System providing an improved skimming resistance for an electronic identity document
First Claim
1. A secured electronic identity document apparatus secured against manipulation of cryptographic configuration attempts designed to compromise the level of security by which access to the secured electronic identity document is based, comprising:
- a chip, which is externally readable, storing a first representation of the cryptographic configuration of the chip, said cryptographic configuration of the chip defining the cryptographic security levels supported by the chip, said cryptographic configuration of the chip is provided to a controlling terminal allowing the controlling terminal to select an appropriate security level supported by the chip and to establish a secure communication with the chip according the selected security level, the chip storing a private key of a cryptography key pair and adapted to cipher data based on the private key;
a support to which the chip is fastened, the support having a machine optically readable area, data encoded in this area including;
a second representation of said cryptographic configuration of the chip for establishing a secure communication with a controlling terminal in non ciphered form;
a third representation of said cryptographic configuration of the chip ciphered based on said private key; and
, wherein the second and third representations are scannable by a scanning machine and verifiable by the controlling terminal to verify that the second representation matches the third representation by deciphering the third representation; and
the chip comprising a means to check the authenticity of the cryptographic configuration of the chip on request of the controlling terminal by comparing the second or the deciphered third representations of the cryptographic configuration scanned by the controlling terminal from the machine optically readable area to the first representation of the cryptographic configuration stored into the chip and means to establish a secure communications channel according to a security level of said cryptographic configuration.
3 Assignments
0 Petitions
Accused Products
Abstract
The invention relates to a secured identity document having an externally readable chip storing a cryptographic configuration of the chip, defining the cryptographic security levels supported by the chip, for establishing a secure communication with a controlling terminal, storing a private key of a cryptography key pair and adapted to cipher data based on the stored private key; a support to which the chip is fastened, the support having a machine optically readable area, the data encoded in this area including the cryptographic configuration of the chip for establishing a secure communication with a controlling terminal in non ciphered form and the cryptographic configuration of the chip ciphered based on said private key.
29 Citations
10 Claims
-
1. A secured electronic identity document apparatus secured against manipulation of cryptographic configuration attempts designed to compromise the level of security by which access to the secured electronic identity document is based, comprising:
-
a chip, which is externally readable, storing a first representation of the cryptographic configuration of the chip, said cryptographic configuration of the chip defining the cryptographic security levels supported by the chip, said cryptographic configuration of the chip is provided to a controlling terminal allowing the controlling terminal to select an appropriate security level supported by the chip and to establish a secure communication with the chip according the selected security level, the chip storing a private key of a cryptography key pair and adapted to cipher data based on the private key; a support to which the chip is fastened, the support having a machine optically readable area, data encoded in this area including; a second representation of said cryptographic configuration of the chip for establishing a secure communication with a controlling terminal in non ciphered form; a third representation of said cryptographic configuration of the chip ciphered based on said private key; and
, wherein the second and third representations are scannable by a scanning machine and verifiable by the controlling terminal to verify that the second representation matches the third representation by deciphering the third representation; andthe chip comprising a means to check the authenticity of the cryptographic configuration of the chip on request of the controlling terminal by comparing the second or the deciphered third representations of the cryptographic configuration scanned by the controlling terminal from the machine optically readable area to the first representation of the cryptographic configuration stored into the chip and means to establish a secure communications channel according to a security level of said cryptographic configuration. - View Dependent Claims (2, 3, 4, 5, 6, 9, 10)
-
-
7. A system for securely controlling the identity of bearer of a secured electronic identity document secured against manipulation of cryptographic configuration attempts designed to compromise the level of security by which access to the secured electronic identity document is based, comprising:
-
a secure electronic identity document having; a chip, which is externally readable, storing a first representation of the cryptographic configuration of the chip, said cryptographic configuration of the chip defining the cryptographic security levels supported by the chip, said cryptographic configuration of the chip is provided to a controlling terminal allowing the controlling terminal to select an appropriate security level supported by the chip and to establish a secure communication with the chip according the selected security level, the chip storing a private key of a cryptography key pair and adapted to cipher data based on the private key; a support to which the chip is fastened, the support having a machine optically readable area, data encoded in this area including; a second representation of said cryptographic configuration of the chip for establishing a secure communication with a controlling terminal in non ciphered form; a third representation of said cryptographic configuration of the chip ciphered based on said private key; and the chip comprising a means to check the authenticity of the cryptographic configuration of the chip on request of the controlling terminal by comparing the second or the deciphered third representations of the cryptographic configuration scanned by the controlling terminal from the machine optically readable area to the first representation of the cryptographic configuration stored into the chip; a controlling terminal comprising; a device adapted to scan the machine optically readable area and to decode the data contained in the scanned area into the second representation and the third representation; a storage area storing the public key of said cryptography key pair; a processing device adapted to decipher the third representation based on the stored public key and to verify that the second representation matches the third representation by deciphering the third representation; a communication interface configurable to establish a secure communication channel with the chip of the identity document, the security level of the secure communication being based on the decoded cryptography configuration.
-
-
8. A method for establishing a secure communication channel between a secured electronic identity document secured against manipulation of cryptographic configuration attempts designed to compromise the level of security by which access to the secured electronic identity document is based and a controlling terminal, comprising the steps of:
-
scanning a machine optically readable area of a support of the identity document and decoding the data contained in the scanned area; deciphering in the terminal a first part of the decoded data based on a public key available to the terminal, this public key belonging to a cryptography key pair, the first part of the decoded data being ciphered based on the private key of the cryptography key pair; comparing the matching between a third representation of the cryptographic configuration stored in the deciphered first part with a second representation of the cryptographic configuration stored in a second part of the decoded data; establishing a secure communication channel between a chip, which is externally readable, comprised in the secured electronic identity document and the terminal based on the cryptography configuration defining the cryptographic security levels supported by the chip and recited in the decoded data if the third representation of the cryptographic configuration in the deciphered first part matches the second representation of the cryptographic configuration stored in the second part of the decoded data, said cryptography configuration provided to the controlling terminal to select an appropriate security level supported by the chip to allow the controlling terminal to establish a secure communications channel according to the selected security level; and checking the authenticity of the cryptographic configuration of the chip by operating the chip to, on request of the controlling terminal, to compare the second or the deciphered third representation of the cryptographic configuration stored into the machine optically readable area and scanned by the controlling terminal to a first representation of cryptographic configuration stored into the chip.
-
Specification