公开(公告)号：EP1873671B1

公开(公告)日：2009-08-19

申请号：EP06013441.8

申请日：2006-06-29

申请人： Incard SA

发明人： Fontana, Giovanni ,  Donatiello, Saverio ,  Di Sirio, Giovanni

IPC分类号： G06F21/02

CPC分类号： G06F21/77 ,  G06F21/72 ,  G06F21/75 ,  G06F2221/2123 ,  H04L9/003 ,  H04L9/0618 ,  H04L69/04 ,  H04L2209/08

摘要： Method for protecting data against power analysis attacks comprising at least a first phase of executing a cryptographic operation OP for ciphering the data in corresponding encipher data through a secret key ESK; the method comprises at least a second phase of executing an additional cryptographic operation AOP for ciphering additional data in corresponding encipher additional data, an execution of the first phase and the second phase being undistinguishable by the power analysis attacks. A plurality of secret parameters are randomly generated and processed by the at least one second phase. The secret parameters comprises at least an additional secret key ERK for ciphering the additional data in the corresponding encipher additional data.

公开(公告)号：EP2275915B1

公开(公告)日：2013-05-29

申请号：EP10167895.1

申请日：2010-06-30

申请人： Incard SA

发明人： Donatiello, Saverio

IPC分类号： G06F3/06 ,  G06F12/02

CPC分类号： G06F3/0643 ,  G06F3/0608 ,  G06F3/0679 ,  G06F12/023 ,  G06F2212/177

公开(公告)号：EP1873960A1

公开(公告)日：2008-01-02

申请号：EP06013465.7

申请日：2006-06-29

申请人： Incard SA

发明人： Fontana, Giovanni ,  Donatiello, Saverio

IPC分类号： H04L9/08

CPC分类号： G06Q20/341 ,  G06Q20/388 ,  G06Q20/40975 ,  G07F7/1008 ,  H04L9/0844 ,  H04L9/0869 ,  H04L2209/56

摘要： Method for key session derivation during a mutual authentication between a master IC Card 1, storing a master key K M , and a User IC Card 2, storing a key-seed K SEED , the master IC Card 1 and the User IC Card 2 being connected through a communication interface ITF for a communication session; the method comprises the steps of: generating at least a first random number RND.ICC associated to the User IC Card 2; deriving at least a first and a second sub keys K SEEDa and K SEEDb from the key-seed K SEED ; deriving at least a first and a second derivation sub keys K ENCa and K ENCb , respectively through the first sub key K SEEDa in combination with the first random number RND.ICC and through the second sub key K SEEDb in combination with the first random number RND.ICC; joining the at least first and second derivation sub keys K ENCa and K ENCb in at least a session key K ENC for the communication session. The step of generating comprises a generation of a second random number RND.SAM associated to said master IC Card 1; the step of deriving comprises a derivation of a third and a fourth derivation sub keys in order to obtain a second session key for the communication session.

摘要翻译： 在主IC卡1，存储主密钥KM和用户IC卡2之间的相互认证期间进行关键会话导出的方法，存储密钥种子K SEED，主IC卡1和用户IC卡2被连接 通过通信接口ITF进行通信会话; 该方法包括以下步骤：生成与用户IC卡2相关联的至少第一随机数RND.ICC; 从密钥种子K SEED中导出至少第一和第二子密钥K SEEDa和K SEEDb; 分别通过第一子密钥K SEEDa与第一随机数RND.ICC以及第二子密钥K SEEDb结合第一随机数导出至少第一和第二推导子密钥K ENCa和K ENCb RND.ICC; 将至少第一和第二导出子密钥K ENCa和K ENCb加入到用于通信会话的至少一个会话密钥K ENC中。 生成步骤包括与所述主IC卡1相关联的第二随机数RND.SAM的生成; 导出步骤包括导出第三和第四导出子密钥以便获得通信会话的第二会话密钥。

公开(公告)号：EP2278563A1

公开(公告)日：2011-01-26

申请号：EP10168852.1

申请日：2010-07-08

申请人： Incard SA

发明人： Donatiello, Saverio ,  Fontana, Giovanni ,  Guidobaldi, Corrado

IPC分类号： G07F7/10

CPC分类号： G07F7/1008 ,  G06Q20/35765

摘要： Method for controlling access to a data file (2) of an IC Card including the step of storing a plurality of access conditions (3) to be evaluated for accessing the data file (2) and the step of enabling the access to the file (2) if the access conditions (3) are satisfied. The method comprises the step of ordering the access conditions (3) to be evaluated in a Reverse Polish Notation inside a memory queue (4) of the IC Card and the step of evaluating the access conditions (3) starting from a head (5) of the memory queue (4).

摘要翻译： 用于控制对IC卡的数据文件（2）的访问的方法，包括存储用于访问所述数据文件（2）的待评估的多个访问条件（3）的步骤和启用对所述文件的访问的步骤 2）如果访问条件（3）被满足。 该方法包括以IC卡的存储器队列（4）内的反向波形符号对访问条件（3）进行排序的步骤以及从头部（5）开始评估访问条件（3）的步骤， 的内存队列（4）。

公开(公告)号：EP1873960B1

公开(公告)日：2013-06-05

申请号：EP06013465.7

申请日：2006-06-29

申请人： Incard SA

发明人： Fontana, Giovanni ,  Donatiello, Saverio

IPC分类号： H04L9/08

CPC分类号： G06Q20/341 ,  G06Q20/388 ,  G06Q20/40975 ,  G07F7/1008 ,  H04L9/0844 ,  H04L9/0869 ,  H04L2209/56

摘要： Method for key session derivation during a mutual authentication between a master IC Card 1, storing a master key K M , and a User IC Card 2, storing a key-seed K SEED , the master IC Card 1 and the User IC Card 2 being connected through a communication interface ITF for a communication session; the method comprises the steps of: generating at least a first random number RND.ICC associated to the User IC Card 2; deriving at least a first and a second sub keys K SEEDa and K SEEDb from the key-seed K SEED ; deriving at least a first and a second derivation sub keys K ENCa and K ENCb , respectively through the first sub key K SEEDa in combination with the first random number RND.ICC and through the second sub key K SEEDb in combination with the first random number RND.ICC; joining the at least first and second derivation sub keys K ENCa and K ENCb in at least a session key K ENC for the communication session. The step of generating comprises a generation of a second random number RND.SAM associated to said master IC Card 1; the step of deriving comprises a derivation of a third and a fourth derivation sub keys in order to obtain a second session key for the communication session.

公开(公告)号：EP2306416A1

公开(公告)日：2011-04-06

申请号：EP10178591.3

申请日：2010-09-23

申请人： Incard SA

发明人： Donatiello, Saverio ,  Guidobaldi, Corrado

IPC分类号： G07F7/10 ,  G06F12/00 ,  G06F13/16 ,  G06K19/00

CPC分类号： G07F7/1008 ,  G06Q20/3552 ,  G07F7/084

摘要： The invention relates to a method for pre-personalizing an IC Card (1), comprising the steps of transmitting a memory image (12) of a golden sample IC Card (11) to the IC Card (1) and storing the memory image (12) in a memory (2) of the IC Card (1). The method further comprises the step of separating the memory image (12) in a plurality of memory blocks (13) of predetermined size (14) to be transmitted separately to the IC Card (1) and by the fact that the step of storing comprises writing at least one memory block (13a) in the memory (2) while one or more memory blocks (13b) are transmitted.

摘要翻译： 本发明涉及一种用于预先个性化IC卡（1）的方法，包括以下步骤：将金色样本IC卡（11）的存储器图像（12）发送到IC卡（1）并存储存储器图像 12）存储在IC卡（1）的存储器（2）中。 该方法还包括将预定大小（14）的多个存储块（13）中的存储器图像（12）分离以分别发送到IC卡（1）的步骤，以及存储步骤包括 在发送一个或多个存储块（13b）的同时，在存储器（2）中写入至少一个存储块（13a）。

公开(公告)号：EP2275915A1

公开(公告)日：2011-01-19

申请号：EP10167895.1

申请日：2010-06-30

申请人： Incard SA

发明人： Donatiello, Saverio

IPC分类号： G06F3/06 ,  G06F12/02

CPC分类号： G06F3/0643 ,  G06F3/0608 ,  G06F3/0679 ,  G06F12/023 ,  G06F2212/177

摘要： Method to defrag a memory (M) for an IC Card comprising a plurality of files (1, 2, 3) stored in memory portions (P1, P2, P3) of the memory (M), each file (1, 2, 3) including respective links (L1, L2, L3) to one or more other files (1, 2, 3). The method comprises the steps of: -detecting a start address (fl) of a first free memory portion (M1) of the memory (M); -detecting an address (ai) of a memory portion (P1) following the start address (fl) and storing one file to be moved (1); -detecting files (2) including links (L2) to the address (ai) of the file to be moved (1); - moving the file to be moved (1) at the start address (fl) of the first free memory portion (M1); -updating the links to point at the start address (fl); wherein the above steps are repeated until at least two free memory portions (M1, M2) following the moved files (1) are separated by one or more of files (1, 2, 3).

摘要翻译： 对存储在存储器（M）的存储器部分（P1，P2，P3）中的多个文件（1,2,3）存储的IC卡进行碎片整理的方法，每个文件（1,2,3） ）包括到一个或多个其他文件（1,2,3）的各个链接（L1，L2，L3）。 该方法包括以下步骤： - 检测存储器（M）的第一空闲存储器部分（M1）的起始地址（f1）; - 检测在起始地址（fl）之后的存储器部分（P1）的地址（ai）并存储一个待移动的文件（1）; - 将包含链接（L2）的文件（2）检测到要移动的文件的地址（ai）（1）; - 移动要移动的文件（1）在第一空闲存储器部分（M1）的起始地址（fl）; 更新链接以指向起始地址（fl）; 其中重复上述步骤，直到移动的文件（1）之后的至少两个空闲存储器部分（M1，M2）被文件（1,2,3）中的一个或多个分离。

公开(公告)号：EP2317443A1

公开(公告)日：2011-05-04

申请号：EP10189003.6

申请日：2010-10-27

申请人： Incard SA

发明人： Donatiello, Saverio ,  Guidobaldi, Corrado ,  Rauccio, Mariangela

IPC分类号： G06F12/02

CPC分类号： G06F12/0246 ,  G06F2212/177 ,  G06F2212/7202

摘要： The invention relates to a method for executing n data updates in an IC Card which comprises memory pages supporting only m erase operations per page, with m

摘要翻译： 本发明涉及一种用于在IC卡中执行n个数据更新的方法，该方法包括每页仅支持m次擦除操作的存储器页，m

公开(公告)号：EP1873962B1

公开(公告)日：2009-08-19

申请号：EP06013463.2

申请日：2006-06-29

申请人： Incard SA

发明人： Fontana, Giovanni ,  Donatiello, Saverio

IPC分类号： H04L9/30 ,  H04L9/08

CPC分类号： G07F7/1008 ,  G06Q20/341 ,  G06Q20/355 ,  H04L9/0625 ,  H04L9/0866 ,  H04L9/3273 ,  H04L2209/34 ,  H04L2209/56

公开(公告)号：EP1873963A1

公开(公告)日：2008-01-02

申请号：EP06013462.4

申请日：2006-06-29

申请人： Incard SA

发明人： Fontana, Giovanni ,  Donatiello, Saverio

IPC分类号： H04L9/32 ,  G07F7/10

CPC分类号： H04L9/3273 ,  G06Q20/388 ,  G07F7/1008 ,  H04L2209/56

摘要： Authentication method between a first IC card (1) and a second IC card (2) interconnected through a terminal (3) comprising the step of: transmitting an identification number (2sn) from the second IC card (2) to the first IC Card (1) for deriving and storing a key (1K) in the first IC Card (1); generating and storing an authentication number (1rand) in the first (1) IC Card and transmitting it to the second (2) IC Card; encrypting the authentication number (1rand) in an encrypted authentication number (enc-rand), inside the second (2) IC Card, and transmitting it to the first (1) IC Card; decrypting, through the key derived (1K), the encrypted authentication number (enc-rand) and comparing it with the authentication number (1rand). The second IC Card (2) is authorized if the encrypted authentication number (enc-rand), in the first IC Card (1), is equal to the authentication number (1rand). At least one transmission included in the above cited steps comprises one or more identification and/or authentication number intended to authorize the first IC Card (1) from the second IC Card (2). The identification and/or authentication number comprises a reverse authentication number (rev-rand).

摘要翻译： 通过终端（3）互连的第一IC卡（1）和第二IC卡（2）之间的认证方法包括以下步骤：将识别号码（2sn）从第二IC卡（2）发送到第一IC卡 （1），用于在第一IC卡（1）中导出和存储密钥（1K）; 在第一（1）IC卡中生成和存储认证号（1rand）并将其发送到第二（2）IC卡; 在第二（2）个IC卡内的加密认证号（enc-rand）中加密认证号（1rand），并将其发送到第一（1）个IC卡; 通过密钥派生（1K）解密加密认证号（enc-rand）并将其与认证号（1rand）进行比较。 如果第一IC卡（1）中的加密认证号（enc-rand）等于认证号（1rand），则授权第二IC卡（2）。 上述步骤中包括的至少一个传输包括一个或多个旨在从第二IC卡（2）授权第一IC卡（1）的标识和/或认证号码。 标识和/或认证号码包括反向认证号码（rev-rand）。