Secure transfer of data between two smart cards

US 7,222,783 B2
Filed: 03/23/2005
Issued: 05/29/2007
Est. Priority Date: 05/13/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A method for transferring data from a first data processing means, which is connected to a terminal, to a second data processing means which is to be connected to the terminal comprising the following steps:

transmitting a specific application identifier from an external means to the first processing means via the terminal,in the first processing means, calling up the specific application designated by the transmitted identifier, reading data relating to the specific application, encrypting the data so as to transmit encrypted data to the external means, and making inoperable the specific application before or after the encryption step,replacing the first processing means with the second processing means,transmitting the specific application identifier from the external means to the second processing means via the terminal means, andtransmitting the encrypted data from the external means to the second processing means so that the latter calls up the specific application designated by the transmitted identifier, decrypts the encrypted data and installs the decrypted data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device external to a terminal transmits a specific application identifier and an encrypted first key and number to a first chip card in service in the terminal. In the first card, if the decrypted first number satisfies a first condition, the specific application is called up, application data are read, the data are encrypted using the decrypted first key to transmit them to the external device, and the application is made inoperable. Following replacement of the first card by a second card, the external device transmits the identifier and an encrypted second key and number to the second card. In the latter, if the decrypted second number satisfies a second condition, the encrypted data are transmitted to the second card so that the latter calls up the application, decrypts the encrypted data using the decrypted second key and installs said data.

23 Citations

View as Search Results

11 Claims

1. A method for transferring data from a first data processing means, which is connected to a terminal, to a second data processing means which is to be connected to the terminal comprising the following steps:
- transmitting a specific application identifier from an external means to the first processing means via the terminal,in the first processing means, calling up the specific application designated by the transmitted identifier, reading data relating to the specific application, encrypting the data so as to transmit encrypted data to the external means, and making inoperable the specific application before or after the encryption step,replacing the first processing means with the second processing means,transmitting the specific application identifier from the external means to the second processing means via the terminal means, andtransmitting the encrypted data from the external means to the second processing means so that the latter calls up the specific application designated by the transmitted identifier, decrypts the encrypted data and installs the decrypted data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method according to claim 1, whereinan encrypted first key and number are transmitted with the specific application identifier from the external means to the first processing means via the terminal means,the first processing means decrypts the encrypted first key and number and, if the decrypted first number satisfies a first condition, calls up the specific application designated by the transmitted identifier and encrypts the read data relating to the specific application by using the first key,an encrypted second key and number are transmitted with the specific application identifier from the external means to the second processing means via the terminal means,the encrypted second key and number are decrypted in the second processing means and, if the decrypted second number satisfies a second condition, the external means transmits the encrypted data to the second processing means which decrypts the encrypted data by using the first key prior to installing them.
  - 3. The method according to claim 2, comprising the steps of deleting the decrypted first key and number in the first processing means once the encrypted data have been transmitted to the external means, and/or deleting the decrypted second key and number in the second processing means once the encrypted data have been decrypted.
  - 4. The method according to claim 2, further comprising the steps wherein, if the decrypted first number does not satisfy the first condition compared to a number read in the first processing means, deleting the encrypted first key and number in the first data processing means are deleted and/or a stoppage of the transfer process is signalled from the first data processing means to the external means, and, if the decrypted second number does not satisfy the second condition compared to a number read in the second processing means, the encrypted second key and number in the second data processing means are deleted and/or a stoppage of the transfer process is signalled from the second data processing means to the external means.
  - 5. The method according to claim 2, wherein the first and second numbers are random numbers produced by the first and second processing means and retrieved in the external means prior to the transmission of the specific application identifier and of the encrypted first key and number to the first processing means, the first condition is an equality of the decrypted first number and of a number read in the first processing means, and the second condition is an equality of the decrypted second number and of a number read in the second processing means.
  - 6. The method according to claim 2, wherein the first and second numbers are transfer counts incremented by respective increments in the external means each time said external means designates a specific application to call up in the first processing means and in the second processing means, the first condition is a superiority of the decrypted first number over a number read in the first processing means which, if it is satisfied, causes the number read in the first processing means to be replaced by the decrypted first number, and the second condition is a superiority of the decrypted second number over a number read in the second processing means which, if it is satisfied, causes the number read in the second processing means to be replaced by the decrypted second number.
  - 7. The method according to claim 2, wherein the external means creates and encrypts beforehand a first electronic coupon including the first key, the first number and also a hashing key and a second electronic coupon including the second key and the second number and also the hashing key, and transmits the specific application identifier and the first coupon to the first processing means via the terminal,the first processing means decrypts the first coupon and transmits to the external means the encrypted data in the form of blocks of predetermined maximum length and a fingerprint which results from a hashing applied to the encrypted data and depends on the hashing key obtained from the decrypted first coupon,the external means transmits the specific application identifier and the second coupon to the second processing means via the terminal means,the second processing means decrypts the encrypted second coupon and, if the second number retrieved from the decrypted second coupon and a number read in the second processing means satisfy the second condition, the encrypted data in the form of blocks are transmitted from the external means to the second processing means so that the latter, for each received block, determines a fingerprint which it compares with the fingerprint extracted from the received block and decrypts the data in the blocks only if the fingerprints compared for each block are identical.
  - 8. The method according to claim 2, wherein the external means comprises a secure means and a controller means which are connected to the terminal means via a telecommunication network,the controller transmits identities of the first and second processing means and the specific application identifier to the secure means, andthe secure means generates the first and second keys and retrieves first and second encryption keys which are pre-stored in the first and second processing means and as employed to encrypt and decrypt at least the first key and number and at least the second key and number, respectively.
  - 9. The method according to claim 1, further comprising the step of displaying a text message or broadcasting a voice message in the terminal to issue an invite to replace the first processing means with the second processing means.
  - 10. The method according to claim 1, wherein the first and second data processing means are chip cards and the terminal receives the first and second data processing means one after the other and is a mobile radiocommunication terminal.
  - 11. The method according to claim 1, wherein the first and second data processing means are one and the same.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gemalto SA (Thales SA)
Original Assignee
Gemplus (Thales SA)
Inventors
Merrien, Lionel
Primary Examiner(s)
Lee, Michael G.
Assistant Examiner(s)
Kim, Tae W.

Application Number

US11/086,279
Publication Number

US 20050279826A1
Time in Patent Office

797 Days
Field of Search

235/380
US Class Current

235/380
CPC Class Codes

G06Q 20/229   Hierarchy of users of accounts

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/355   Personalisation of cards fo...

G07F 7/1008   Active credit-cards provide...

H04L 2209/80   Wireless network architectu...

H04L 9/0891   Revocation or update of sec...

H04W 12/04   Key management, e.g. using ...

H04W 12/35   Protecting application or s...

Secure transfer of data between two smart cards

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Secure transfer of data between two smart cards

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links