Methods and systems for IC card application loading
First Claim
1. A method for securely loading an application, comprising the steps of:
- communicating at least one application load unit, said application load unit comprising the application and security data for authentication and protection of code and data associated with the application, to a selected one of a plurality of devices, the at least one application load unit being encrypted using cryptographic keys provided in a first plaintext key transformation unit, the first plaintext key transformation unit being encrypted using a common key, wherein the common key and at least one application load unit are furnished by an application provider and the common key is common to the plurality of devices; and
communicating the common key to the selected device in a second plaintext key transformation unit, the second plaintext key transformation unit being encrypted using a public key of said selected device, whereineach of the step of communicating at least one application load unit and the step of communicating the common key is secured using a secret key of the application provider.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are described that provide a new type of application load unit for use in the secure loading of applications and/or data onto integrated circuit cards or smart cards. Plaintext key transformation units can be created for each of a plurality of smart cards that are to be loaded with a desired or selected application. A plaintext key transformation unit may be individually encrypted using the public keys associated with target smart cards. An application provider can create one or more application load unit using known means and can then create one or more additional plaintext key transformation unit, one for each target smart card using corresponding public keys which can be obtained taken from a database of card public keys.
-
Citations
13 Claims
-
1. A method for securely loading an application, comprising the steps of:
-
communicating at least one application load unit, said application load unit comprising the application and security data for authentication and protection of code and data associated with the application, to a selected one of a plurality of devices, the at least one application load unit being encrypted using cryptographic keys provided in a first plaintext key transformation unit, the first plaintext key transformation unit being encrypted using a common key, wherein the common key and at least one application load unit are furnished by an application provider and the common key is common to the plurality of devices; and communicating the common key to the selected device in a second plaintext key transformation unit, the second plaintext key transformation unit being encrypted using a public key of said selected device, wherein each of the step of communicating at least one application load unit and the step of communicating the common key is secured using a secret key of the application provider. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A device comprising a computing device and storage, the device configured to receive an encrypted application load unit, said application load unit comprising an application and security data for authentication and protection of code and data associated with the application, wherein:
-
the storage maintains a plurality of cryptographic keys including a secret key of said device and a common key; and
the computing device is configured to decrypt the encrypted application load unit using the secret key and the common key, wherein;the encrypted application load unit is encrypted using cryptographic keys provided in a first plaintext key transformation unit, the first plaintext key transformation unit being encrypted using the common key, wherein the common key and the one or more applications are furnished by an application provider;
the common key is provided to the device in a second plaintext key transformation unit, the second plaintext key transformation unit being encrypted using a public key of the device; and
the encrypted application and the common key are provided to the device using a secret key of the application provider.
-
Specification