Patent Grant
9325504
The invention relates to a method and a system for the method for secure transfer of an application from a server into a reading device unit
In many technical areas of application it is desirable to guarantee a secure transfer of an application from a server to a reading device unit with a user's authentication by means of a data carrier unit. For this purpose, a protected communication connection between the data carrier unit and the server or the reading device and the server should be set up.
As a server there is understood in this document an application server which offers applications, so-called e-services. Under e-services there are summarized all the services and activities which are created by means of computers and interactively offered and carried out via electronic media, such as the Internet. The term server in this application is synonymous with the term application server.
Applications to be transferred, which are offered by the e-service, are for example information and educational services such as e-education, e-learning, e-teaching, e-publishing, e-book, e-zine and e-catalogue, procurement, trading and order services such as e-business, e-commerce, e-procurement, e-cash, e-shop, e-intermediary, e-auction, cultural and administrative services such as e-culture, e-government or e-vote, improvements of marketing, product or customer-relationship services, electronic consulting such as e-consult or e-advising.
Preferably, the applications are security-relevant services, production-technical, scientific or logistical services. E-services will be used in many further applications in the future.
Applications to be transferred are understood to be in particular the e-banking, ticketing, VPN and much more, which are made available on the server, for example the server of a bank for carrying out payment transactions, the server of an administrative body for carrying out official matters (tax declaration etc), the server of a linked transport system for the electronic purchase of travel tickets. The kind of server for offering an application, which causes the secure transfer of an application and local installation and utilisation of the application, is not restrictive here.
It is the object of the present invention to guarantee in a simple fashion a secure transfer of such an application and subsequently a secure utilisation of the application on an untrustworthy device. Further, it is an object to personalize the application for a user already before or immediately after the transfer.
This object is achieved by the measures described in the independently equal-ranking claims.
In the method according to the invention, between the data carrier unit and the server a first cryptographically secured channel is set up based on first cryptographic information. Further, between a security module of the reading device unit and the server a second cryptographically secured channel is set up based on second cryptographic information. Finally, the application is transferred from the server to the reading device unit via the second cryptographically secured channel.
For example, such cryptographic information can be access data, passwords, PINs or other secret information.
In a particularly preferred embodiment of the method according to the invention, the data carrier unit negotiates with the server a first cryptographic key via which the first cryptographically secured channel is set up. Analogously, the security module of the reading device unit negotiates with the server a second cryptographic key via which the second cryptographically secured channel is set up. For negotiating the keys, methods known from the prior art can be used. For example, the Diffie-Hellman key exchange can be employed for generating the first and/or second cryptographic key.
The data carrier unit preferably is a portable data carrier, in particular with corresponding security functionalities, such as e.g. smart cards, chip cards, tokens and/or electronic identity documents, such as for example an electronic identity card, passport etc with machine-readable identification data of a person, which data are stored on a chip.
In a further, particularly preferred embodiment of the invention, the data carrier unit is employed with a contactless, for example NFC interface.
The reading device unit is preferably a so-called smart reader. Such reading device units or terminals often contain corresponding security elements or security modules, such as e.g. a secure element or a SAM module (SAM =secure application module). The smart reader is a reading device with a contact-type interface, in particular USB, and a security module located therein. The security module, for example a smart card chip, preferably has a contactless interface for communication with the data carrier unit, so that the contactless interface of the data carrier unit and of the security module is employed for setting up the first cryptographically secured channel.
In an alternative configuration, the reading device unit is a mobile end device, in particular a mobile radio device. In the mobile end device a safety element is integrated here. The security element is configured in particular as a hardware component and arranged as a permanently integrated part in the mobile end device, in this form it either not being possible for said integrated part to be removed from the mobile end device, for example as an M2M module, co-processor or trusted base, or said integrated part being connected as a removable module having security functionality with the mobile end device, for example as a chip card, in particular a subscriber identification module (SIM card), smart card, mass memory card, USB token, multimedia card, secure micro SD card, mobile radio network token, e.g. a UMTS surfstick. Alternatively, the security element is configured as a software component in the form of a trusted platform module as a trustworthy part of the operating system kernel of the mobile end device or as a security software algorithm. The mobile end device is equipped here with communication interfaces to the server and to the data carrier unit.
In a preferred embodiment, the reading device unit is employed with a contact-type interface, the contact-type interface being employed to set up the second cryptographically secured channel.
Preferably, after the transfer of the application the application is installed and managed on the security module of the reading device unit, in particular with Global Platform card management interfaces (GPCS).
Preferably, the application is personalized for the user before the transfer. Thus, the application is personalized already before the installation on the security module, what is achieved on account of the user authentication by means of the data carrier unit.
Alternatively, the application is personalized for the user on the security module of the reading device unit only after the installation of the application.
In a further variant of the method according to the invention, the server is a signature terminal for electronic identity documents, known from the prior art, there being set up via so-called secure messaging the first and/or second cryptographically secured channel between the signature terminal and the first and/or second data carrier units, which respectively are electronic identity documents. Secure messaging is preferably effected based on a password-based transport protocol and particularly preferably based on the PACE protocol, see Technical Guideline TR-03110, “Advanced Security Mechanisms for Machine Readable Travel Documents”, version 2.02, BSI, 2009.
Preferably, the reading device unit is incorporated in a data processing device and operational by means of the data processing device. As a data processing device there are to be mentioned PC, notebook, in particular untrustworthy devices. The data processing unit employs a secure data connection, in particular through a transport layer security (TLS), to the server for setting up the first and/or second cryptographically secured channel (K1, K2).
It is further preferred that the reading device unit and in particular the security module are connected via the contact-type interface with the data processing unit, so that the untrustworthy data processing device can be connected via the security module with the server. This makes possible a personalization at any time in a simple fashion even on an insecure data processing device, for example a PC in an Internet café, or a PC whom one does not trust.
In a further embodiment of the method according to the invention, the first cryptographically secured channel is set up directly between the contactless interface of the data carrier unit via the contactless interface of the reading device unit to the server via the data processing device, whereas the second cryptographically secured channel is set up between the contact-type interface of the reading device unit via the data processing device to the server.
Preferably, the application is enabled only by authentication of the user by means of the data carrier unit at the reading device unit, in particular by restricted identification.
Besides the above-described method, the invention further relates to a system of server, data carrier unit and reading device unit, which system is configured such that in the operation of the system the method according to the invention and in particular also one or several preferred variants of this method can be carried out.
Embodiments of the invention will be described in detail hereinafter with reference to the attached Figures.
There are shown:
Via this connection there is set up the second cryptographically secured channel K2 between server S and smart reader 2. Moreover, the encrypted connection between server S and smart reader 2 is also employed within the framework of setting up the first cryptographically secured channel K1. Here, the communication is routed via the smart reader 2. The smart reader 2 functions on this occasion as an RFID reading device for the data carrier unit 1. Thus, the first cryptographically secured channel K1 between server S and eID token 1 is set up via the encrypted connection to smart reader 2 and via the contactless interface of the smart reader 2 and the eID token 1. For this purpose, for the individual channels K1 or K2 corresponding keys A and B are negotiated.
In particular, here, a password-based or asymmetric transport protocol (e.g. the PACE protocol known from the prior art) can be employed. There can be generated a key A between server S and eID token 1, which is provided for the encryption of the communication in channel K1. Analogously, with the same mechanism there is generated, within the framework of setting up a second secure channel K2 between smart reader 2 and server S, a second session key B which is provided for the encrypted communication in channel K2. In a preferred variant, upon the generation of the corresponding keys A, B, an identifier is employed, which does not correspond to the identity identifier of the eID token 1 or of the security module 3. Preferably, a so-called restricted ID is used.
Between the eID token 1 and the server S there is thus set up a first cryptographically secured channel, which again is designated as K1. Setting up the connection is effected via secure messaging (designated as SM) and, in so doing, an authentication between the server S and the eID token 1 runs with per se known protocols. Here, the smart terminal 2 can assume an active role in the execution of the protocols. In a preferred variant, here, the smart terminal 2 executes the PACE protocol.
Additionally to the channel K1, there is also established a second cryptographically secured channel K2 between the server S and the smart terminal 2 or the security module 3. In so doing, an authentication is effected between the server S and the security module 3. In analogy to the above-described variant, upon setting up the channels K1 or K2 there was again employed cryptographic information or a cryptographic key A, B. After setting up the second cryptographically secured channel K2, an application in the form of an applet is transferred from the server S via this channel K2 to the security module 3 of the smart terminal 2 and installed there. Subsequently, via the same channel there can be effected a personalization of the applet, for this purpose a corresponding identification of the eID token 1 or corresponding authentication data being employed, which were made available via the first secure channel K1 to the server S. The personalization can optionally be effected at a later point in time, but then there must again be separately set up a secure channel between server S and security module 3.
The installed applet can represent any program and cover various cases of application in the area of e-banking, ticketing and the like. The applet can be installed and managed e.g. with the Global Platform card management interfaces known from the prior art. Within the framework of the later utilisation of the applet, analogous to the methods described above, again a cryptographically secured channel K3 between the smart terminal 2 and the eID token 1 is set up. Further, for the utilisation of the application there can also be set up a secure channel K2 between server S and smart terminal 2. The eID token 1 can again be used in this phase as a user authentication and, optionally, identification against the server S. Further, there is carried out an authentication between the eID token 1 and the installed and personalized application on the smart terminal 2. In particular, the restricted identification of an electronic passport, already mentioned above, can be used to enable the application.
Upon a later utilisation of the applet, there is effected, according to steps S7 and S8, an authentication between eID token 1 and smart reader 2, which again is designated as AUT. Subsequently, in step S9 a restricted identification (designated as RI) of the eID token is transmitted to smart terminal 2. Finally, in step S10 and S11 an authentication of the smart terminal 2 against the server S is effected, which again is indicated by AUT. Via the restricted identification RI there can then be enabled the installed application which is subsequently utilised in step S12, as illustrated by the designation US.
As results from the preceding description, with the embodiment described with reference to
In a not shown embodiment the reading device unit is a mobile radio device with integrated security element. The security element here is connected with the mobile end device either in the form of an M2M module, co-processor or trusted base or as a removable module having security functionality, for example as a chip card, in particular a subscriber identification module (SIM card), smart card, mass memory card, multimedia card, secure micro SD card.
Alternatively, the security element is configured as a software component in the form of a trusted platform module as a trustworthy part of the operating system kernel of the mobile end device or as a security software algorithm. The mobile end device is equipped here with communication interfaces to the server and to the data carrier unit.
The communication to the server is effected here via a TLS via the mobile radio network, in particular UMTS or GPRS. The connection to the data carrier unit is effected via NFC, RFID or contact-based.
| Number | Date | Country | Kind |
|---|---|---|---|
| 10 2010 013 202 | Mar 2010 | DE | national |
| Filing Document | Filing Date | Country | Kind | 371c Date |
|---|---|---|---|---|
| PCT/EP2011/001525 | 3/25/2011 | WO | 00 | 9/27/2012 |
| Publishing Document | Publishing Date | Country | Kind |
|---|---|---|---|
| WO2011/124333 | 10/13/2011 | WO | A |
| Number | Name | Date | Kind |
|---|---|---|---|
| 6005942 | Chan et al. | Dec 1999 | A |
| 7124100 | Pirillo | Oct 2006 | B2 |
| 7433848 | Albrecht et al. | Oct 2008 | B1 |
| 20040098587 | Sueyoshi et al. | May 2004 | A1 |
| 20050138380 | Fedronic et al. | Jun 2005 | A1 |
| 20050207570 | Yamamoto et al. | Sep 2005 | A1 |
| 20060101136 | Akashika et al. | May 2006 | A1 |
| 20060219778 | Komatsu | Oct 2006 | A1 |
| 20070090195 | Kawamura et al. | Apr 2007 | A1 |
| 20070223696 | Furuyama | Sep 2007 | A1 |
| 20080073426 | Koh et al. | Mar 2008 | A1 |
| 20080141313 | Kato et al. | Jun 2008 | A1 |
| 20080212495 | Stirbu | Sep 2008 | A1 |
| 20080212771 | Hauser | Sep 2008 | A1 |
| 20080214242 | Koraichi et al. | Sep 2008 | A1 |
| 20090100270 | Ting | Apr 2009 | A1 |
| 20090124287 | Weiss et al. | May 2009 | A1 |
| 20090265776 | Baentsch et al. | Oct 2009 | A1 |
| 20100049987 | Ettorre et al. | Feb 2010 | A1 |
| 20100050271 | Saarisalo | Feb 2010 | A1 |
| 20100058064 | Kirovski et al. | Mar 2010 | A1 |
| 20100138666 | Adams et al. | Jun 2010 | A1 |
| 20100211627 | Roseborough | Aug 2010 | A1 |
| 20100230490 | Guthery | Sep 2010 | A1 |
| 20100262825 | Yoon et al. | Oct 2010 | A1 |
| 20110099363 | Boynton et al. | Apr 2011 | A1 |
| 20110131640 | Canis Robles et al. | Jun 2011 | A1 |
| 20110271106 | Hinkle et al. | Nov 2011 | A1 |
| 20120047237 | Arvidsson et al. | Feb 2012 | A1 |
| 20120050046 | Satorius | Mar 2012 | A1 |
| 20130178159 | Xie et al. | Jul 2013 | A1 |
| Number | Date | Country |
|---|---|---|
| 102008047639 | Mar 2010 | DE |
| 2136528 | Dec 2009 | EP |
| 2159762 | Mar 2010 | EP |
| 2007006535 | Jan 2007 | WO |
| 2008085917 | Jul 2008 | WO |
| Entry |
|---|
| International Search Report for PCT/EP2011/001525, Aug. 30, 2011. |
| IPRP and English Translation of Written Opinion in PCT/EP2011001525, dated Oct. 11, 2012. |
| Number | Date | Country | |
|---|---|---|---|
| 20130031357 A1 | Jan 2013 | US |
