System providing an improved skimming resistance for an electronic identity document

US 9,396,506 B2
Filed: 12/15/2011
Issued: 07/19/2016
Est. Priority Date: 12/31/2010
Status: Active Grant

First Claim

Patent Images

1. A secured electronic identity document apparatus secured against manipulation of cryptographic configuration attempts designed to compromise the level of security by which access to the secured electronic identity document is based, comprising:

a chip, which is externally readable, storing a first representation of the cryptographic configuration of the chip, said cryptographic configuration of the chip defining the cryptographic security levels supported by the chip, said cryptographic configuration of the chip is provided to a controlling terminal allowing the controlling terminal to select an appropriate security level supported by the chip and to establish a secure communication with the chip according the selected security level, the chip storing a private key of a cryptography key pair and adapted to cipher data based on the private key;

a support to which the chip is fastened, the support having a machine optically readable area, data encoded in this area including;

a second representation of said cryptographic configuration of the chip for establishing a secure communication with a controlling terminal in non ciphered form;

a third representation of said cryptographic configuration of the chip ciphered based on said private key; and

, wherein the second and third representations are scannable by a scanning machine and verifiable by the controlling terminal to verify that the second representation matches the third representation by deciphering the third representation; and

the chip comprising a means to check the authenticity of the cryptographic configuration of the chip on request of the controlling terminal by comparing the second or the deciphered third representations of the cryptographic configuration scanned by the controlling terminal from the machine optically readable area to the first representation of the cryptographic configuration stored into the chip and means to establish a secure communications channel according to a security level of said cryptographic configuration.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to a secured identity document having an externally readable chip storing a cryptographic configuration of the chip, defining the cryptographic security levels supported by the chip, for establishing a secure communication with a controlling terminal, storing a private key of a cryptography key pair and adapted to cipher data based on the stored private key; a support to which the chip is fastened, the support having a machine optically readable area, the data encoded in this area including the cryptographic configuration of the chip for establishing a secure communication with a controlling terminal in non ciphered form and the cryptographic configuration of the chip ciphered based on said private key.

29 Citations

10 Claims

1. A secured electronic identity document apparatus secured against manipulation of cryptographic configuration attempts designed to compromise the level of security by which access to the secured electronic identity document is based, comprising:
- a chip, which is externally readable, storing a first representation of the cryptographic configuration of the chip, said cryptographic configuration of the chip defining the cryptographic security levels supported by the chip, said cryptographic configuration of the chip is provided to a controlling terminal allowing the controlling terminal to select an appropriate security level supported by the chip and to establish a secure communication with the chip according the selected security level, the chip storing a private key of a cryptography key pair and adapted to cipher data based on the private key;
  
  a support to which the chip is fastened, the support having a machine optically readable area, data encoded in this area including;
  
  a second representation of said cryptographic configuration of the chip for establishing a secure communication with a controlling terminal in non ciphered form;
  
  a third representation of said cryptographic configuration of the chip ciphered based on said private key; and
  
  , wherein the second and third representations are scannable by a scanning machine and verifiable by the controlling terminal to verify that the second representation matches the third representation by deciphering the third representation; and
  
  the chip comprising a means to check the authenticity of the cryptographic configuration of the chip on request of the controlling terminal by comparing the second or the deciphered third representations of the cryptographic configuration scanned by the controlling terminal from the machine optically readable area to the first representation of the cryptographic configuration stored into the chip and means to establish a secure communications channel according to a security level of said cryptographic configuration.
- View Dependent Claims (2, 3, 4, 5, 6, 9, 10)
- - 2. The secured electronic identity document apparatus according to claim 1, wherein the chip includes a contactless communication interface.
  - 3. The secured electronic identity document apparatus according to claim 2, wherein the chip provides a free access through the contactless communication interface to the stored cryptographic configuration.
  - 4. The secured electronic identity document apparatus according to any one of the preceding claims, wherein the data encoded in the optically readable area include authentication capacities of the chip in non ciphered form and the authentication capacities of the chip ciphered based on said private key, said authentication capacities of the chip relating to the capacity of the chip to perform a chip-card authentication and/or to perform a terminal authentication, thereby providing a mechanism by which the controlling terminal is able to check the authenticity of the authentication capacities of the chip by comparing the authentication capacities of the chip in non ciphered form to a deciphered authentication capacities of the chip based on a public key of the cryptographic pair.
  - 5. The secured electronic identity document apparatus according to any one of claim 1, 2, or 3, wherein the chip is adapted to:
    - receive a message;
      
      receive a request to sign said message;
      
      sign said message using said private key;
      
      send the signed message.
  - 6. The secured electronic identity document apparatus according to any one of claim 1, 2, or 3, wherein the support displays identification data of the owner.
  - 9. The secured electronic identity document apparatus according to claim 4, wherein the chip is adapted to:
    - receive a message;
      
      receive a request to sign said message;
      
      sign said message using said private key;
      
      send the signed message.
  - 10. The secured electronic identity document apparatus according to claim 4, wherein the support displays identification data of the owner.

7. A system for securely controlling the identity of bearer of a secured electronic identity document secured against manipulation of cryptographic configuration attempts designed to compromise the level of security by which access to the secured electronic identity document is based, comprising:
- a secure electronic identity document having;
  
  a chip, which is externally readable, storing a first representation of the cryptographic configuration of the chip, said cryptographic configuration of the chip defining the cryptographic security levels supported by the chip, said cryptographic configuration of the chip is provided to a controlling terminal allowing the controlling terminal to select an appropriate security level supported by the chip and to establish a secure communication with the chip according the selected security level, the chip storing a private key of a cryptography key pair and adapted to cipher data based on the private key;
  
  a support to which the chip is fastened, the support having a machine optically readable area, data encoded in this area including;
  
  a second representation of said cryptographic configuration of the chip for establishing a secure communication with a controlling terminal in non ciphered form;
  
  a third representation of said cryptographic configuration of the chip ciphered based on said private key; and
  
  the chip comprising a means to check the authenticity of the cryptographic configuration of the chip on request of the controlling terminal by comparing the second or the deciphered third representations of the cryptographic configuration scanned by the controlling terminal from the machine optically readable area to the first representation of the cryptographic configuration stored into the chip;
  
  a controlling terminal comprising;
  
  a device adapted to scan the machine optically readable area and to decode the data contained in the scanned area into the second representation and the third representation;
  
  a storage area storing the public key of said cryptography key pair;
  
  a processing device adapted to decipher the third representation based on the stored public key and to verify that the second representation matches the third representation by deciphering the third representation;
  
  a communication interface configurable to establish a secure communication channel with the chip of the identity document, the security level of the secure communication being based on the decoded cryptography configuration.

8. A method for establishing a secure communication channel between a secured electronic identity document secured against manipulation of cryptographic configuration attempts designed to compromise the level of security by which access to the secured electronic identity document is based and a controlling terminal, comprising the steps of:
- scanning a machine optically readable area of a support of the identity document and decoding the data contained in the scanned area;
  
  deciphering in the terminal a first part of the decoded data based on a public key available to the terminal, this public key belonging to a cryptography key pair, the first part of the decoded data being ciphered based on the private key of the cryptography key pair;
  
  comparing the matching between a third representation of the cryptographic configuration stored in the deciphered first part with a second representation of the cryptographic configuration stored in a second part of the decoded data;
  
  establishing a secure communication channel between a chip, which is externally readable, comprised in the secured electronic identity document and the terminal based on the cryptography configuration defining the cryptographic security levels supported by the chip and recited in the decoded data if the third representation of the cryptographic configuration in the deciphered first part matches the second representation of the cryptographic configuration stored in the second part of the decoded data, said cryptography configuration provided to the controlling terminal to select an appropriate security level supported by the chip to allow the controlling terminal to establish a secure communications channel according to the selected security level; and
  
  checking the authenticity of the cryptographic configuration of the chip by operating the chip to, on request of the controlling terminal, to compare the second or the deciphered third representation of the cryptographic configuration stored into the machine optically readable area and scanned by the controlling terminal to a first representation of cryptographic configuration stored into the chip.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Thales DIS France SA
Original Assignee
Gemalto SA (Thales SA)
Inventors
Faher, Mourad, Mouille, Stphane, Rouchouze, Bruno
Primary Examiner(s)
Ho, Dao
Assistant Examiner(s)
Huang, Cheng-Feng

Application Number

US13/977,726
Publication Number

US 20130311788A1
Time in Patent Office

1,678 Days
Field of Search

713/189
US Class Current

1/1
CPC Class Codes

G06F 21/35   communicating wirelessly

G06F 21/602   Providing cryptographic fac...

G06K 19/08   using markings of different...

G06K 19/10   at least one kind of markin...

G06Q 50/265   Personal security, identity...

G07C 9/22   in combination with an iden...

G07F 7/0826   Embedded security module

G07F 7/122   Online card verification

G09C 5/00   Ciphering apparatus or meth...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/0897   involving additional device...

H04L 9/3231   Biological data, e.g. finge...

System providing an improved skimming resistance for an electronic identity document

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

System providing an improved skimming resistance for an electronic identity document

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links