Method for secure transfer of an application from a server into a reading device unit
First Claim
1. A method for secure transfer of an application from a server into a reading device unit with authentication of a user by means of a data carrier unit, the reading device unit being a smart terminal including a security module, and the data carrier unit including an electronic identity token, the server making available the application to the reading device unit, the method comprising the steps:
- setting up between the data carrier unit and the server a first cryptographically secured channel based on first cryptographic information;
setting up between the security module of the reading device unit and the server a second cryptographically secured channel based on second cryptographic information, wherein the security module of the reading device unit is a secure application module (SAM), the second cryptographically secured channel being set up between the security module of the reading device unit and the server after the first cryptographically secured channel is set up between the data carrier unit and the server;
transferring the application from the server to the reading device unit via the second cryptographically secured channel;
installing the application on the security module of the reading device unit; and
managing the application by the security module of the reading device unit,wherein the reading device unit is incorporated in a data processing device and the data processing device employs a secure data connection, through a transport layer security, to the server for setting up the first cryptographically secured channel or the second cryptographically secured channel.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and a system for secure transfer of an application from a server (S) into a reading device unit (2) with authentication of a user with a data carrier unit (1), the server (S) making available the application, wherein, between the data carrier unit (1) and the server (S), a first cryptographically secured channel (K1) is set up based on first cryptographic information (A), and between a security module (3) of the reading device unit (2) and the server (S) a second cryptographically secured channel (K2) is set up based on second cryptographic information (B). The application is transferred from the server to the reading device unit via the second cryptographically secured channel (K2).
32 Citations
20 Claims
-
1. A method for secure transfer of an application from a server into a reading device unit with authentication of a user by means of a data carrier unit, the reading device unit being a smart terminal including a security module, and the data carrier unit including an electronic identity token, the server making available the application to the reading device unit, the method comprising the steps:
-
setting up between the data carrier unit and the server a first cryptographically secured channel based on first cryptographic information; setting up between the security module of the reading device unit and the server a second cryptographically secured channel based on second cryptographic information, wherein the security module of the reading device unit is a secure application module (SAM), the second cryptographically secured channel being set up between the security module of the reading device unit and the server after the first cryptographically secured channel is set up between the data carrier unit and the server; transferring the application from the server to the reading device unit via the second cryptographically secured channel; installing the application on the security module of the reading device unit; and managing the application by the security module of the reading device unit, wherein the reading device unit is incorporated in a data processing device and the data processing device employs a secure data connection, through a transport layer security, to the server for setting up the first cryptographically secured channel or the second cryptographically secured channel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system comprising:
- a server, a data carrier, and a reading device, wherein
the reading device is a smart terminal that includes a security module; the data carrier unit includes an electronic identity token; the server is configured to make available an application to the reading device unit and the system is configured so that in the operation of the system; a first cryptographically is secured channel between a data carrier unit and a server, the first cryptographically secured channel being based on first cryptographic information for the purpose of the authentication of a user by the data carrier unit at the server; a second cryptographically is secured channel between a security module of a reading device unit and the server, the second cryptographically secured channel being based on second cryptographic information and the security module of the reading device unit being a secure application module (SAM)), the second cryptographically secured channel being set up between the security module of the reading device unit and the server after the first cryptographically secured channel is set up between the data carrier unit and the server;
whereinthe application is transferred from the server to the reading device unit via the second cryptographically secured channel, the application, after the transfer, is installed and managed on the security module of the reading device unit; and the reading device unit is incorporated in a data processing device and the data processing device employs a secure data connection, through a transport layer security, to the server for setting up the first cryptographically secured channel or the second cryptographically secured channel. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- a server, a data carrier, and a reading device, wherein
Specification