
  comparing the result to the signature transmitted to the first card so as to execute the program only when the two are equal.

8. A process for pre-controlling the execution of a program contained in a second chip card, inserted in a terminal, in addition to a first chip card, containing data and connected to a telecommunication network to which the terminal is linked, comprising the step of authenticating one of the first and second cards by the other, prior to the execution of the program, by means of the following steps:
- selecting a key in a table of keys contained in a first card as a function of a program identifier transmitted by the second card to the first card;
  
  reading a random number from the first card into the second card;
  
  applying the random number and the key to an algorithm contained in the first card so as to produce a signature transmitted to the second card;
  
  applying the random number and the key to an algorithm contained in the second card so as to produce a result; and
  
  comparing the result to the signature transmitted to the second card so as to execute the program or read its content only when the two are equal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gemalto SA (Thales SA)
Original Assignee
Gemplus (Thales SA)
Inventors
Basquin, Bruno
Primary Examiner(s)
Morse, Gregory
Assistant Examiner(s)
Tran, Tongoc

Application Number

US09/586,977
Time in Patent Office

1,884 Days
Field of Search

713168-175, 713/202, 713/159, 713183-186, 713/200, 455/410
US Class Current

713/169
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

H04L 63/0853   using an additional device,...

H04L 63/0869   for achieving mutual authen...

H04W 12/06   Authentication

H04W 12/35   Protecting application or s...

H04W 12/72   Subscriber identity

H04W 88/02   Terminal devices

Pre-control of a program in an additional chip card of a terminal

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

47 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Pre-control of a program in an additional chip card of a terminal

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links