主权项 |
1. A secure system for exchanges of secret data comprising at least two devices playing the role of host (H) or client (Cl), whereof at least the client is portable, communicating with a network via connection or communication means, each device (H, Cl) comprising at least one programmable and permanent non-volatile memory area and data-processing means, an encryption/decryption algorithm for data coupled to a first set of secret keys (ENC, MAC, DEK) stored in a secret area of the device not accessible from the exterior, the devices being intended to exchange secret data securely by the processing means of at least one device via the encryption/decryption algorithm and the first set of secret keys (ENC, MAC, DEK), after having opened at least once a secure communication channel between the two devices (H, Cl), the host device comprising at least one second set of secret keys (ENCc1, MACc1, DEKc1) stored in a memory area intended to be sent to the client device (Cl), wherein the keys of the second set (ENCc1, MACc1, DEKc1) are encrypted by the processing means of the host device (H) by means of the encryption/decryption algorithm and of at least one key of the first set (ENC, MAC, DEK), the encrypted keys of the second set (ENC*c1, MAC*c1, DEK*c1) being sent by the processing means of the host device (H) in a memory area of the client device (Cl), the encrypted keys of the second set (ENC*c1, MAC*c1, DEK*c1) being decrypted by the processing means of the client device (Cl) by means of the encryption/decryption algorithm and of at least one secret key of the first set (ENC, MAC, DEK), this second set of secret keys (ENCc1, MACc1, DEKc1) being now utilised with the encryption/decryption algorithm by the processing means of the host and client devices (H, Cl) to secure the data exchanged between said devices. |