摘要 |
The invention relates to a central security device for smart cards. The central security device (1) is connectable, via a data communication channel (15), to at least one terminal (10) suitable for performing card operations on a smart card (20), and the central security device comprises:
- a central key storing and handling module (3) for storing and handling one or more symmetric or asymmetric keys necessary for performing card operation on smart cards (20);
- a terminal interface (2) connected therewith for performing card operation on smart cards (20) over the at least one terminal (2). The invention further relates to a central security system for smart cards, characterised by comprising such a central security device (1) and at least one terminal (10) suitable for performing card operations on a smart card (20) and being connectable with the central security device (1) via a data communication channel (15). The invention further relates to a central security method for performing card operation on smart cards (20). The method comprises the steps of:
- reading in card data from a smart card (20) by a terminal (1) suitable for performing card operation on smart cards (20), upon detection of the smart card (20);
- creating a terminal side data package by the terminal (10) using the card data read from the smart card (20);
- transmitting the terminal side data package to a central security device (1) over a data communication channel (15) established between the terminal (10) and the central security device (1);
- generating, based on the terminal side data package, a key by a key storing and handling module (3) of the central security device (1) for performing a given card operation;
- creating by the central security device (1) a central side data package for performing the given card operation using the generated keys, which central side data package is optionally authenticated and encoded;
- transmitting the central side data package to the terminal (10) over a data communication channel (15) which is optionally authenticated and encoded;
- performing the given card operation by the terminal (10) using the received central side data package. |