-
公开(公告)号:EP3329415A1
公开(公告)日:2018-06-06
申请号:EP16747469.1
申请日:2016-07-26
发明人: MAI, Thomas , LOHOFF, Ansgar , MÜLLER, Frank , SCHOLZE, Steffen , SCHWAN, Matthias , HESSE, Danny , FILZHUTH, Elke , WIRTH, Klaus-Dieter
CPC分类号: G06F21/77 , G06F8/654 , G06F9/45504
摘要: The invention relates to a smart card (100) with a storage medium. The smart card is configured such that applications (132) which are installed on the storage medium and which do not belong to the same security domain (SD1-SD5, SD8) are isolated from one another. At least one persistence application (202) and a main application (204) are installed on the storage medium. The persistence application (202) is assigned to a first security domain (SD8) and is protected from being accessed by means of any application (134) external to the smart card. The persistence application includes a program logic (210) for storing data (D8) on the storage medium (108) and for reading the stored data. The main application (204) is likewise assigned to the first security domain (SD8) and includes an interface (AI) for an application (134) external to the smart card and an additional interface (208) for exchanging the data (D8) with the persistence application. The main application includes a program logic (206) for processing the data (D8), said program logic being configured such that already processed data (D8) is transmitted to the persistence application via the additional interface (208) in order to be stored on the storage medium (108), and data to be processed is received by the persistence application via the additional interface (208).
-
公开(公告)号:EP3329415B1
公开(公告)日:2020-12-02
申请号:EP16747469.1
申请日:2016-07-26
-
公开(公告)号:EP3180729A1
公开(公告)日:2017-06-21
申请号:EP15745432.3
申请日:2015-07-27
发明人: WIRTH, Klaus-Dieter , FILZHUTH, Elke , SCHOLZE, Steffen , MÜLLER, Frank , SCHWAN, Matthias , HESSE, Danny , MAI, Thomas , LOHOFF, Ansgar
CPC分类号: G06F21/33 , G06F21/645 , H04L63/0815
摘要: What is proposed is a method for extending attributes in the memory of an ID token within a hierarchy of digitally coded trust settings by providing the ID token, wherein the ID token is equipped with a memory, an external interface, devices for authentication via the external interface and devices for read- and write-protected access to the memory via the external interface, by steps for the communication of a digitally coded trust setting for writing a foreign attribute to the memory of the ID token by means of an ID provider computer to a foreign attribute provider computer, for carrying out a cryptographic protocol for authenticating the ID token in relation to the foreign attribute provider computer and for verifying the digitally coded trust setting for writing access to the memory of the ID token and for writing a foreign attribute to the memory of the ID token via the external interface thereof by means of the foreign attribute provider computer.
摘要翻译: 提出了一种用于通过提供ID令牌在数字编码的信任设置的分级结构内扩展ID令牌的存储器中的属性的方法,其中ID令牌配备有存储器,外部接口,用于通过外部进行认证的设备 接口和设备,用于通过外部接口读取和写入受保护访问存储器,通过用于通过ID提供者计算机将数字编码的信任设置用于将外部属性写入ID令牌的存储器的步骤传送给 一个外部属性提供者计算机,用于执行一个密码协议,用于鉴别与外来属性提供者计算机有关的ID令牌,并验证用于写入对ID令牌的存储器的访问的数字编码的信任设置,以及用于将外部属性写入 通过其外部接口借助外部属性提供者计算机存储ID令牌。
-
4.发明公开VERFAHREN ZUR ÄNDERUNG DER KONTROLLDATEN EINER CHIPKARTE UND CHIPKARTENSYSTEM 审中-公开VERFAHREN ZURÄNDERUNGDER KONTROLLDATEN EINER CHIPKARTE UND CHIPKARTENSYSTEM
公开(公告)号:EP3175383A1
公开(公告)日:2017-06-07
申请号:EP15741541.5
申请日:2015-07-23
发明人: SCHOLZE, Steffen , SCHWAN, Matthias , MÜLLER, Frank , HESSE, Danny , WIRTH, Klaus-Dieter , FILZHUTH, Elke , MAI, Thomas , LOHOFF, Ansgar
摘要: The invention relates to a method for changing the control data of a chip card (110). The chip card has a chip card operating system (100) with a hierarchical chip card file system, a protected non-volatile electronic storage unit (124) to which external access is only possible via a processor (114) of the chip card, and a volatile working storage unit (120). The chip card file system contains index files (DFs) and data files (EFs), and a file tree consisting of at least one index file (126) and multiple data files (132, 140,...) is stored in the protected electronic storage unit. Control data (144) for useful data (150) is stored in at least one of the files, the useful data is stored in a storage area of the protected electronic storage unit, and a pointer (146) is stored in said storage area in the at least one data file (140). The chip card is activated for an active operation, and a copy (156) of at least one sub-tree, which contains the file (140), of the data tree in the chip card is temporarily stored in the working storage unit (120); changed control data (144') is stored in the at least one file of the copied sub-tree; the changed copy of the sub-tree is permanently stored in the protected electronic storage unit and activated; and the original sub-tree is deleted or deactivated.
摘要翻译: 本发明涉及一种用于改变芯片卡(110)的控制数据的方法。 芯片卡具有带有分层芯片卡文件系统的芯片卡操作系统(100),受保护的非易失性电子存储单元(124),外部访问仅可经由芯片卡的处理器(114)进行外部访问,并且 一个易失性工作存储单元(120)。 芯片卡文件系统包含索引文件(DF)和数据文件(EF),并且由至少一个索引文件(126)和多个数据文件(132,140,...)组成的文件树被存储在受保护的 电子存储单元。 有用数据(150)的控制数据(144)存储在至少一个文件中,有用数据存储在受保护电子存储单元的存储区域中,指针(146)存储在所述存储区域中 该至少一个数据文件(140)。 芯片卡被激活用于激活操作,并且芯片卡中数据树的包含文件(140)的至少一个子树的副本(156)被临时存储在工作存储单元(120)中 ); 将改变后的控制数据(144')存储在所复制的子树的至少一个文件中; 该子树的改变的副本永久存储在受保护的电子存储单元中并被激活; 并且原始子树被删除或停用。
-
公开(公告)号:EP3175383B1
公开(公告)日:2020-03-18
申请号:EP15741541.5
申请日:2015-07-23
-
6.发明公开ZUGRIFFSSCHUTZ FÜR FREMDDATEN IM NICHTFLÜCHTIGEN SPEICHER EINES TOKENS 审中-公开ZUGRIFFSSCHUTZFÜRFREMDDATEN IMNICHTFLÜCHTIGENSPEICHER EINES TOKENS
公开(公告)号:EP3186741A1
公开(公告)日:2017-07-05
申请号:EP15747777.9
申请日:2015-07-29
发明人: MÜLLER, Frank , SCHOLZE, Steffen , SCHWAN, Matthias , HESSE, Danny , FILZHUTH, Elke , WIRTH, Klaus-Dieter , MAI, Thomas , LOHOFF, Ansgar
CPC分类号: G06F21/445 , G06F21/79
摘要: The invention relates to a method for access protection for external data in the non-volatile memory of a token in relation to an external interface of the token, comprising: carrying out a protocol between the token and an external data host computer for mutual authentication via the external interface; transmitting a cryptographic sector identifier from the one external data host computer to the token via the external interface; generating a temporary key from the transmitted cryptographic sector identifier via the token; transmitting external data from the one external data host computer via the external interface for storage in the non-volatile memory; and encrypting the external data using the temporary key via the token, and storing the encrypted external data in the non-volatile memory.
摘要翻译: 本发明涉及一种用于与令牌的外部接口相关的令牌的非易失性存储器中的外部数据的访问保护的方法,包括:在令牌和外部数据主计算机之间执行用于经由相互认证的协议 外部接口; 经由外部接口从一个外部数据主计算机传输密码扇区标识符到令牌; 通过令牌从传输的密码扇区标识符中生成临时密钥; 通过外部接口从外部数据主计算机传输外部数据以存储在非易失性存储器中; 以及通过令牌使用临时密钥加密外部数据,并将加密的外部数据存储在非易失性存储器中。
-
7.发明公开VERFAHREN ZUR INSTALLATION EINER ZUSÄTZLICHEN APPLIKATION IN EINEM NICHT-FLÜCHTIGEN SPEICHER EINER CHIPKARTE 审中-公开VERFAHREN ZUR安装EINERZUSÄTZLICHEN应用于EINEM NICHT-FLÜCHTIGENSPEICHER EINER CHIPKARTE
公开(公告)号:EP3186740A1
公开(公告)日:2017-07-05
申请号:EP15762511.2
申请日:2015-08-26
发明人: MÜLLER, Frank , SCHOLZE, Steffen , SCHWAN, Matthias , HESSE, Danny , FILZHUTH, Elke , WIRTH, Klaus-Dieter , MAI, Thomas , LOHOFF, Ansgar
摘要: A method is proposed for installing an additional application in a non-volatile memory of a chip card by executing a data protocol is proposed, comprising steps for making available the additional application for transmission to the chip card on a provider's computer, for assigning an authorisation certificate to the additional application, wherein the authorisation certificate contains limiting values for the use of the non-volatile memory in terms of time and data volume which are defined for the additional application, in particular by the provider's computer (130), for checking the validity of the authorisation certificate, transmitted to the chip card, by means of the chip card as a precondition for continuation of the data protocol, for searching the non-volatile memory of the chip card for applications which have already been stored and whose time limit for use for storage has been exceeded, and releasing the storage locations which are occupied by the applications (116, 117) whose time limit (116.1, 117.1) has been exceeded, and for storing the additional application transmitted to the chip card in the non-volatile memory thereof, with the limiting values of the use for storage which are specified in the authorisation certificate.
摘要翻译: 提出了一种通过执行数据协议将附加应用程序安装在芯片卡的非易失性存储器中的方法,该方法包括以下步骤:使提供者的计算机上的附加应用程序可用于传输至芯片卡,用于分配授权 证书附加到附加应用程序,其中授权证书包含为附加应用程序(特别是由提供商的计算机(130))定义的用于非易失性存储器的时间和数据量的限制值,用于检查 通过芯片卡传输给芯片卡的授权证书的有效性作为数据协议的继续的先决条件,用于在芯片卡的非易失性存储器中搜索已经存储的应用程序并且其时限 已被超过,并且释放由应用程序(116,117)占用的存储位置 超过了限制时间(116.1,117.1),并且用于将传送给芯片卡的附加应用程序存储在其非易失性存储器中,以及授权证书中指定的用于存储的限制值。
-
8.发明公开CHIPKARTE, CHIPKARTENSYSTEM UND VERFAHREN ZUM ZUGRIFF AUF EINE CHIPKARTE 审中-公开CHIPKARTE,CHIPKARTENSYSTEM和VERFAHREN ZUM ZUGRIFF AUF EINE CHIPKARTE
公开(公告)号:EP3215957A1
公开(公告)日:2017-09-13
申请号:EP15787992.5
申请日:2015-10-29
申请人: Bundesdruckerei GmbH
IPC分类号: G06F17/30
CPC分类号: G06F17/30115
摘要: The invention relates to a chip card comprising a chip card operating system (118), a hierarchical chip card file system, a protected non-volatile electronic storage unit (124) which can only be externally accessed via a processor (114) of the chip card, and a volatile working storage unit (120). Files (126, 132, 140,
… ) of the chip card file system are stored in the non-volatile electronic storage unit, each of said files containing a file identifier (FID) which is required for external access, and a file tree for the chip card file system is formed in that each of the files has a pointer (130, 138, 148,
… ) to one of the other files. The chip card operating system is designed to traverse the file tree on the basis of a request received via an external interface of the chip card in order to read the file identifiers of the files and generate a list (164) of the file identifiers. The chip card operating system is designed to output the list in response to the request via the external interface.摘要翻译: 本发明涉及一种包括芯片卡操作系统(118),分层芯片卡文件系统,受保护的非易失性电子存储单元(124)的芯片卡,其仅能够经由芯片的处理器(114) 卡和易失性工作存储单元(120)。 芯片卡文件系统的文件(126,132,140,...)被存储在非易失性电子存储单元中,每个所述文件包含外部访问所需的文件标识符(FID)以及用于 芯片卡文件系统的形成方式是每个文件具有指向其他文件之一的指针(130,138,148,...)。 芯片卡操作系统被设计为基于经由芯片卡的外部接口接收到的请求遍历文件树,以便读取文件的文件标识符并且生成文件标识符的列表(164)。 芯片卡操作系统设计用于通过外部接口响应请求输出列表。
-
9.发明公开ID-TOKEN, SYSTEM UND VERFAHREN ZUR ERZEUGUNG EINER ELEKTRONISCHEN SIGNATUR 审中-公开ID令牌,用于产生电子签名的系统和方法
公开(公告)号:EP3289507A1
公开(公告)日:2018-03-07
申请号:EP16718359.9
申请日:2016-04-25
申请人: Bundesdruckerei GmbH
摘要: The invention relates to an ID token (106) having a memory (118), wherein attribute values of a user (102) are stored in a first memory area (124), and hash values of the attribute values, which have been determined using a first hash algorithm, are stored in a second memory area (126), wherein means are provided in order to assign the hash values to the respective attribute values, having an interface (112) for receiving an attribute requirement (152) having an attribute specification, which specifies a plurality of attributes, and a signature request which contains the attribute specification, and for transmitting the attribute values corresponding to the attributes and an electronic signature for the attribute values, and having a processor (130), wherein the processor (130) is configured for generating a combination of the hash values of the attribute values corresponding to the attribute specification, wherein the processor is configured for generating a total hash value from the combination of the hash values by execution of a second hash algorithm after reception of the signature request, and wherein the processor is configured for generating the electronic signature from the total hash value. A system (100) for generating a signature has such an ID token (106) and a terminal computer system (104) which has an interface (110) to form a connection to the ID token (106). The invention further relates to a method for generating an electronic signature of a user (102) for an electronic document, with such an ID token (106).
-
公开(公告)号:EP3271855A1
公开(公告)日:2018-01-24
申请号:EP16711574.0
申请日:2016-03-17
申请人: Bundesdruckerei GmbH
IPC分类号: G06F21/33
CPC分类号: G06F21/33
摘要: The invention relates to a method for generating a certificate (167) for a security token (156) of a user (102) by means of an ID token (106) of the same user. A certificate (103) of a document PKI (300) is stored in the ID token, and the ID token has a protected storage region in which a private key (105; 187) of the certificate of the document PKI, one or more attributes (124, 198), and time information (107, TA') received via a communication interface (108) of the ID token are stored. A certificate (160) of an authorization PKI (302) is stored in the security token, and a write authorization for write-accessing the protected storage region of the ID token by means of the security token is specified in the certificate of the authorization PKI. The method has the following steps: - authenticating the user with respect to the ID token and with respect to the security token, - mutually authenticating the ID token and the security token using the certificate (103) of the document PKI and of the certificate (160) of the authorization PKI, - generating a cryptographic key pair (166) consisting of a private key (189) and a public key (173) using the security token, - write-accessing the protected storage region of the ID token by means of the security token in order to store the public key of the generated key pair in the ID token, - read-accessing the protected storage region by means of the ID token in order to read the public key, the time information, and the at least one attribute, - generating a data set (192) which contains the public key, the time information, and the at least one attribute by means of the ID token, - signing the data set with the private key (105, 187) stored in the protected storage region by means of the ID token in order to generate the certificate, and - outputting the certificate by means of the ID token.
-
-
-
-
-
-
-
-
-
搜索结果
28 条记录 (耗时 0.015 秒)
