CHIP INITIALIZATION WITH OPERATING SYSTEM SHOP
Patent Information
- Authority / Receiving Office
- DE · DE
- Patent Type
- Patents
- Current Assignee / Owner
- GIESECKE & DEVRIENT EPAYMENTS GMBH
- Filing Date
- 2022-02-02
- Publication Date
- 2026-06-11
AI Technical Summary
Existing chip initialization methods are inefficient and time-consuming in personalization stations due to the need for individual cryptographic operations for each chip, particularly in replacing issuer-unspecific keys with issuer-specific keys, leading to high processing times and limited throughput.
A method involving loading an image with a non-specific master key onto multiple chips, followed by deriving unique keys within the chips using batch-specific data, allowing issuer-specific keys to be transitioned en masse outside the chip, reducing the need for individual chip-specific calculations in personalization stations.
This approach significantly reduces personalization time in personalization stations by enabling batch processing of chips, minimizing the time spent in cryptographic operations, while maintaining security through the use of unique keys per chip.
Description
Field of invention
[0001] The invention relates to the field of chip initialization of an embedded system chip, for example a chip card chip or a chip for a wearable such as a smartwatch or fitness tracker or the like, by loading an image that contains at least an operating system for the embedded system chip and an initial personalization master key ISK(M), and preferably additionally contains application software. State of the art
[0002] The general principles of chip initialization are described, for example, in [1] Rankl / Effing, Handbook of Chip Cards, as well as in the specifications [2] EMV CPS 1.1 - Card Personalization Specification July 2007, and [3] Global Platform Technology Card Specification, Version 2.3.1, Public Release March 2018, Document Reference: GPC_SPE_034.
[0003] The following section describes the state of the art for chip initialization using a [method / method - context needed]. Figure 1 and 4 Described as an example using a chip card. Figure 4 shows the complete process of chip personalization in a broader sense, of which initialization is a part. Figure 1 This shows the initialization, which forms an initial part of the chip personalization. The initialization, as shown in Figure 4The image shows the first part of the personalization process. Initialization involves loading an operating system onto the chip by writing an operating system image (load flash image). Following the loading of the operating system, initialization includes configuring it by writing the necessary keys to the chip. Initialization also includes pre-personalization, which involves adding non-personal data, such as a file system, as well as applications and / or applets. With pre-personalization, initialization is complete, and the chip is initialized or brought into the "INITIALIZED" state. Sometimes, pre-personalization is also referred to as part of the personalization process, rather than initialization.
[0004] Following initialization, personalization in the narrower sense takes place, whereby data specific to the cardholder is entered, such as the cardholder's name. The invention is directed to the initialization phase. Subsequent personalization is not the subject of the invention and can be carried out in essentially any way.
[0005] The chip initialization of an embedded system chip implemented in an embedded system with a form factor other than that of a chip card, for example in a solderable chip module, can be carried out in essentially a similar or identical manner.
[0006] Details of the conventional chip initialization are in Fig. 1The present application is illustrated in a flowchart. Chip initialization begins with an initially empty non-volatile memory (NVM) on the chip card, e.g., flash memory, as indicated by the flowchart box "EMPTY".
[0007] In an initial setup step, typically performed by a chip or operating system manufacturer, an operating system is loaded onto the initially empty chip (EMPTY) using a load flash image. This operating system may, but does not necessarily, already contain the application software required for the chip's subsequent use. In the case of a payment card, for example, the application software is used to authenticate a payment transaction. This software may, optionally, but does not have to, be already implemented in the operating system, or alternatively, it may be provided independently. In the latter case, an operating system can be loaded onto the chip as an operating system image without the application software, and the application software can be loaded only afterward.
[0008] In the next initialization step, the operating system is configured for further use. This includes, among other things, the exchange of the necessary keys. During the key exchange, the originally existing non-specific personalization master keys ISK(M), identical for a large number of chips, are converted into a card-specific, chip-specific personalization key ISK(D). This is done, for example, by deriving the specific key ISK(D) from the master key ISK(M) through a key derivation process. This step can be performed either by the card manufacturer, by a contracted external company, or by the card issuer.
[0009] Furthermore, conventional chip initialization includes a third initialization step performed by an initializer acting on behalf of a card issuer. The card issuer could be, for example, a bank, a health insurance company, etc., and the card could be a payment card, a health insurance card, a healthcare professional ID card, etc. During this step, a key specific to the card issuer is embedded into the chip.
[0010] To mitigate risk, each card issuer receives its own issuer-specific personalization master key (KMC(M)). This ensures that the compromise of a single KMC(M), such as accidental or malicious disclosure, leaves the corresponding keys of other card issuers unaffected. Therefore, the operating system or card manufacturer currently has to either exchange the key for each card issuer if the card manufacturer loads the operating system itself, or, if the operating system is loaded by an external service provider or the card issuer, create a separate operating system image with the initial personalization master key (ISK(M)) specific to the respective initializer (card issuer). This is a costly process for the operating system manufacturer.
[0011] In the third step, to exchange the personalization key and introduce card issuer-specific data, a personalization station, specifically a Hardware Security Module (HSM), replaces the card-specific key ISK(D) on the chip with a card-specific key KMC(D) for the issuer (e.g., bank). This key is stored securely within the HSM and cryptographically transferred from the HSM to the chip.
[0012] When the issuer-unspecific card- and thus chip-specific personalization key ISK(D) is replaced by the issuer-specific card-specific key KMC(D), authentication takes place between the chip and the HSM, for example an SCP02 or SCP03 authentication.
[0013] Replacing the chip's card-specific key ISK(D) with a card-specific key KMC(D) for the issuer (e.g., bank), and possibly calculating the KMC(D), must be performed individually for each chip card or chip. This key replacement requires several cryptographic operations in the HSM, which must be repeated for each chip. As a result, the time required in the personalization station, particularly in the Hardware Security Module (HSM), is very high.
[0014] The prior art document US 2007 / 095927 A1 discloses a method for chip initialization of a secure element chip, in which, starting from a root key established in the secure element, which is identical for all secure elements of an individual smart card manufacturer, an issuer-specific master key is first derived. Chip-specific keys are then derived from the master key. Summary of the invention
[0015] The invention is based on the objective of creating a method for chip initialization of an embedded system chip that is more efficient than the method described above, in particular having a reduced personalization time expenditure in a personalization station used for personalization, while still ensuring maximum security through the use of individual keys.
[0016] The problem is solved by a method according to claim 1. Advantageous embodiments of the invention are specified in dependent claims.
[0017] The inventive method according to claim 1 effects chip initialization of an embedded system chip by loading an image. The image contains at least one operating system and key information that is identical for a plurality of chips. The image can also additionally contain the specific application software that can later be used under the operating system for the card issuer.
[0018] The procedure includes the following steps: (1) Loading the image onto the chip; (2) Loading additional data from a personalization station onto the chip; (3) On the chip, deriving a unique key for each chip.
[0019] Step (2) Loading further data into the chip is designed as loading: (2.2) a master key KMC(M) specific to a single issuer, which has been encrypted outside the chip with a batch-specific encryption key (SMK(B)), which has been derived from batch-specific key derivation data (DD Batch ) and an initial encryption key SMK(M) that is not specific to any chip, and from the batch-specific key derivation data DD Batch , wherein the image contains the initial encryption key SMK(M) as key information.
[0020] The image therefore contains, in addition to the operating system, an encrypted master key KMC(M) and the key required to decrypt this master key, or alternatively to the invention an initial master key (= preliminary stage to the actual master key) which is to be combined with key derivation data which are supplied to the chip by other means, i.e. outside the image.
[0021] Step (3) In the chip, deriving a key KMC(D) unique to each chip is carried out: (3.2) either starting from the issuer-specific master key KMC(M), or from the decrypted issuer-specific master key KMC(M) and the batch-specific key derivation data DD Batch .
[0022] In addition, the following steps take place outside the chip at a personalization station.
[0023] In case (2.2) providing the combination of key derivation data DD Batch for deriving the issuer-specific master key ISK(M) from the chip (e.g., the chip card) to the personalization station (e.g., an HSM of the personalization station), as well as the specific personalization master key ISK(M) calculated using the derivation data DD Batch for use by the personalization system, e.g., in an HSM.
[0024] Since the transition from an issuer-unspecific, system-specific key to an issuer-specific key is performed using the master key, and not using an already chip-specific key (i.e., before a transition from a key not specific to any individual chip to a chip-specific key occurs), the transition from the issuer-related, non-specific key to the issuer-specific key happens for a large number of chips at once and only once in the personalization system. The same issuer-specific master key can be transmitted for the large number of chips. This saves personalization time outside the chip, in a personalization station where (2.2) is performed. Only after an issuer imprint has been applied to the chip's key material is a chip-specific imprint applied.Or, in other words, initially there is nonspecific key material present that is neither chip-specific nor issuer-specific. Subsequently, an issuer introduces something specific to them into the key material. Only then is something chip-specific introduced into the key material.
[0025] The transition to the chip-specific key material, step (4), takes place within the chip and requires significantly less usage time in a personalization station used for chip initialization. The personalization station is therefore occupied for a shorter period.
[0026] Therefore, according to claim 1, a method for chip initialization of an embedded system chip is provided which is more efficient than the method described above, in particular having a reduced personalization time expenditure in a personalization station used for chip initialization.
[0027] The derivation of a unique key KMC(D) for each embedded system chip within the embedded system chip is optionally further based on a chip-specific chip data, e.g., a chip identifier. The chip-specific chip data (e.g., chip identifier) is fed into the derivation process, in which the chip-specific key KMC(D) is derived from the still chip-nonspecific personalization master key KMC(M). According to the invention, the chip-specific chip data is only fed in after an issuer-specific component, e.g., an issuer data or issuer identifier, has been incorporated into the key material.
[0028] Steps (1), (2), (3) are preferably carried out in the specified order (1), (2), (3).
[0029] Step (2) Input into the chip is designed as input from a personalization station into the chip, and optionally further from a Hardware Security Module (HSM) into the chip.
[0030] The method is aimed at initializing a batch of multiple chips in batch operation.
[0031] According to the invention, the calculation of the chip-specific personalization key for each individual chip by the production equipment, typically in an HSM, is not necessary in the first phase of personalization, but only in the last phase, when the cardholder-specific data is introduced by the card issuer.
[0032] The invention allows the combination of derivation data and specific personalization keys calculated from the derivation data to be used in a way that ensures only these keys need to be passed on to specific personalization systems, e.g., during external initialization or at the customer's end. By creating a new combination for each of these systems, the risk of compromising the overall system is reduced or eliminated. For example, if derivation data and the specific personalization key of a single issuer are compromised, only that single issuer's subsystem is compromised.
[0033] Step (1) of writing the image to the chip and / or step (2) of writing the keys or key derivation data are optionally performed by the chip manufacturer.
[0034] The procedure optionally includes the following step: (4) Setting the embedded system chip's status to a writable status, which specifies that it is permissible to store further data in the embedded system chip; and optionally the further step: (5) Storing further data in the embedded system chip.
[0035] Alternatively, the writable status is set only if one or more of the following conditions are met: authentication to the personalization system.
[0036] Alternatively, both the issuer-specific master key KMC(M) must have been demonstrably derived correctly and authentication must be performed against the personalization system before the chip's status can be set to writable. Brief description of the drawings
[0037] The invention will now be explained in more detail using exemplary embodiments and with reference to the drawing, which shows: Fig. 1 an initialization method according to the prior art; Fig. 2 an initialization method with batch operation, according to first types of embodiments of the invention, with an encryption key in the operating system image; Fig. 3 an initialization method according to an alternative to the invention, with an initial personalization master key and key derivation data in the operating system image; Fig. 4 the overall process of chip personalization, of which chip initialization forms a first part; Fig. 5 components involved in chip personalization. Detailed description of implementation examples
[0038] Fig. 1Figure 1 shows a prior art initialization method for a chip of a smart card. In this method, the chip is connected to a personalization station using various methods, e.g., by contacting the chip embedded in a smart card. In the empty chip (EMPTY), an image of an operating system for the chip is loaded into a non-volatile memory (NVM) of the chip, e.g., flash memory. The image contains an initial personalization master key ISK(M). A chip-specific (and thus also card-specific, if the chip is embedded in a smart card) personalization key ISK(D) is derived from the initial personalization master key ISK(M) within the chip. (This step is omitted according to the invention, as shown below.) The chip is then connected to a hardware security module (HSM) of the personalization station.The chip and the HSM perform mutual authentication. For this, the HSM first calculates the chip-specific personalization key and, in a second step, the temporary keys used for the current communication session with the chip. After successful authentication, the initial, chip-specific personalization key ISK(D) is replaced by an initial Issuer Card Master Key (KMC(D)) specific to a particular customer or issuer, such as a bank. The letter D in KMC(D) represents a chip-specific key. The HSM must also perform the necessary calculations and encryption for this exchange. Subsequently, further general data is stored on the chip, such as the CPLC data, issuer identification (IIN), etc.When multiple chips are personalized, the HSM must perform the necessary calculations, such as key derivation and data encryption, for each chip individually. This results in a high processing time for the personalization station's HSM, and consequently limits the chip throughput, meaning a small number of personalized chips can be processed at any given time within the personalization station.
[0039] Typically, several cards are personalized at once. Accordingly, they contain Figs. 1-3 References such as "for each card" or "for each batch" are not always accurate. However, unless explicitly stated otherwise, the principles outlined above generally also apply to the personalization of a single card.
[0040] Fig. 2 shows an initialization method with batch operation, according to an embodiment of the invention.
[0041] According to Fig. 2An image of an operating system for the chip is loaded into an empty chip (EMPTY) of a smart card intended for an issuer (customer), e.g., a bank, into the chip's non-volatile memory, e.g., flash memory. The image contains an initial encryption key SMK(M). Furthermore, as described in Fig. 2As shown, starting from the initial encryption key SMK(M), which is not specific to any chip, a batch-specific encryption key SMK(B) is derived. This batch-specific key is also not yet specific to a single chip, but its validity is limited to a specific use case, such as a limited number of chips (= a batch) or a specific initializer. In addition, the personalization system provides the chip with specific derivation data DD Batch. The customer-specific master key KMC(M) is provided in the HSM of the personalization system and encrypted there with a batch-specific initial encryption key SMK(B) derived from the initial encryption key SMK(M).When the chip to be personalized is connected to the personalization system, the system can transfer the encrypted, customer-specific master key KMC(M) to the chip in encrypted form, without further involvement of the HSM. The chip extracts the encryption key SMK(M) from the image and derives the batch-specific initial encryption key SMK(B), and decrypts the customer-specific master key KMC(M) using SMK(B). The chip then derives the customer-specific (issuer-specific) and chip-specific card master key (key) KMC(D) from the decrypted master key KMC(M) (the letter D in KMC(D) represents a chip-specific key). Subsequently, further personalization data, such as CPLC, data, and IIN, can be stored on the chip.
[0042] Fig. 3This document describes a personalization method according to an alternative to the invention. An image of an operating system for the chip is loaded into a non-volatile memory (NVM) of a chip card, e.g., flash memory, within an empty chip (EMPTY). The image contains an initial personalization master key (ISK(M)). At this point in the process, the derivation of a chip-specific key is omitted. The personalization system only needs to be informed of the customer-specific (issuer-specific) key derivation data (DD KMC) and the already calculated specific personalization master key (KMC(M)). The personalization system transfers the key derivation data (DD KMC) to the chip. The customer-specific personalization master key (KMC(M)) is then calculated within the chip from the initial personalization master key (ISK(M)) and the customer-specific key derivation data.In a further step, the chip-specific personalization key KMC(D) is derived from the personalization master key KMC(M). Subsequently, further non-critical personalization data, such as CPLC data, IIN, etc., can be stored on the chip. Since the personalization steps in the HSM, which involve a transition from customer-unspecific keys to customer-specific keys before diversification to individual chips within the batch, are completed in a single step, the entire batch can be individualized to the customer / issuer. Only then does individual-chip personalization take place.
[0043] Fig. 4This diagram illustrates the entire chip personalization process, with chip initialization forming the first part. A (flash) image is loaded onto the empty chip to install the operating system. After the image is loaded, a (basic) configuration is written to the chip, thus configuring the already loaded operating system. Now the chip is ready to be personalized. First, pre-personalization takes place, which involves writing non-personal data, such as a file system, as well as applications and / or applets. Once pre-personalization is complete, the chip is in the initialized state. With pre-personalization, chip initialization is complete. Personalization then proceeds from this initialized state.
[0044] Fig. 5Figure 1 shows the components involved in chip personalization. After chip initialization, a chip 1 contains an operating system 2 (OS) and key data 3 (Key Data). Chip personalization, in particular chip initialization, is performed by a personalization station 5, for example, a PC or server, on which personalization software or production software 6 runs, the functionality of which is the personalization of chips. For cryptographic operations that are intended to remain hidden from an operator of the personalization station 5, or at least can remain hidden, a Hardware Security Module (HSM) is connected or can be connected to the production station. The HSM contains key material 8 (Key Data), which is protected against being read and tampered with by the personalization station.
Claims
1. A method for chip initialization of an embedded system chip, in particular an embedded system chip from a batch of embedded system chips, by loading an image that contains at least - an operating system for the chip, - as well as key information that is identical for a plurality of chips; the method comprising the steps: (1) Loading the image into the chip, wherein the image contains an initial encryption key (SMK (M)) as key information; (2) Loading the following into the chip from a personalization station: (a) a master key (KMC(M)) specific to a single issuer, which has been encrypted outside the embedded system chip using a batch-specific encryption key (SMK(B)), which in turn has been derived using batch-specific key derivation data (DDBatch ) derived from the initial encryption key SMK(M), which is not specific to any chip; and (b) the batch-specific key derivation data (DDBatch ); (3) In the embedded system chip: (a) extracting the initial encryption key (SMK(M)) from the loaded image and, using the loaded batch-specific key derivation data (DDBatch ), deriving the batch-specific encryption key (SMK(B)); (c) Decrypting the issuer-specific master key (KMC(M)) using the derived batch-specific encryption key (SMK(B)); and (d) Deriving a key (KMC(D)) that is unique to each embedded system chip from the decrypted issuer-specific master key (KMC(M)).
2. The method according to claim 1, wherein the steps are performed in the specified order (1), (2), (3).
3. A method according to claim 1 or 2, wherein calculations of keys performed outside the embedded system chip and / or the storage in the embedded system chip of keys calculated outside the embedded system chip are performed by a hardware security module (HSM).
4. A method according to any one of claims 1 to 3, wherein step (1), loading the image into the embedded system chip, is configured as loading by the chip manufacturer.
5. A method according to any one of claims 1 to 4, wherein step (1) of loading the image into the embedded system chip and step (2) of loading the keys or key derivation data are performed by the chip manufacturer.
6. A method according to any one of claims 1 to 5, wherein a central derivation of a chip-specific key ISK(D) prior to the derivation of an issuer-specific key is omitted.
7. A method according to any one of claims 1 to 6, further comprising: (4) Setting a status of the embedded system chip to a writable status, thereby determining that storing further data in the embedded system chip is permitted; and optionally the further step: (5) Storing further data in the embedded system chip.
8. A method according to claim 7, wherein the writable status is set only upon fulfillment of the following condition: authentication with the personalization system.
9. A method according to any one of claims 1 through 8, wherein the image additionally contains application software.