EP4423641A1 - Autorisation d'une application sur un élément de sécurité - Google Patents

Autorisation d'une application sur un élément de sécurité

Info

Publication number
EP4423641A1
EP4423641A1 EP22800087.3A EP22800087A EP4423641A1 EP 4423641 A1 EP4423641 A1 EP 4423641A1 EP 22800087 A EP22800087 A EP 22800087A EP 4423641 A1 EP4423641 A1 EP 4423641A1
Authority
EP
European Patent Office
Prior art keywords
user verification
application
user
controller
sensor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP22800087.3A
Other languages
German (de)
English (en)
Inventor
Oliver Gibis
Werner Ness
Alexander SUMMERER
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Giesecke and Devrient ePayments GmbH
Original Assignee
Giesecke and Devrient ePayments GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Giesecke and Devrient ePayments GmbH filed Critical Giesecke and Devrient ePayments GmbH
Publication of EP4423641A1 publication Critical patent/EP4423641A1/fr
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Definitions

  • the present invention relates to a method for authorizing an application installed on a security element and a corresponding device with a security element and a user verification element.
  • Mobile devices are known which can be used for digital transactions, such as digital payments or the like.
  • Devices of this type can be designed, for example, as watches or key fobs, but also as telecommunications terminals such as mobile phones or the like. It is often beneficial to provide these devices with a user verification capability, such as biometric testing, to secure transactions.
  • the applications are provided as binary code by third parties and the source code is not even available to the manufacturer of the said devices.
  • the third-party provider must be commissioned with a corresponding modification.
  • different types of biometric verification systems may have to be genes are taken into account individually and/or various third-party providers are active. This regularly leads to the fact that applications have to be additionally or re-certified, which results in considerable costs and time
  • the present invention relates to authorizing an application installed on a security element and comprises several steps: According to a first step, a user feature of a user is detected by means of a sensor of a user verification element and from this sensor data are determined that characterize the user feature. In a second step, the user verification element derives a user verification status of the user from the sensor data. In a third step, the derived user verification status is transmitted from the user verification element to the security element for authorization of the application by the security element and the application is authorized on the basis of the user verification status
  • the invention characterized in this way makes it possible to provide a user verification status to a security element with applications installed on it and to use it there to authorize the application. Neither the security element or its operating system nor the application itself has to carry out the user verification themselves or be specifically adapted for this purpose.
  • already existing applications can be provided with access and/or transaction protection without changing their source code or binary code, without having to carry out a new installation or renewed certification, or having to modify the application in any other way.
  • the user verification is modularized and thereby decoupled from the actual authorization.
  • all aspects of the user verification are bundled on a user verification element, which is implemented separately from the security element and makes the required user verification status for its authorization available to this or the relevant application. Any security-relevant or user- or application-specific applications executed on the security element therefore do not have to be adapted for a specific user verification.
  • the device according to the invention is appropriately equipped and set up to check the authorization according to the invention of the application installed on the security element.
  • the device according to the invention comprises a user verification element and a security element with applications installed on it.
  • the user verification element is set up to detect a user feature using the sensor and to derive a user verification status from this, which characterizes the user feature.
  • the user verification element is set up to transmit the user verification status to the security element.
  • the security element is set up to receive the user verification status and to use this to authorize the application.
  • the method according to the invention preferably includes the step of providing said device with a security element and user verification element.
  • the security element and the user verification element are structurally separate and maintain a data communication connection.
  • the user verification element preferably includes at least one sensor controller assigned to the sensor and a verification controller.
  • the security element in turn comprises a switching application. While the sensor controller derives the user verification status from the sensor data, the verification controller transmits the user verification status to the security element or to its intermediary application.
  • the intermediary application can allow or deny certain steps depending on the user verification status, such as authorizing or denying the application in question and preventing the execution of transactions.
  • the sensor controller can determine whether a positive user verification status results from the sensor data and can forward the user verification status to the verification controller.
  • the sensor controller can determine, independently of the other components of the device according to the invention, whether the user can be verified by the sensor data.
  • At least one application is selected on the security element and/or a transaction is carried out with the at least one application. If there is a positive user verification status, transactions with the security element are permitted, for example.
  • the user verification by means of the sensor and its sensor controller avoids a security-related adaptation of the application required for the transaction. These adjustments can instead be made in the mediator application and in the verification controller. Since the user verification by means of sensor data is implemented logically and preferably structurally separately from the applications of the security element and the user verification status is securely transferred to the applications, a modification of the applications and thus a break in the corresponding certifications is avoided.
  • the sensor is preferably a biometric sensor that generates sensor data that characterizes a biometric user feature.
  • the biometric sensor is particularly preferably a fingerprint sensor and the sensor controller is a fingerprint controller. This allows the user verification status to be determined easily because the user does not need to possess any special items or prove knowledge. In particular, a biometric sensor relieves the verification controller. In some cases, this can result in lower power requirements and a correspondingly longer battery life.
  • the intermediary application of the security element, the verification controller and/or the sensor controller is preferably pre-personalized by securely storing personalized data in these components.
  • This data preferably includes a set of keys with one or more cryptographic keys that are suitable for encrypting the relevant data communication.
  • the same set of keys is preferably stored in the intermediary application, verification controller and sensor controller during the pre-personalization.
  • the encryption of the data communication between verification controller, intermediary application and/or sensor controller prevents unauthorized reading out or manipulation of the user verification status by an attacker.
  • the information and data transmitted between the components mentioned are at least partially secured with message authentication codes in order to ensure or to be able to check the authenticity of the information and data transmitted.
  • the user verification status is preferably transmitted according to a security protocol, which preferably uses a challenge-response method.
  • a security protocol which preferably uses a challenge-response method.
  • the information transfer between verification controller, intermediary application and/or sensor controller takes place at least partially according to such a security protocol. This prevents manipulation of the user verification status, for example through logical attacks by malware in the verification controller or physical attacks on cable connections between the components.
  • an application is authorized by the intermediary application determining a positive user verification status.
  • the application can be selected and/or a transaction can be carried out using the application.
  • the user verification status is preferably reset with the aid of an application, so that further selection of applications and/or implementation of a Transaction is only possible with renewed user verification. If the device according to the invention is stolen, for example after a user verification and the subsequent transaction, a further, then unauthorized transaction is prevented
  • the security element generally carries out transactions without contact using a suitable transmitting and receiving device on the security element or verification controller, for example using an NFC or Bluetooth module with an antenna.
  • the transmitting and receiving device can be arranged on the security element or verification controller, for example.
  • a device set up for such a contactless transaction does not require any lines leading to the outside which are questionable in terms of security.
  • Authentication transactions, payment transactions and/or access transactions are preferably authorized according to the invention.
  • a user who has been verified beforehand is authenticated by means of an authentication transaction, so that the user can carry out a payment transaction and/or gain access to a system or object.
  • the device according to the invention has the form of a key fob, in particular it is a "key fob" with an integrated fingerprint sensor.
  • the verification controller preferably detects whether the user wants to carry out a user verification.
  • the verification controller requests a challenge from the switching application, such as a random number, which is preferably protected with a message authentication code, for example using an HMAC code.
  • the sensor controller then verifies the integrity of the challenge using the message authentication code. If the message authentication code of the challenge is positive, the sensor controller preferably carries out a user verification and determines a user verification status.
  • the sensor controller then checks the integrity of the challenge using the message authentication code and, if integrity is present, carries out a user verification and determines a user verification status.
  • the sensor controller then transmits the encrypted and secured user verification status to the verification controller, which forwards it to the intermediary application, which decrypts and stores the user verification status if the associated message authentication code is recognized as correct.
  • the operating system of the security element can access the user verification status stored in this way and, in the case of a positive user verification status, allows the application to be selected and/or the relevant transaction to be executed by the application.
  • FIG. 1 shows a first embodiment of the device according to the invention
  • FIG. 2 shows a second embodiment of the device according to the invention
  • FIG. 3 shows a third embodiment of the device according to the invention.
  • the device 1 shows a device 1 with a verification controller 2, which can be designed as a BLE controller, for example as a Bluetooth Low Energy Controller DIALOG BLE 5.0 DA14683 (WL-CSP53).
  • the device 1 has a security element 3, for example a chip card, smart card, eSE, eUICC card or the like, for example an Infineon chip SLE78 with a G+D Sm@rt Cafe operating system.
  • the device 1 further includes a sensor controller 4, in particular a fingerprint controller 5, such as a Nuvoton NuMicro M480, and a sensor 6, such as a fingerprint sensor 7.
  • the BLE verification controller 2 is the main processor according to the embodiment according to FIG. 1 and routes all data communication via the BLE channel to the fingerprint controller 5 (TX/RX) and further to the security element 3.
  • FIG. 1 shows a data connection DATA and Lei - Communications RST and CLK between the verification controller 2 and the security element 3 or the sensor controller 4, as well as data connections TX ("transmit”) and RX ("receive").
  • the verification controller 2 is powered by a battery 8, such as a lithium-ion battery.
  • the verification controller 2 supplies the other components of the device 1 with power (PWD), in particular the security element 3 and the sensor controller 4.
  • a power circuit 9 (“power switch circuit”) is connected to the verification controller 2.
  • Applications 12 e.g. JavaCard applets and/or qVSDC installed, which communicate either contact-based via the verification controller 2 or contactless via the connected antenna 10.
  • the fingerprint sensor 7 transmits biometric sensor data, which depicts or represents a user feature of the user, to the fingerprint controller 5, which determines whether the user in question uses of the data can be verified.
  • the corresponding user verification status is then transmitted in encrypted form to the verification controller 2 and from there to the intermediary application 11 on the security element 3 .
  • the encryption largely rules out manipulations, for example through logical attacks by malware in the verification controller or through physical attacks, some bit manipulations at weak points such as the cable connections between fingerprint controller 5 and verification controller 2 and security element 3.
  • the device provides a challenge-response security protocol (“Key Fob Fingerprint Security Protocol”) for securing the transmission of the user verification status via insecure system components, such as the BLE controller or the cable connections of the device 1.
  • Key Fob Fingerprint Security Protocol a challenge-response security protocol
  • the device 1 has an intermediary application 11 in the security element 3, which receives and stores the user verification status according to the security protocol. As soon as an application 12 is selected or a transaction is carried out with it, the operating system 14 of the security element 3 checks the user verification status and allows the selection or transaction with a positive user verification status. After the transaction has taken place, the security element 3 resets the user verification status, so that a further transaction, for example a selection of the application, is not possible without renewed user verification.
  • Fig. 2 illustrates the process of user verification in several steps:
  • Step 21 As soon as the verification controller 2 (e.g. the BLE controller) determines that the user intends a user verification with a fingerprint as a user feature, the verification controller 2 requests a challenge (e.g. a random number) with the GET_CHALLENGE command. from the mediator application 11 in the security element.
  • a challenge e.g. a random number
  • Step 22 The mediator application 11 returns the challenge, which is protected with the message authentication code HMAC, to the verification controller.
  • Step 23 To check the fingerprint, the verification controller 2 executes the MATCH command with the HMAC-secured challenge as an input parameter and references the keys EncKeyID and MacKeyID as additional input parameters.
  • Step 24 The fingerprint controller 5 verifies the integrity of the challenge using the HMAC signature.
  • Step 25 The fingerprint controller 5 carries out the user verification by means of a fingerprint if the HMAC signature is correct. Otherwise the verification controller 2 is informed of an error message.
  • Step 26 The fingerprint controller 5 encrypts the user verification status (OK Match, No Match) and secures this via a message authentication code (HMAC) using the keys EncKey and MacKey.
  • HMAC message authentication code
  • Step 27 The fingerprint controller 5 sends the encrypted and HMAC-secured user verification status back to the verification controller 2.
  • Step 28 The verification controller 2 forwards the user verification status to the mediator application 11 on the security element 3.
  • Step 29 The broker application 11 on the security element 3 checks the HMAC signature of the received user verification status.
  • Step 30 If the HMAC signature is valid, the user verification status is decrypted by the mediator application 11
  • Step 31 The decrypted user verification status is stored in the agent application 11.
  • Step 32 The operating system 14 of the security element 3 requests the user verification status from the intermediary application 11 together with the defined AIDs and rules and checks them.
  • Step 33 If the user verification was successful and the application 12 has one of the defined AIDs, the operating system 14 allows the selection of the application 12 or the transaction with the application 12.
  • the user verification status is stored in the security element 3 .
  • the user verification status can be stored in verification controller 2, e.g. in the BLE controller.
  • the verification controller 2 generates a challenge and a corresponding message authentication code, such as an HMAC code, executes a MATCH command with the HMAC-secured challenge as an input parameter and references the cryptographic keys EncKeyID and MacKeyID as additional input parameters.
  • the fingerprint controller 5 checks the integrity of the challenge using the HMAC signature and carries out the user verification using the fingerprint if the HMAC signature is correct. Otherwise the verification controller 2 is given an error message.
  • the fingerprint controller 5 then encrypts the user verification status (OK Match, No Match), secures it using a message authentication code (HMAC) and sends the encrypted and HMAC-secured user verification status back to verification controller 2.
  • the verification controller 2 checks the message authentication code of the received user verification status and decrypts the user verification status if the HMAC signature is valid. The decrypted user verification status is finally stored in the verification controller 2 .
  • the MATCH command can lead to the following results:
  • OK Match The selected template matches the finger on the sensor and returns the matching ID value
  • the sensor controller 4, the fingerprint controller 5, the verification controller 2 and the mediator application 11 require pre-stored encryption keys and message authentication codes so that a user verification command can be executed. These keys are stored in the components mentioned during the manufacture of the device 1 and are set permanently by a KEY_LOCK command.
  • the keys are stored in the verification controller 2 itself and blocked by the latter against overwriting.
  • the keys EncKeyID_l [16 bytes] and Ma- cKeyID_l [32 bytes] stored in the security element 3 and in the sensor controller 4.
  • the keys EncKeyID_2 and MacKey ID_2 are stored in verification controller 2 and sensor controller 4. These keys can no longer be changed after the KEY_LOCK command has been executed.
  • FIG 3 shows the device 1 comprising the security element 2 and the user verification element 100 with the verification controller 2, the sensor 6 and the sensor controller 4.
  • the verification controller 2 has a processor unit 201 , a volatile memory 202 and a non-volatile memory 203 .
  • the verification controller 2 has communication interfaces 204 and 205 for connection to the sensor controller 4 and the security element 3 .
  • the security element comprises a processor unit 301, a volatile memory 302 and a non-volatile memory 303 as well as a communication interface 304 which is connected to the verification controller 2.
  • the sensor controller 4 has a processor unit 401, a volatile memory 402, a non-volatile memory 403 and a communication interface 404, which is connected to the verification controller 2.
  • the user verification element 100 is designed and set up to carry out a user verification with the aid of the sensor 6 and to transmit the user verification status obtained to the intermediary application 11 on the security element 3 in encrypted form.
  • the user verification status is transmitted in encrypted form from the sensor controller 4 to the verification controller 2 and from there to the security element 3 .
  • the security element 3 is designed and set up to decrypt the encrypted user verification status transmitted by the user verification element 100 .
  • FIG. 4 illustrates the steps of the method according to the invention for authorizing an application 12 installed on a security element 3 by means of a device 1 according to the invention with user verification element 100 and security element 3:
  • Step 41 detection of a user feature of a user of the device 1 by a sensor 6 of a user verification element (100) and generation of sensor data characterizing the user feature by the sensor controller 4 of the user verification element 100;
  • Step 42 deriving a user verification status from the sensor data by the user verification element or its sensor controller;
  • Step 43 Secure transmission of the user verification status from the user verification element 100 to the security element 3 to authorize the application 12 through the switching application 11;
  • Step 44 storing the authorization information on the security element 3 (optional).
  • Steps 45, 46 selecting the application 12 on the security element

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Collating Specific Patterns (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

Le procédé selon l'invention permet d'autoriser une application (12) installée sur un élément de sécurité (3) et comprend les étapes consistant à détecter (41) une caractéristique d'utilisateur au moyen d'un capteur (6) d'un élément de vérification d'utilisateur (100) et à générer des données de capteur qui caractérisent la caractéristique d'utilisateur; à déduire (42) un état de vérification d'utilisateur à partir des données de capteur au moyen de l'élément de vérification d'utilisateur (100); et à transmettre (43) l'état de vérification d'utilisateur de l'élément de vérification d'utilisateur (100) à l'élément de sécurité (3) pour autoriser l'application (12) par l'élément de sécurité (3).
EP22800087.3A 2021-10-27 2022-10-18 Autorisation d'une application sur un élément de sécurité Pending EP4423641A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102021005350.8A DE102021005350A1 (de) 2021-10-27 2021-10-27 Autorisieren einer Anwendung auf einem Sicherheitselement
PCT/EP2022/000097 WO2023072423A1 (fr) 2021-10-27 2022-10-18 Autorisation d'une application sur un élément de sécurité

Publications (1)

Publication Number Publication Date
EP4423641A1 true EP4423641A1 (fr) 2024-09-04

Family

ID=84245847

Family Applications (1)

Application Number Title Priority Date Filing Date
EP22800087.3A Pending EP4423641A1 (fr) 2021-10-27 2022-10-18 Autorisation d'une application sur un élément de sécurité

Country Status (5)

Country Link
US (1) US20240427865A1 (fr)
EP (1) EP4423641A1 (fr)
CN (1) CN118159966A (fr)
DE (1) DE102021005350A1 (fr)
WO (1) WO2023072423A1 (fr)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170357791A1 (en) * 2014-12-04 2017-12-14 Assa Abloy Ab Using sensor data to authenticate a user for a computer device

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2396330B (en) * 2002-12-20 2005-05-11 Motorola Inc A smartcard
RU2007127725A (ru) * 2004-12-20 2009-01-27 ПРОКСЕНС, ЭлЭлСи (US) Аутентификация по биометрическому ключу персональных данных (pdk)
US20090307140A1 (en) 2008-06-06 2009-12-10 Upendra Mardikar Mobile device over-the-air (ota) registration and point-of-sale (pos) payment
US10121144B2 (en) * 2013-11-04 2018-11-06 Apple Inc. Using biometric authentication for NFC-based payments
KR102460459B1 (ko) * 2015-02-27 2022-10-28 삼성전자주식회사 전자 장치를 이용한 카드 서비스 방법 및 장치
KR102324468B1 (ko) * 2017-03-28 2021-11-10 삼성전자주식회사 얼굴 인증을 위한 장치 및 방법

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170357791A1 (en) * 2014-12-04 2017-12-14 Assa Abloy Ab Using sensor data to authenticate a user for a computer device

Also Published As

Publication number Publication date
CN118159966A (zh) 2024-06-07
DE102021005350A1 (de) 2023-04-27
WO2023072423A1 (fr) 2023-05-04
US20240427865A1 (en) 2024-12-26

Similar Documents

Publication Publication Date Title
EP2218028B1 (fr) Procédé pour protéger une carte à puce contre une utilisation non autorisée, carte à puce et terminal pour cartes à puce
EP2215609B1 (fr) Procédé de déverrouillage d'une fonction de carte à puce au moyen d'un contrôle à distance
DE102016113499A1 (de) Authentifizierungsverfahren zur Authentifizierung eines Benutzers eines Endgeräts
EP2389644B1 (fr) Procédé de déverrouillage d'une fonction de carte à puce, et lecteur de carte
EP3449655A1 (fr) Procédé d'interaction sécurisée d'un utilisateur avec un terminal mobile et une autre entité
EP3882796A1 (fr) Authentification de l'utilisateur à l'aide de deux éléments de sécurité indépendants
EP4423641A1 (fr) Autorisation d'une application sur un élément de sécurité
EP3336736B1 (fr) Jeton auxiliaire id destiné à l'authentification mulifacteur
DE102020205933A1 (de) Verfahren zur Kopplung eines Authentifizierungsmittels mit einem Fahrzeug
EP4423636B1 (fr) Autorisation d'une application sur un élément de sécurité
EP3336732A1 (fr) Authentification d'utilisateur à l'aide de plusieurs caractéristiques
EP2734984B1 (fr) Procédé de protection d'un terminal de cartes à puce contre une utilisation non autorisée
EP1915718B1 (fr) Procede pour proteger l'authentification d'un support de donnees portable vis-a-vis d'un lecteur par une voie de communication non securisee
WO2005055018A1 (fr) Procede et dispositif pour securiser des donnees numeriques
EP2834767B1 (fr) Système d'ordinateur et procédé pour chargement d'un ordinateur
DE102019109343A1 (de) Verfahren und Vorrichtung zur Übertragung digitaler Daten
WO2005073826A1 (fr) Systeme comprenant au moins un ordinateur et au moins un support de donnees portatif
EP1563360A1 (fr) Procede pour proteger un support de donnees portable
WO2020234459A1 (fr) Procédé permettant l'authentification d'un utilisateur et système d'authentification
WO2003088053A2 (fr) Procede de protection de programme

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20240527

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC ME MK MT NL NO PL PT RO RS SE SI SK SM TR

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20250514