JP2008504787A - Apparatus and method using encrypted data - Google Patents

Abstract

  The present invention relates to a corresponding method using a device (DEV) and encrypted data (DATenc) stored in a first memory (MEM1) of the device (DEV). The device (DEV) further includes a second memory (MEM2) having higher tamper resistance. The encrypted data (DATenc) is read from the first memory (MEM1), the encrypted data (DATenc) is decrypted by the associated key (K), and the decrypted data (DAT) is stored in the second memory (MEM2). Remembered. Thus, the encrypted data (DATenc) stored on the device (DEV) can be used in a decrypted format without permitting the owner of the device (DEV) to access the decrypted data (DAT). One application is the emulation of a number of smart card applications by a mobile device.

Description

  The present invention relates to an apparatus including a first memory and a second memory having higher tamper resistance. Furthermore, the present invention relates to a method using encrypted data stored in a first memory.

  Allowing sensitive data access only to authorized individuals is a well-known problem in the prior art. One solution is to store sensitive data in a tamper-resistant area (ie, in memory that is virtually unreadable). An example of such a region is a smart card. Smart cards are widely used for sensitive data, especially in financial applications. Here, the owner of the data carrier is not the owner of the data itself. This data is, for example, owned by a bank. Since many technical functions are required to make the memory highly tamper resistant, the smart card and the above-mentioned memory are relatively expensive. Therefore, it is not economical to store a large amount of data in a very secure memory.

  For the aforementioned applications, the solution may be to store the encrypted data on a mass storage device and supply an associated key to an authorized individual. In general, separate data storage means are used for this reason. Thus, the key can be supplied, for example, in the form of an electronic access card. Alternatively, the key is supplied on a floppy disk or simply printed on paper, while the encrypted data is stored, for example, on a publicly accessible server. If the key is not in the hands of criminals, the data is secure.

  Under certain circumstances, it is useful for the data on the storage device to be accessible in decrypted form, while the owner of the data carrier is not authorized to modify the data or read the data It is also not authorized. One example is executable code that must be decrypted before it can be executed. But this comes with security risks. This is because the data is decrypted. Furthermore, for example, it is extremely impossible to increase the tamper resistance of a hard disk. Thus, the owner of the data carrier who cannot have access can access the data. Therefore, in this case, a secure memory (for example, a smart card) is selected as the data carrier. This is because data (eg, coded instructions) can be stored as is and is secure anyway. On the other hand, a further increase in data capacity increases technical labor and production cost of a large capacity memory with high tamper resistance.

  Here, the problem of the present invention is to solve the above-mentioned drawbacks, and it is possible to use the encrypted data stored on the device in a decrypted form without allowing the owner of the device to access the decrypted data. An apparatus and method is provided.

The subject of the present invention is
A first memory;
A second memory having higher tamper resistance;
Means for reading the encrypted data from the first memory;
Means for decrypting the encrypted data with the associated key;
This is solved by an apparatus comprising means for storing the decoded data in a second memory.

The above problem is further solved by a method using encrypted data stored in the first memory of the apparatus. The apparatus further includes a second memory having higher tamper resistance, and the method includes:
Reading the encrypted data from the first memory;
Decrypting the encrypted data with the associated key;
Storing the decoded data in the second memory.

  In this way, it is possible to solve the limitations of the prior art. On the other hand, using a first large-capacity, inexpensive (and insecure) first memory that permanently stores encrypted data, and a small capacity that temporarily stores decrypted data when it is planned to be used, An inexpensive (and secure) second memory can be used. This second memory can be shared by several applications, thereby reducing technical effort and costs.

  This is effective when the second memory and decoding means are part of the NFC interface. NFC (Near Field Communication) technology has evolved from a combination of contactless identification (ie, RFID technology) and interconnect technology. NFC operates over a distance of typically a few centimeters in the 13.56 MHz frequency range, but engineers are also working on systems that operate over longer distances (up to 1 m). NFC technology is standardized in ISO18092, ECMA340 and ETSI TS102190. NFC also complies with the contactless smart card infrastructure defined roughly under ISO 14443. NFC interfaces are now widely used in mobile phones and other mobile devices. Such an interface usually already comprises a tamper-resistant memory and an encryption / decryption module. Therefore, it is preferable to use the aforementioned module in the present invention.

  One envisioned application of the present invention is a device that emulates several smart cards. Such devices are generally known, for example, from WO 01/93212 and WO 04/57890. Once the smart card data to be used is supplied to the NFC interface, the device can communicate with a reader (usually a power-reading device for NFC / RFID communication that is also designed to write data). . According to the invention, the encrypted data representing the smart card application is now decrypted and effectively loaded into the second memory of the NFC interface.

  It is more effective when the first memory is further formed to store the function for operating the device. The device typically comprises an insecure main memory that stores the device's operating system. In this embodiment, the operating system's encrypted data and functions are stored in a first memory. Thus, the first memory is used synergistically.

  Finally, it is effective when the second memory is formed to store the key. For some applications, it is advantageous if the key for decrypting the encrypted data is stored in the device itself. In this case, the key should be stored in a second memory having high tamper resistance in order to prevent misuse of the encrypted data.

An advantageous embodiment of the method of the invention is further represented. In this example, if the data is no longer used,
Reading data from the second memory;
Encrypting the data with an associated key;
A step of storing the encrypted data in the first memory is performed.

  Here, the changed data can be stored for later use. Thus, data is read from the second memory, encrypted, and written once again to the first memory, while freeing the second memory for another application, on the other hand, the modified data is made permanent. To remember.

  It is also advantageous if the key is supplied by a remote device. In this case, the device stores only encrypted data such as an encrypted smart card application. If encrypted data is to be used, the associated key is sent from the reader to the device and used there to decrypt the encrypted data.

  An effective embodiment of the present invention is represented by a method. In this method, the following steps are performed in order to use one of a large number of encrypted data sets constituting the encrypted data.

a) generating a random number;
b) encrypting the random number with the key associated with the encrypted data set and sending it to the remote device;
c) receiving the decoded number from the remote device;
d) comparing the generated random number with the decrypted received number;
e) The encrypted data set is decrypted with the related key, and if the comparison result is true, the decrypted data set is stored in the second memory, and if the comparison result is false, a further encrypted data set is stored. Performing steps a) to e) with a key associated with.

  For example, in the case of multiple data sets representing multiple smart card applications, which of the encrypted data sets is to be used (ie which smart card application is to be presented to the reader) It is necessary to decide. If the key associated with the encrypted data set is stored in the device and also stored in the reader (and assuming a symmetric cipher), the above procedure selects which encrypted data set This is an advantageous procedure for determining whether or not. When using asymmetric encryption, a private key and a public key must be used instead of the same key. Thus, the random number can be encrypted with the private key, can be decrypted with the public key, and vice versa. The advantage of this procedure is that no key appears in the wireless communication. Otherwise, in theory it is possible to squeeze out.

  A very similar embodiment is represented by the method. In this method, the following steps are performed in order to use one of a large number of encrypted data sets constituting the encrypted data.

a) generating a random number and sending it to the remote device;
b) receiving the encrypted number from the remote device;
c) decrypting the encrypted number with the key associated with the encrypted data set;
d) comparing the generated random number with the decrypted received number;
e) The encrypted data set is decrypted with the related key, and if the comparison result is true, the decrypted data set is stored in the second memory, and if the comparison result is false, a further encrypted data set is stored. Performing steps c) to e) with a key associated with.

  Simply put, the location of random number encryption and the location of random number decryption vary. In this case, the random number is encrypted in the reader and decrypted again in the device. On the other hand, in the above-described embodiment, the random number is encrypted in the apparatus and decrypted once again in the reader. Since the random number is encrypted only once here, there is an advantage in processing speed. If y is an integer indicating the number of cycles required to find a suitable key, in this case there are y + 1 encryption or decryption steps, but the preceding method is used 2y steps are required.

  As another effective embodiment, there is a method in which the following steps are performed in order to use one of many encrypted data sets constituting the encrypted data.

Determining the position of the device;
Determining an encrypted data set associated with this location;
Decrypting the encrypted data set with the associated key and storing the decrypted data set in the second memory.

  Here, the geographical location of the device serves to determine the encryption data set to be used. The means for determining the position is, for example, a GPS receiver. In addition, cell identification of a GSM or UMTS network can be used to determine the location of a device when the resulting larger area is still sufficient for a particular application. Finally, it is possible to evaluate the strength of radio signals from several base stations to determine the position more accurately. The preferred embodiment comprises a table in which the necessary information is linked together.

  As a further effective method, there is a method in which the following steps are performed in order to use one of a large number of encrypted data sets constituting the encrypted data.

Receiving identification information from a remote device;
Determining an encrypted data set associated with the identification information;
Decrypting the encrypted data set with the associated key and storing the decrypted data set in the second memory;

  There is also the possibility of selecting a particular encrypted data set by simply sending identification information of the encrypted data set from the reader to the device. If the public transport service is called "London Underground", this information will be sent to the device. The table makes it easy to find an appropriate encrypted data set.

  It is further advantageous if the method of the invention comprises the following initial steps:

Storing encrypted data in a first memory;
Storing a key for decrypting the encryption key in the second memory.

  To set up the service, encrypted data is transmitted from the remote device to the device and stored in the first memory. Encrypted data typically does not pose a security risk and can be transmitted over an insecure connection (eg, over an insecure Internet connection). GPRS download is also applicable. The key can be supplied at the service provider's store. Returning to the “London Underground”, this means that the customer brings his device to the store where the employee of the London Underground stores the key in the device. Therefore, unauthorized use of encrypted data is almost impossible.

  A further advantageous method comprises the following initial steps:

An initial step of receiving data in a decrypted form from a remote device;
An initial step of generating a random key in the device;
An initial step of encrypting the data with the key and storing the encrypted data in a first memory;
An initial step of storing the key in a second memory;

  In this case, it is necessary to transmit data via a secure connection. This is because the data is not encrypted. Possible possibilities include secure internet connection and near field communication. Further conceivable is service initialization at the store as described above. When received, the data is encrypted with a random key. Thereafter, the encrypted data is stored in the first memory and the key is stored in the second memory, thereby completing the service initialization.

  Finally, it is effective that the method of the present invention comprises the following initial steps.

An initial step of receiving encrypted data from a remote device;
An initial step of receiving a key via a tamper-resistant communication channel;
An initial step of storing the encrypted data in the first memory;
An initial step of storing the key in the second memory;

  As described above, encrypted data can be transmitted over an insecure connection. In contrast, the associated key should be transmitted over a secure connection and later stored in a secure second memory. Therefore, short-range wireless communication that is not easily possible is preferable because the above-described connection range is limited. The encryption key is sent to the device, where it is decrypted by the secret algorithm (especially further by user input). Thus, the code can be sent to the customer by “normal” mail. Thereafter, the customer can download the encrypted data and the encryption key. An encryption key and a code are input to a secret algorithm that cannot be squeezed out because it is executed in a region with high tamper resistance. The result of this decryption is a key for decrypting the encrypted data, which is later stored in the second memory.

  When the key of the encrypted data set is stored in the second memory, the update of the encrypted data set is easy. If "London Underground" has upgraded the software, the customer may download the updated encrypted data over an insecure connection without having to bring the device back to the service provider store. Is possible.

  The invention will now be described in more detail with reference to the accompanying drawings which show an advantageous embodiment of the invention. In addition, the description example of the present application does not serve to narrow the wide range of the present invention.

  FIG. 1 shows an arrangement comprising a device DEV and two remote devices constituted by a server SER and a reader RD. In this example, the device DEV is a mobile phone or a PDA, and includes a first memory MEM1, a second memory MEM2 having higher tamper resistance, and an encryption / decryption module ENC / DEC. In this example, it is assumed that the first memory MEM1 is a memory for an operating system and other data necessary for using the device DEV. Usually there is no procedure to protect the main memory of the device DEV from misuse or only a minor one, so it is usually very easy to change the data stored in the memory. Thus, confidential data (eg, for mobile phones, IMSI (International Mobile Subscriber Identification Information) is stored in a tamper-resistant memory (eg, SIM (Subscriber Identification Module)). Smart cards are becoming more and more part of what is part of a mobile phone and what is emulated by a mobile phone, in this sense, an interface that operates according to the near field communication (NFC) standard. This interface achieves near field communication with the reader RD and usually also comprises tamper-resistant memory and means for encryption and decryption, so in this example the second memory MEM2 The encryption / decryption module ENC / DEC is part of an NFC (Near Field Communication) interface INT.

  The arrangement functions are as follows. In the first step, the reader RD can also communicate according to the NFC standard, and sends the encrypted data DATenc to the device DEV (solid line). In this case, the encrypted data DATenc represents a ticket sales application in public transport that must be installed on the device DEV before it can be used. When received, the encrypted data DATenc is thus stored in the first memory MEM1.

  Alternatively, the encrypted data DAcenc can also be supplied by the server SER. This is indicated by a broken line from the server SER to the device DEV. In this case, it is assumed that the server SER is a part of the Internet and holds the aforementioned application. Depending on the request, it is possible to download over a relatively fast (and insecure) internet connection. The request can be sent directly to the server SER by the device DEV or by the reader RD.

  Basically, the device DEV can already be used. Therefore, when the device DEV is near the reader RD, the key K is sent from the reader RD to the device DEV in the second step (solid line). In the third step, the encrypted data DATenc is read from the first memory MEM1 and decrypted by the key K received from the encryption / decryption module ENC / DEC and the reader RD. In the fourth step, the data DAT as a result of this decoding is stored in the second memory MEM2. Here, the communication between the device DEV and the reader RD can be performed since it can be seen from the prior art system. Data DAT may also comprise variables and codes.

  In another embodiment, the key K is stored on the device DEV during service initialization (ie, when encrypted data DATAenc is received from the reader RD or server SER). The encrypted data DATAenc can be transmitted through the above-mentioned insecure communication channel. The only restriction is to keep the key K secret. Therefore, the small-capacity key K is transmitted via the short-range but secure short-range communication (broken line) and stored in the second memory MEM2.

  Basically, the device DEV can still be used. This procedure can be started manually, for example, instead of remotely by the reader RD. Furthermore, in contrast to the method described above, the key K is not received from the reader RD, but is transmitted from the second memory MEM2 to the encryption / decryption module ENC / DEC. Again, the encrypted data DATenc is decrypted, and the data DAT as a result of the decryption is stored in the second memory MEM2. Communication between the device DEV and the reader RD can be performed as described above.

  It is assumed that the communication channel between the device DEV and the reader RD is secure. Further, as described above, the second memory MEM2 has tamper resistance. Therefore, it is not possible to illegally use the key K in order to use the encrypted data DATAenc unconditionally, for example, to purchase a ticket without paying. The advantage of this method is that it is generally possible to store an application using a large-capacity memory space in an inexpensive standard memory and is temporarily loaded into an expensive second memory MEM2 having tamper resistance. The In this way, sharing among several services is possible as will be described in more detail below.

  FIG. 2 again shows another embodiment of the device DEV of the present invention, shown in combination with two remote devices constituted by a server SER and a reader RD. In addition to FIG. 1, the device DEV comprises a random number generator RAND which is part of the NFC interface INT.

  The functions of the arrangement of FIG. 2 are as follows. First, the unencrypted data DAT is transmitted from the reader RD to the device DEV via short-range communication (solid line) and stored in the second memory MEM2. In the second step, the random key K is generated by the random number generator RAND, stored in the second memory MEM2, and further sent to the encryption / decryption module ENC / DEC. In the third step, the data DAT is encrypted with the key K by the encryption / decryption module ENC / DEC. Finally, as a result of this step, the encrypted data DAcenc is stored in the first memory MEM1 in the fourth step.

  Again, the data DAT can be transmitted by the server SER (dashed line). In contrast to the embodiment of FIG. 1, here a secure communication channel should exist between the server SER and the device DEV. This is because the data DAT is not encrypted. Data DAT can also be sent from the server SER to the reader RD via a tamper-resistant communication channel (for example by an in-house network) (broken line) and then sent to the device DEV via a short-range wireless communication link It can be assumed.

  Finally, FIG. 3 shows how the encrypted data set (DS1enc..DSxenc) can be used. In this example, the encrypted data DATenc has several ciphers representing different smart card applications (ie one for public transportation, one for movie ticket sales, one for corporate ID cards, etc.). It is assumed that the data is divided into data sets (DS1enc..DSnenc). These encrypted data sets (DS1enc..DSnenc) are stored in advance in the initialization routine shown in FIG. 1 or FIG. It is also conceivable that the application is stored in another way (eg directly by the provider of the device DEV (eg mobile phone)). Each encrypted data set (DS1enc..DSnenc) has an associated key K1..Kn stored in the second memory MEM2. In contrast to FIG. 2, the device DEV further comprises a comparator COMP and the reader RD further comprises an encryption / decryption module ENC / DEC '.

  The functions of the arrangement of FIG. 3 are as follows. If the device DEV is in the vicinity of the reader RD, it must determine which of the applications represented by the encrypted data set (DS1enc..DSnenc) has to be selected. This can be done by manual selection. However, to make the user of the device DEV easier, the following procedure is proposed.

  In the first step, a random number R is generated by a random number generator RAND. In the second step, the random number R is encrypted with the key Kx. This key Kx is also used to decrypt the associated encrypted data set DSx. Later, the encrypted random number Renc is transmitted to the reader in a third step. In the fourth step, the encrypted random number Renc is decrypted by the encryption / decryption module ENC / DEC 'using the reader key Krd. As a result of this process, in the fifth step, the reader random number Rrd is then sent again to the device DEV and compared with the original random number R by the comparator COMP.

  If the result of the comparison is true (ie, the random number R and the reader random number Rrd are the same), the correct key Kx is found (assuming symmetric encryption and the same secret keys Kx and Krd for correct processing). To do). Next, in a sixth step, the encrypted data set Dsxenc related to the key Kx is decrypted by the encryption / decryption module ENC / DEC and the key Kx. In the seventh step, the decoding result (data DSx) is stored in the second memory MEM2 (broken line). Here, the device DEV can be used, for example, in public transportation.

  If the result of the comparison is false (the random number R and the reader random number Rrd are not identical), a new random number R is generated and the cycle is again determined by the next encrypted data set DSx + 1enc and the next associated key Kx + 1. Be started. The above cycle is performed recursively until the result of the above comparison becomes true.

  It is not essential that the keys (K1..Kn) be tried in the order stored in the second memory MEM2. It is also possible to have the keys K1..Kn have different weights depending on the frequency used, thereby reducing the search time. Here, the search is started with the key Kx that is most likely to be correct.

  A key other than the key Kx for decrypting the related encrypted data set DSx can also be used to select an appropriate application. Thus, each encrypted data set DSx is associated with two keys (one for decryption and one that is identical to the reader key Krd).

  Furthermore, it is not necessary to use symmetric encryption. It is also conceivable to use asymmetric encryption using a public key and a secret key.

  It can also be seen that the encryption / decryption module ENC / DEC, the random number generator RAND and the comparator COMP do not have to be part of the NFC interface INT. In any case, the above arrangement is preferred because the NFC interface INT as a whole has tamper resistance or is at least more tamper resistant than the rest of the device DEV.

  Further, the random number R is sent directly to the reader RD and encrypted by the encryption / decryption module ENC / DEC 'and the reader key Krd. Later, the encrypted reader random number Rrd is sent again to the device DEV. In the device DEV, decryption is performed using the key Kx associated with the encrypted data set DSxenc. If the original random number R and the decryption reader random number Rrd are the same, an appropriate encrypted data set DSxenc is found again.

  Finally, in order to select one of a large number of encrypted data sets (DS1enc..DSnenc), an identification ID can be sent from the reader device RD to the device RD (broken line). The device DEV receives the identification ID and determines the associated encrypted data set DSx and the associated key Kx. The encrypted data set DSx is loaded into the second memory MEM2 as described above for use.

  In the last embodiment, selecting an application is done differently. Here, the (geographic) position of the device DEV is determined in the first step. This can be achieved by using cell identification in the case of mobile phones, and by using latitude and longitude when a GPS receiver is available. In the second step, the encrypted data set DSxenc associated with the position is determined, and in the third step, the encrypted data set DSxenc is decrypted with the associated key Kx. Finally, the decoded data DSx is also stored in the second memory MEM2.

  Preferably, a table is stored in the device DEV comprising all the aforementioned links. Thus, the lines in the table (ie each line representing a separate application) has three fields: one for the link to the encrypted data set DSx, one for the key Kx, and one for the position. ). Application time-dependent execution can also be envisaged (the method according to FIG. 3 is also possible).

  Next, FIG. 4 shows the service identification ID, the address ADDR of the encrypted data set DSx (emulated smart card) in the first memory MEM1, the key K, the cell identification ID of the wireless network, the latitude LAT, and the longitude. Fig. 4 shows an exemplary table with LON, as well as a time range TIM. Two applications are currently stored (one for public transport and one for movie ticket sales). The table is preferably equipped with a key K. It is stored in the second memory MEM2. In any case, the table can be separated into two parts (insignificant data is stored in the first memory MEM1 and sensitive data is stored in the second memory MEM2).

  The first row of the table comprises data for “London Underground” which is a subway operator. The address ADDR of the appropriate encrypted data set DSxenc in the first memory MEM1 is “0F01”, and the key K for decrypting the encrypted data set DSxenc is “A15B”, both of which are in hexadecimal format. For the London Underground, application selection shall be made by a GPS receiver. Therefore, the cell identification ID is omitted. The location where the application is selected is instead indicated by the latitude LAT0 ° 12'10 '' and longitude LON85 ° 52'60 ''. FIG. 4 only shows a simplified table. In general, there will be more lines showing separate metro stations. Alternatively, the latitude LAT and longitude LON ranges can be associated with a particular application. The London Underground is open all day, so the time range TIM field is omitted. Therefore, each time the device DEV comes to the aforementioned location, the associated encrypted data set DSxenc is decrypted and stored in the second memory MEM2. This can happen due to a change of location or a request of the associated reader RD.

  The second row of the table contains data for “Universal Pictures”, a movie company. The address ADDR of the appropriate encrypted data set DSxenc in the first memory MEM1 is “0FFA”, and the key K for decrypting the encrypted data set DSxenc is “3421”, both of which are in hexadecimal format. . In this case, cell identification of the mobile network is evaluated. Therefore, the field cell identification ID indicates a cell ID 06 of British Telecom, which is a network provider. Therefore, latitude LAT and longitude LON are omitted. In contrast to the line 1 service, the Universal Pictures application is selected only during business hours from 19:00 to 24:00. In short, the associated encrypted data set DSxenc is decrypted and stored in the second memory MEM2 when the device DEV is in the cell ID 06 between 19:00 and 24:00.

  It can be seen that the selection of the encrypted data set DSx can be performed manually. This is a valuable additional possibility, especially if it is not possible to automatically select an appropriate data set DSx.

  Furthermore, it is further stated that the present invention is not limited to smart card applications. Rather, a device that has to decrypt the encrypted data (especially a specific compatible PC with a secure second memory) is suitable. It is not necessary for the device DEV to communicate with the reader RD. It can be assumed that communication takes place between two similar devices DEV (eg two NFC compatible mobile phones). One application may be a (digital) money exchange between two telephones, each with an encrypted account.

  It should be noted that the above examples are illustrative rather than limiting, and that many other examples can be devised by those skilled in the art without departing from the scope of the claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The words “comprising”, “comprises” and like terms do not exclude the presence of elements or steps other than those listed in the claims or the entire specification. The singular description of a component does not exclude the above description of the plural form of the component and vice versa. In the device claim enumerating several means, several of these means can be embodied by one and the same item of hardware or software. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used.

It is a figure which shows service initialization and utilization of encryption data. It is a figure which shows another Example for setting a service. It is a figure which shows the method of selecting one of many encryption data sets. It is a figure which shows the table which allocates an encryption data set to a specific place.

Claims (14)

A device,
A first memory;
A second memory having higher tamper resistance;
Means for reading encrypted data from the first memory;
An apparatus comprising: means for decrypting the encrypted data with an associated key; and means for storing the decrypted data in the second memory.   The apparatus of claim 1, wherein the second memory and the means for decoding are part of an NFC interface.   The apparatus of claim 1, wherein the first memory is further configured to store a function for operating the apparatus.   4. An apparatus as claimed in any preceding claim, wherein the second memory is configured to store the key. A method of using encrypted data stored in a first memory of a device, wherein the device further comprises a second memory having higher tamper resistance, the method comprising:
Reading the encrypted data from the first memory;
Decrypting the encrypted data with an associated key;
Storing the decoded data in the second memory. 6. The method of claim 5, wherein the data is no longer used,
Reading the data from the second memory;
Encrypting the data with the associated key;
A method comprising the step of storing encrypted data in said first memory.   The method of claim 5, wherein the key is provided by a remote device. 6. The method of claim 5, wherein one of a number of encrypted data sets that make up the encrypted data is used.
a) generating a random number;
b) encrypting the random number with a key associated with an encrypted data set and transmitting the encryption result to a remote device;
c) receiving the decoded number from the remote device;
d) comparing the generated random number with the decrypted received number;
e) decrypting the encrypted data set with the associated key, storing the decrypted data set in the second memory if the comparison result is true, and further ciphering if the result is false A method comprising the steps of performing steps a) to e) with a key associated with a structured data set. 6. The method of claim 5, wherein one of a number of encrypted data sets that make up the encrypted data is used.
a) generating a random number and sending the result of the generation to a remote device;
b) receiving an encrypted number from the remote device;
c) decrypting the encrypted number with a key associated with the encrypted data set;
d) comparing the generated random number with the decrypted received number;
e) if the result of the comparison is true, decrypt the encrypted data set with the associated key, store the decrypted data set in the second memory, and further if the result is false A method comprising the steps of performing steps c) to e) with a key associated with an encrypted data set. 6. The method of claim 5, wherein one of a number of encrypted data sets that make up the encrypted data is used.
Determining the position of the device;
Determining an encrypted data set associated with the location;
A method comprising: decrypting the encrypted data set with an associated key and storing the decrypted data set in the second memory. 6. The method of claim 5, wherein one of a number of encrypted data sets that make up the encrypted data is used.
Receiving identification information from a remote device;
Determining an encrypted data set associated with the identification information;
A method comprising: decrypting the encrypted data set with an associated key and storing the decrypted data set in the second memory. A method according to any of claims 5 to 11, comprising
An initial step of storing the encrypted data in the first memory;
An initial step of storing in the second memory a key for decrypting the encrypted data. A method according to any of claims 5 to 11, comprising
An initial step of receiving data in a decrypted form from a remote device;
An initial step of generating a random key in the device;
Initializing the data with the key and storing the encrypted data in the first memory;
An initial step of storing the key in the second memory. A method according to any of claims 5 to 11, comprising
An initial step of receiving the encrypted data from a remote device;
An initial step of receiving the key via a tamper-resistant communication channel;
An initial step of storing the encrypted data in the first memory;
An initial step of storing the key in the second memory.

Images