1. Field of the Invention
The invention relates to a process for controlling or managing secret keys between two smart cards.
At present, smart cards are undergoing a high degree of development as data certification and authentication means, as a result of their capacity to store secret data.
The invention relates to all smart card types used for the authentication and certification of data and which are intended to be read by a data processing system having a smart card reader. For example, said smart cards can be cards of terminals communicating behind a switched network, such as the smart cards of fax machines or cash dispensers. Throughout the remainder of the present description, these smart cards will merely be referred to as cards.
2. Brief Description of Related Prior Art
In most card-based data processing systems, it is standard practice to use a central data base able to read the main smart cards, known as "mother cards". To said central data base are connected a plurality of data processing terminals able to read secondary smart cards known as "daughter cards". These terminals are then connected in accordance with a star architecture to the central data base. In accordance with this star architecture, the communication can only be established between the mother card and one of the daughter cards. Two daughter cards cannot communicate together, i.e. exchange information with one another.
In addition, a data processing system having such an architecture makes it possible to carry out secure transactions between the daughter cards and the mother cards, but they do not permit a mutual secure transaction between two daughter cards.
Such a data processing system also suffers from the disadvantage of requiring, during the establishment of a common session key between two smart cards, that each of the said cards has a personal secret key identical to the secret key of the other card with which it is wished to establish a common session key.
Such a data processing system using a microprocessor card and which implements a cryptographic algorithm is described in French patent applications FR-A-2 601 795 and 2 469 760 (corresponding to U.S. Pat. Nos. 4,811,393 and 4,471,216, respectively). Thus, these patent applications describe devices implementing a communication process between a mother card and daughter cards organized in star network manner. The operations which can be performed by these processes can consequently only take place between a mother card and the daughter cards with the aid of secret keys obtained by the diversification of the mother key (secret key of the mother card). Each secret key obtained in this way is consequently the result of a calculation involving the mother card and a parameter specific to the daughter card with which the mother card wishes to communicate. Therefore such a data processing system does not make it possible to implement a process using a common session key between two daughter cards.
Another known data processing system is described in a commercial note of the Centre common de FRANCE TELECCM and TDF, CCETT. This system has a multiservice microprocessor card known under the trade name "Mimosa". Such a multiservice microprocessor card uses a public key algorithm. Two cards of this type are able to authenticate one another. They can emit and verify signatures using the identity-based public key algorithm. Such a public key algorithm can also permit the establishment of a session key between two cards. This algorithm implements arithmetic operations (multiplications, powers, divisions) on numbers of several hundred bits. This calculation complexity makes it necessary, for producing such cards, to have top of the range components, which are at present very expensive.