Method of modifying secrets included in a cryptographic module, notably in an unprotected environment
First Claim
1. A method of modifying secrets included in a cryptographic module on a card, the cryptographic module including a set version number that corresponds to a set of a plurality of secrets in the cryptographic module, wherein the cryptographic module:
- indicates whether a loading of a secret is either successful, or invalid; and
allows reading of a version number for each secret;
wherein the method comprises the steps of;
assigning a predetermined number to the set version number of the set of secrets of the cryptographic module, if the set version number of the set of secrets is equal to a version number that requires a set of new secrets to be loaded, in order to indicate that the cryptographic module is being reloaded;
for each secret in the set of secrets, loading a corresponding new secret and a version number of said new secret if a version number of the secret is different from the version number of the corresponding new secret to be loaded;
assigning a set version number of the set of new secrets to the set version number of the set of secrets of the cryptographic module;
wherein the set version number of the set of secrets of the cryptographic module on the card is recorded in a file of the cryptographic module of the card accessible via an immutable secret.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of modifying a set of secrets in a cryptographic module, to ensure that the modifying is either successful or invalid. The module includes readable version numbers for each secret and for the set of secrets. If the version number of the set of secrets is equal to a version number requiring the loading of a set of new secrets, the version number of the set of secrets of the cryptographic module is set to a distinctive number indicating that the cryptographic module is being reloaded. Next, for each secret, if the version number of the secret is different from the version number of the corresponding new secret to be loaded, the new secret and its version number are loaded. Next the version number of the set of secrets of the cryptographic module is set to the version number of the set of new secrets.
-
Citations
4 Claims
-
1. A method of modifying secrets included in a cryptographic module on a card, the cryptographic module including a set version number that corresponds to a set of a plurality of secrets in the cryptographic module, wherein the cryptographic module:
-
indicates whether a loading of a secret is either successful, or invalid; and allows reading of a version number for each secret; wherein the method comprises the steps of; assigning a predetermined number to the set version number of the set of secrets of the cryptographic module, if the set version number of the set of secrets is equal to a version number that requires a set of new secrets to be loaded, in order to indicate that the cryptographic module is being reloaded; for each secret in the set of secrets, loading a corresponding new secret and a version number of said new secret if a version number of the secret is different from the version number of the corresponding new secret to be loaded; assigning a set version number of the set of new secrets to the set version number of the set of secrets of the cryptographic module; wherein the set version number of the set of secrets of the cryptographic module on the card is recorded in a file of the cryptographic module of the card accessible via an immutable secret. - View Dependent Claims (2, 3, 4)
-
Specification
-
- Resources
-
Current AssigneeThales SA
-
Original AssigneeThales SA
-
InventorsD'athis, Thierry, Dailly, Philippe, Ratier, Denis
-
Primary Examiner(s)Kim, Jung
-
Assistant Examiner(s)PARSONS, THEODORE C
-
Application NumberUS12/528,183Publication NumberTime in Patent Office1,861 DaysField of Search380/277, 705/41US Class Current380/277CPC Class CodesG06F 21/6209 to a single file or object,...G06F 21/6218 to a system of files or obj...G06F 21/72 in cryptographic circuitsG06F 21/77 in smart cardsG06F 2221/2129 Authenticate client device ...
