Method and system for producing a secure communication channel for terminals
First Claim
Patent Images
1. A system having:
- a backend havinga first cryptography device;
a production device for creating a data structure and a first digital signature across the data structure using the first cryptography device and a first private key, the first digital signature being able to be checked using a public key;
a first communication device which is programmed by a first processorto send the data structure and the first digital signature to a terminal;
to set up a secure communication channel to a communication partner by a communication protocol using the first cryptography device, an item of channel binding information respectively being stipulated by the communication protocol for the backend and for the communication partner;
the communication partner havinga second cryptography device;
a second communication device which is programmed by a second processorto set up the secure communication channel to the backend using the second cryptography device,to set up a communication channel to the terminal, andto send the channel binding information to the terminal;
the terminal havinga third communication device which is programmed by a third processorto set up the communication channel to the communication partner,to receive the channel binding information and/or the data structure and/or the first digital signature and/or the public key, wherein the public key being made available to the terminal at an earlier time, the earlier time being, the manufacturing time of the terminal, the public key being protected, from being changed on the terminal;
a checking device for checking authenticity of the data structure by a checking algorithm using the first digital signature and the public key;
a memory for storing the channel binding information and/or the data structure and/or the first digital signature and/or the public key, wherein the first private key being a secret which is known to the backend, the secret being known, exclusively to the backend.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, system, backend, terminal, and computer program product are disclosed for producing a secure communication channel for a terminal, the method having the following method steps. A first method step for setting up a secure communication channel between a communication partner and a backend by a communication protocol. A second method step for producing a communication channel between the communication partner and the terminal. A third method step for transmitting the channel binding information. A fourth method step for storing the channel binding information on the terminal. A fifth method step for creating a data structure and a first digital signature across the data structure y. A sixth method step for sending the data structure and the digital signature from the backend to the terminal. A seventh method step for checking authenticity of the data structure.
14 Citations
2 Claims
-
1. A system having:
-
a backend having a first cryptography device; a production device for creating a data structure and a first digital signature across the data structure using the first cryptography device and a first private key, the first digital signature being able to be checked using a public key; a first communication device which is programmed by a first processor to send the data structure and the first digital signature to a terminal; to set up a secure communication channel to a communication partner by a communication protocol using the first cryptography device, an item of channel binding information respectively being stipulated by the communication protocol for the backend and for the communication partner; the communication partner having a second cryptography device; a second communication device which is programmed by a second processor to set up the secure communication channel to the backend using the second cryptography device, to set up a communication channel to the terminal, and to send the channel binding information to the terminal; the terminal having a third communication device which is programmed by a third processor to set up the communication channel to the communication partner, to receive the channel binding information and/or the data structure and/or the first digital signature and/or the public key, wherein the public key being made available to the terminal at an earlier time, the earlier time being, the manufacturing time of the terminal, the public key being protected, from being changed on the terminal; a checking device for checking authenticity of the data structure by a checking algorithm using the first digital signature and the public key; a memory for storing the channel binding information and/or the data structure and/or the first digital signature and/or the public key, wherein the first private key being a secret which is known to the backend, the secret being known, exclusively to the backend. - View Dependent Claims (2)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeSiemens AG
-
Original AssigneeSiemens AG
-
InventorsFries, Steffen, Schafheutle, Marcus
-
Primary Examiner(s)Shayanfar, Ali
-
Application NumberUS15/219,786Publication NumberTime in Patent Office973 DaysField of SearchUS Class CurrentCPC Class CodesH04L 63/0281 ProxiesH04L 63/0428 wherein the data content is...H04L 63/08 for authentication of entit...H04L 63/0823 using certificates cryptogr...H04L 63/0884 by delegation of authentica...H04L 63/123 received data contents, e.g...H04L 9/30 Public key, i.e. encryption...H04L 9/3247 involving digital signaturesH04L 9/3263 involving certificates, e.g...H04L 9/3268 using certificate validatio...H04W 12/06 Authentication
