Electrical computers and digital processing systems: support – System access control based on user identification by...
Reexamination Certificate
2000-02-18
2001-10-23
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
System access control based on user identification by...
C713S171000, C380S255000, C380S277000
Reexamination Certificate
active
06308268
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates generally to secure electronic communication systems and more particularly to systems of this kind in which portable secure electronic devices are used to set up a call or communication to and/or to access another electronic unit.
BACKGROUND OF THE INVENTION
Many electronic communication systems require access of users to particular applications to be controlled, such control generally entailing authenticating persons and/or messages. This is the case in particular when it is a question of controlling access to a computer or more generally a data processing network whose use is reserved to duly authorized persons. Such networks can be used, for example, to provide all kinds of services involving a transaction, usually with an economic consideration, such as telepurchasing, pay-per-view television, home banking, interactive video games, etc.
Access control systems of this kind are described in particular in documents U.S. Pat. Nos. 3,806,874, 4,601,011, 4,720,860, 4,800,590 and 5,060,263. The systems described in the above documents use a portable secure electronic device which generates a password by encrypting a variable. A verification unit performs the same calculation or a similar calculation on the same or approximately the same variable and authorizes access to the requested application if the passwords generated in the portable device and the verification unit match. The variable can be a random or pseudo-random number, referred to hereinafter as a die, transmitted from the verification unit to the portable device, or it can be generated independently in the portable device and in the verification unit by means of a clock and/or an event counter, for example.
If the encryption process used in the portable device and the verification unit uses a symmetrical algorithm and a secret key, for example the DES (Data Encryption Standard) algorithm, the security of the system relies on the preservation of the secret character of the key stored both in the portable device and in the verification unit.
In some cases, the key can be static, i.e. it retains the same value throughout the service life of the portable device.
In other cases, the key can be dynamic, i.e. it changes in time as a function of the content of a counter incremented by a clock signal and/or an event counter, for example.
Whether the key is static or dynamic, it must initially, i.e. when the device is personalized, have a particular value which is stored both in the portable electronic device and in a database associated with the verification unit. When a user requests access, he or she must one way or another, for example using a public identification number or a personal identification number (PIN), identify himself or herself to the verification unit which obtains from the database the static key or, in the case of a dynamic key, the information that may be needed to calculate the current key.
Security problems of a similar kind arise in secure electronic communication systems using portable electronic devices and verification units employing encryption and decryption by means of asymmetric algorithms with public and private keys. The mechanisms used by an algorithm of the above kind (authentication, signature, etc) are such that the secret character of one or more of the keys stored in the devices and/or the verification units must be conserved.
During the personalizing process the key(s) and other secret personalizing data are loaded into memory in the device by the entity which supplies the device to the end user. Protecting the personalizing data by enabling the supplier of a smart card to substitute a new master key controlling access to the personalizing data for the initial key installed by the card manufacturer is well known in the art, in particular from document WO 93/10509.
What is more, the rapid expansion of secure electronic communication systems is leading to the design of products for implementing a number of different applications and having a number of different security levels for the same application. The problem then arises of guaranteeing the independence of the applications and the associated security levels, i.e. the various functions implemented by the device.
One object of the invention is to provide a secure portable electronic device for communication with another electronic unit which is capable of assuring this independence of the functions.
SUMMARY OF THE INVENTION
To this end, the invention concerns a portable electronic device for secure communication with at least one electronic unit for use of a plurality of functions, including:
data storage means,
interface means with at least one external tool for loading data into said storage means,
data processing means including initialization means for enabling, in response to the application of a secret personalizing access code specific to said device, modification of said specific secret personalizing access code and loading of personalizing data into said storage means,
first loading means controlled by said specific secret personalizing access code for loading into said storage means reprogrammable particular secret data respectively representative of different particular secret personalizing access codes, each said particular secret personalizing access code being assigned to personalizing in said device a particular one of said functions,
second loading means controlled by said particular secret personalizing access codes for loading into said storage means particular personalizing data assigned to the implementation of said functions by said processing means, and
inhibitor means for authorizing, for each said functions, only in response to the application of one said particular secret personalizing access codes already assigned to said function, (i) modification of one said reprogammable particular secret data loaded into said storage means and representative of said particular secret personalizing access code and (ii) said loading of said particular personalizing data.
According to one feature of the invention, said inhibitor means comprise means to prohibit read mode access to any of said secret data.
According to another feature of the invention, said inhibitor means comprise means to prohibit read mode and write mode access by said processing means to said particular personalizing data by means of said specific secret personalizing access code.
According to one embodiment of the invention, said inhibitor means comprise means to prohibit read mode access to said particular personalizing data following the loading of said data by means of said particular secret personalizing access codes assigned to said functions.
Alternatively, according to another embodiment of the invention, said inhibitor means comprise means to authorize, for each said functions, read mode access to said particular personalizing data assigned to the implementation of said function by means of one said particular secret personalizing access codes assigned to said function.
According to another feature of the invention, said processing means comprise means to authorize, by means of said specific secret personalizing access code, the deletion of said reprogrammable particular secret data and of said particular personalizing data once loaded into said storage means and the loading of new reprogrammable particular secret data.
According to another feature of the invention, said specific secret personalizing access code is an access code for loading into said storage means common personalizing data which are common to all said functions of said device.
According to another feature of the invention, said device includes third loading means for loading into said storage means a reprogrammable specific secret datum representative of said specific secret personalizing access code, said initialization means comprising means to authorize the replacement of said reprogrammable specific secret datum by a new specific secret datum representative of a new specific secret personalizing access code only in response
Activcard
Peeso Thomas R.
Stevens Davis Miller & Mosher LLP
LandOfFree
Portable electronic device for safe communication system,... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Portable electronic device for safe communication system,..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Portable electronic device for safe communication system,... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2567565