Method of mutual authentication between a communication interface and a host processor of an NFC chipset

US 8,762,720 B2
Filed: 10/04/2007
Issued: 06/24/2014
Est. Priority Date: 10/05/2006
Status: Active Grant

First Claim

Patent Images

1. An authentication method between a secure host processor and a controller of an NFC system, the method comprising:

providing the secure host processor removably attached to a physical medium, the secure host processor storing a first cryptographic data and the physical medium saving a second cryptographic data;

detaching the host processor from the physical medium and connecting the host processor to an NFC controller of an NFC system;

transmitting the second cryptographic data from the physical medium to the NFC controller and storing the second cryptographic data by the NFC controller; and

executing an authentication sequence by the NFC controller and the host processor, the authentication sequence comprising checking that there is a relation between the first cryptographic data stored by the host processor and the second cryptographic data stored by the NFC controller, wherein the authentication sequence is successful if the relation is found between the first cryptographic data and the second cryptographic data.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication method between a secure host processor and a controller of an NFC system, the controller being equipped with an NFC interface circuit sending and receiving contactless data, includes connecting the host processor to the controller and checking that there is a predefined relation between a first secret data stored by the host processor and a second secret data stored by the controller. The method further includes transmitting the second secret data to the controller and storing of the second secret data by the controller. The host processor may be removably associated with a contactless component storing the second secret data which is contactlessly transmitted to the controller.

25 Citations

View as Search Results

26 Claims

1. An authentication method between a secure host processor and a controller of an NFC system, the method comprising:
- providing the secure host processor removably attached to a physical medium, the secure host processor storing a first cryptographic data and the physical medium saving a second cryptographic data;
  
  detaching the host processor from the physical medium and connecting the host processor to an NFC controller of an NFC system;
  
  transmitting the second cryptographic data from the physical medium to the NFC controller and storing the second cryptographic data by the NFC controller; and
  
  executing an authentication sequence by the NFC controller and the host processor, the authentication sequence comprising checking that there is a relation between the first cryptographic data stored by the host processor and the second cryptographic data stored by the NFC controller, wherein the authentication sequence is successful if the relation is found between the first cryptographic data and the second cryptographic data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the NFC controller authenticates the host processor by receiving from the host processor a derived data derived from the first cryptographic data, and by checking the relation between the first and second cryptographic data using the derived data and the second cryptographic data.
  - 3. The method of claim 1, wherein the host processor authenticates the NFC controller by receiving from the NFC controller a derived data derived from the second cryptographic data, and by checking the relation between the first and second cryptographic data, using the derived data and the first cryptographic data.
  - 4. The method of claim 1, further comprising:
    - transmitting by the NFC controller a session key to the host processor if the host processor is authenticated by the NFC controller, the session key being used to cipher data exchanged between the host processor and the NFC controller.
  - 5. The method of claim 1, further comprising:
    - sending an authentication request by the host processor to the NFC controller;
      
      answering the request by the NFC controller by supplying a random number;
      
      ciphering by the host processor the random number received using an encryption function using the first cryptographic data as an enciphering key;
      
      transmitting the result of the enciphering to the NFC controller; and
      
      checking by the NFC controller the result of the enciphering received by means of an encryption function using the second cryptographic data as an enciphering key, the authentication of the host processor being successful if the check was successfully performed.
  - 6. The method of claim 1, wherein the first and second cryptographic data are identical.
  - 7. The method of claim 1, wherein the first cryptographic data is a private enciphering key and the second cryptographic data is a public enciphering key linked to the first cryptographic data by an asymmetric encryption relation.
  - 8. The method of claim 1, wherein the NFC controller is connected to an NFC interface circuit for sending and receiving contactless data, andwherein the physical medium which the host processor is removably associated with comprises a contactless component storing the second cryptographic data and transmitting the second cryptographic data to the NFC controller by means of the NFC interface circuit.
  - 9. The method of claim 8, wherein the physical medium is a card integrating the contactless component, the host processor is an integrated circuit of a SIM card removable from the card, and the NFC system is a mobile telephone comprising another host processor connected to the controller.
  - 10. The method of claim 1, wherein the second cryptographic data is transmitted to the NFC controller by at least one of optically reading an optical code, which is translated and transmitted to the NFC controller, and keyboarding the value of the cryptographic data, which is transmitted to the NFC controller.

11. An NFC system comprising:
- an interface circuit for sending/receiving contactless data of NFC type;
  
  an NFC controller connected to the interface circuit and comprising a connector; and
  
  a secure host processor removably attached to a physical medium, the secure host processor storing a first cryptographic data and the physical medium saving a second cryptographic data, the NFC controller being configured to receive from the physical medium and store the second cryptographic data, the host processor being configured to be detached from the physical medium and connected to the NFC controller by the connector, the NFC controller and the host processor being configured to execute together an authentication sequence comprising checking that there is a relation between the first cryptographic data stored by the host processor and the second cryptographic data stored by the NFC controller, wherein the authentication sequence is successful if the relation is found between the first cryptographic data and the second cryptographic data.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the NFC controller is configured to authenticate the host processor by receiving from the host processor a derived data derived from the first cryptographic data, and by checking the relation between the first and second cryptographic data, using the derived data and the second cryptographic data.
  - 13. The system of claim 11, wherein the host processor is configured to authenticate the NFC controller by receiving from the NFC controller a derived data derived from the second cryptographic data, and by checking the relation between the first and second cryptographic data using the derived data and the first cryptographic data.
  - 14. The system of claim 11, wherein the NFC controller is configured to transmit a session key to the host processor if the authentication of the host processor by the NFC controller was successful, the session key being used to cipher the data exchanged between the host processor and the NFC controller.
  - 15. The system of claim 11, wherein:
    - the host processor is configured to send an authentication request to the NFC controller;
      
      the NFC controller is configured to answer the request by supplying a random number;
      
      the host processor is configured to cipher the random number received using an encryption function using the first cryptographic data as an enciphering key, and to transmit the result of the enciphering to the NFC controller; and
      
      the NFC controller is configured to check the result of the enciphering received using an encryption function using the second cryptographic data it stores as an enciphering key, the authentication of the host processor being successful if the check was successfully performed.
  - 16. The system of claim 11, wherein the first and second cryptographic data are identical.
  - 17. The system of claim 11, wherein the first cryptographic data is a private key and the second cryptographic data is a public key linked to the first cryptographic data by an asymmetric encryption relation.
  - 18. The system claim 11, wherein the physical medium which the host processor is removably associated with comprises a contactless component storing the second cryptographic data for contactlessly transmitting to the NFC controller.
  - 19. The system of claim 18, wherein the physical medium is a card integrating a contactless component storing the second cryptographic data for contactlessly transmitting to the NFC controller, the host processor is an integrated circuit of a′
    - SIM card removable from the card and the NFC system is a mobile telephone comprising another host processor connected to the NFC controller.
  - 20. The system of claim 11, wherein the second cryptographic data is transmitted to the NFC controller by at least one of:
    - (i) optically reading an optical code, which is translated and transmitted to the NFC controller, and(ii) keyboarding the value of the second cryptographic data, which is transmitted to the NFC controller.

21. A smart card comprising:
- an integrated circuit card removable from the smart card and integrating a secure processor saving a first cryptographic data; and
  
  a physical medium saving a second cryptographic data to be contactlessly transmitted, the second cryptographic data being linked to the first cryptographic data by a checkable relation, wherein the secure processor is configured to authenticate an NFC controller storing the second cryptographic data by receiving from the NFC controller a derived data derived from the second cryptographic data and by checking, the relation between the first and second cryptographic data, using the derived data and the first cryptographic data.
- View Dependent Claims (22, 23, 24, 25, 26)
- - 22. The smart card of claim 21, wherein the secure processor is configured to receive a session key if the secure processor has been authenticated by an NFC controller, the session key being used to cipher data exchanged between a host processor and the NFC controller.
  - 23. The smart card of claim 21, wherein the secure processor is configured to:
    - send an authentication request;
      
      receive a random number as a response to the authentication request;
      
      cipher the random number received using an encryption function using the first cryptographic data as an enciphering key; and
      
      transmit the result of the enciphering.
  - 24. The smart card of claim 21, wherein the first cryptographic data is a private key and the second cryptographic data is a public key linked to the first cryptographic data by an asymmetric encryption relation.
  - 25. The smart card of claim 21, wherein the physical medium saving the second cryptographic data comprises a memory coupled to a contactless interface circuit sending and receiving contactless data, and the smart card is configured to read in the memory and transmit the second cryptographic data.
  - 26. The smart card of claim 21, wherein the second cryptographic data is memorized using an optical code intended to be optically read.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verimatrix Incorporated (Verimatrix SA)
Original Assignee
Inside Secure SA
Inventors
Charrat, Bruno, Martineau, Philippe
Primary Examiner(s)
Dada, Beemnet
Assistant Examiner(s)
GYORFI, THOMAS A

Application Number

US11/867,123
Publication Number

US 20080085001A1
Time in Patent Office

2,455 Days
Field of Search

713/169, 379/55.1, 340/854.8, 455/41.1
US Class Current

713/169
CPC Class Codes

G09C 1/00   Apparatus or methods whereb...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/3273   for mutual authentication n...

Method of mutual authentication between a communication interface and a host processor of an NFC chipset

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Method of mutual authentication between a communication interface and a host processor of an NFC chipset

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links