Patents by Inventor Gisela Meister
Gisela Meister has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10867326Abstract: A method for securing a transaction in a reputation system includes the following steps: authenticating a user vis-à-vis an end device by means of an electronic proof of identity for releasing authentication data for the digital identity that are stored on the end device, and authenticating the digital pseudonym assigned to the user vis-à-vis the reputation system by means of the end device while employing the stored authentication data pertaining to the digital pseudonym. The electronic proof of identity can be present as an electronic identity card in the form of a portable data carrier.Type: GrantFiled: December 9, 2013Date of Patent: December 15, 2020Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBHInventors: Gisela Meister, Dirk Wacker, Katharina Wallhausser
-
Patent number: 10496985Abstract: The invention creates a method for loading an electronic amount of money represented as a random number sequence to a portable data carrier, with a conversion of the random number currency to the data carrier currency, and a disbursement of one or several money unit(s) from a portable data carrier, with a conversion of the data carrier currency to the random number currency.Type: GrantFiled: October 11, 2013Date of Patent: December 3, 2019Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBHInventors: Gisela Meister, Jan Eichholz
-
Patent number: 10050788Abstract: The invention creates a method for the contactless readout of an electronic identification document by means of a terminal, wherein in a data reading step encrypted identification data from a data memory are transmitted to the terminal, and in a key reading step the data key with which the identification data can be decrypted is transmitted to the terminal, and in the terminal the identification data are decrypted with the data key. The data reading step is carried out employing a long-range radio connection, and the key reading step is carried out employing a short-range radio connection.Type: GrantFiled: December 18, 2012Date of Patent: August 14, 2018Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBHInventors: Jan Eichholz, Gisela Meister, Thomas Aichberger
-
Patent number: 9722800Abstract: There is provided a method for creating an authentication entity derived from an original data carrier, wherein the original data carrier has a key pair that is individual to the original data carrier and comprises a public key and a secret key of the original data carrier, and a certificate for the public key of the original data carrier. The method comprises the following steps: deriving a secret key for the derived authentication entity from the secret key of the original data carrier by the original data carrier; forming derivation data for the derived authentication entity; transferring authentication data to the derived authentication entity, wherein the authentication data have the derivation data, the certificate of the public key of the original data carrier as well as a derived key pair which comprises the derived secret key and the public key of the original data carrier.Type: GrantFiled: July 22, 2013Date of Patent: August 1, 2017Assignee: Giesecke & Devrient GmbHInventors: Gisela Meister, Jens Urmann
-
Patent number: 9411981Abstract: The invention relates to a method for activating a portable data carrier (1) in which a first portable data carrier (1) is supplied in an inactive state to a user, after the user has requested the first data carrier (1) with the aid of a second portable data carrier (2) from a central instance, whereby the first and the second data carrier (1, 2) have access to authentication data for mutual authentication. In the method according to the invention a communication connection is set up between the first and the second data carrier (1, 2), via which the first and the second data carrier (1, 2) mutually authenticate each other on the basis of the authentication data and establish a cryptographically secured end-to-end connection. Via this end-to-end connection then the second data carrier (2) activates the first data carrier (1) by transmitting activation data to the first data carrier (1).Type: GrantFiled: September 1, 2010Date of Patent: August 9, 2016Assignee: GIESECKE & DEVRIENTInventors: Jan Eichholz, Gisela Meister, Henning Daum
-
Patent number: 9325504Abstract: A method and a system for secure transfer of an application from a server (S) into a reading device unit (2) with authentication of a user with a data carrier unit (1), the server (S) making available the application, wherein, between the data carrier unit (1) and the server (S), a first cryptographically secured channel (K1) is set up based on first cryptographic information (A), and between a security module (3) of the reading device unit (2) and the server (S) a second cryptographically secured channel (K2) is set up based on second cryptographic information (B). The application is transferred from the server to the reading device unit via the second cryptographically secured channel (K2).Type: GrantFiled: March 25, 2011Date of Patent: April 26, 2016Assignee: GIESECKE & DEVRIENT GMBHInventors: Dieter Weiss, Gisela Meister, Jan Eichholz, Florian Gawlas
-
Patent number: 9275241Abstract: In a cryptographic method between a portable data carrier and a terminal device there are employed a public data-carrier key and a secret data-carrier key of the data carrier as well as a public terminal key and a secret terminal key of the terminal device. The data carrier employs as a public data-carrier key a static public key. As a secret data-carrier key the data carrier employs a secret key that is derived from a secret basic key associated with the public data-carrier key. Within the framework of the method, the terminal device checks an authentication parameter associated with the data carrier and different from the data-carrier keys.Type: GrantFiled: December 21, 2011Date of Patent: March 1, 2016Assignee: GIESECKE & DEVRIENT GMBHInventor: Gisela Meister
-
Publication number: 20150332361Abstract: A method for securing a transaction in a reputation system includes the following steps: authenticating a user vis-à-vis an end device by means of an electronic proof of identity for releasing authentication data for the digital identity that are stored on the end device, and authenticating the digital pseudonym assigned to the user vis-à-vis the reputation system by means of the end device while employing the stored authentication data pertaining to the digital pseudonym. The electronic proof of identity can be present as an electronic identity card in the form of a portable data carrier.Type: ApplicationFiled: December 9, 2013Publication date: November 19, 2015Inventors: Gisela MEISTER, Dirk WACKER, Katharina WALLHAUSSER
-
Publication number: 20150302399Abstract: The invention creates a method for loading an electronic amount of money represented as a random number sequence to a portable data carrier, with a conversion of the random number currency to the data carrier currency, and a disbursement of one or several money unit(s) from a portable data carrier, with a conversion of the data carrier currency to the random number currency.Type: ApplicationFiled: October 11, 2013Publication date: October 22, 2015Inventors: Gisela MEISTER, Jan EICHHOLZ
-
Publication number: 20150236858Abstract: There is provided a method for creating an authentication entity derived from an original data carrier, wherein the original data carrier has a key pair that is individual to the original data carrier and comprises a public key and a secret key of the original data carrier, and a certificate for the public key of the original data carrier. The method comprises the following steps: deriving a secret key for the derived authentication entity from the secret key of the original data carrier by the original data carrier; forming derivation data for the derived authentication entity; transferring authentication data to the derived authentication entity, wherein the authentication data have the derivation data, the certificate of the public key of the original data carrier as well as a derived key pair which comprises the derived secret key and the public key of the original data carrier.Type: ApplicationFiled: July 22, 2013Publication date: August 20, 2015Applicant: Giesecke & Devrient GmbHInventors: Gisela Meister, Jens Urmann
-
Patent number: 9098734Abstract: A system for recognizing the presence of a second portable data carrier by a first portable data carrier, wherein the data carriers have respectively a contactless interface with an antenna and an electronic circuit for storing and/or processing data. An RFID reading device supplies the data carriers with energy and for the respective communication of the data carriers with the reading device. In the first and the second data carrier there is respectively provided a further communication device, via which an additional, direct communication channel, independent of the field of the reading device, is made available between the first and the second data carrier, to thereby check the immediate presence of the second data carrier in the field of the reading device by the first data carrier.Type: GrantFiled: March 25, 2011Date of Patent: August 4, 2015Assignee: GIESECKE & DEVRIENT GMBHInventors: Klaus Finkenzeller, Gisela Meister
-
Patent number: 8966275Abstract: A method for authenticating a portable data carrier (10) to a terminal device by the following steps: In the data carrier (10) a public session key (PKSession) is derived (S5) from a public key individual to the data carrier (PKi) which has in its turn been derived (TS32; S1) from a public group key (PK). Further, a secret session key (SKSession) is derived (S4) from a secret key individual to the data carrier (SKi) which has in turn been derived (TS31) from a secret group key (SK). Subsequently, a secret communication key (KK) is agreed on (S7) between the data carrier (10) and the terminal device. Finally, the terminal verifies (S8) the public session key (PKSession) of the data carrier (10).Type: GrantFiled: March 7, 2011Date of Patent: February 24, 2015Assignee: Giesecke & Devrient GmbHInventors: Jan Eichholz, Gisela Meister
-
Patent number: 8953804Abstract: In a method for establishing a secure communication channel between a portable data carrier (10) and a terminal on the basis of an asymmetric cryptosystem, a value (X; Y; V; W) derived from a public key (PKD; PKT) of the cryptosystem is displayed on a display device (40) of the data carrier (10).Type: GrantFiled: September 22, 2010Date of Patent: February 10, 2015Assignee: Giesecke & Devrient GmbHInventors: Jan Eichholz, Gisela Meister, Dirk Wacker, Markus Sauermann
-
Publication number: 20140333416Abstract: The invention creates a method for the contactless readout of an electronic identification document by means of a terminal, wherein in a data reading step encrypted identification data from a data memory are transmitted to the terminal, and in a key reading step the data key with which the identification data can be decrypted is transmitted to the terminal, and in the terminal the identification data are decrypted with the data key. The data reading step is carried out employing a long-range radio connection, and the key reading step is carried out employing a short-range radio connection.Type: ApplicationFiled: December 18, 2012Publication date: November 13, 2014Inventors: Jan Eichholz, Gisela Meister, Thomas Aichberger
-
Patent number: 8866585Abstract: A method and system for challenge-response authentication are provided. Challenge data are transferred within an anti-collision loop from a reading device to a transponder by means of one or more commands of an anti-collision method, with the one or more commands serving to determine transponder identification data. In the one or more commands respective challenge data are contained in a data field that is used for specifying transponder identification data, wherein it is indicated to the transponder by a parameter value in the at least one of the one or more commands that the data field of the one or more commands contains challenge data instead of transponder date. The transponder recognizes with the help of the parameter value that in the received one or more commands challenge data are contained. The transponder processes the transferred challenge data based on the challenge response authentication.Type: GrantFiled: October 26, 2009Date of Patent: October 21, 2014Assignee: Giesecke & Devrient GmbHInventors: Klaus Finkenzeller, Gisela Meister, Dirk Wacker
-
Patent number: 8793495Abstract: A method for authenticating a portable data carrier (10) to a terminal device employs a public key (PKG) and a secret key (SK1) of the data carrier (10) as well as a public session key (PKT) and a secret session key (SKT) of the terminal device. The data carrier (10) employs as a public key a public group key (PKG). As a secret key the data carrier (10) employs a key (SK1) that has been derived from a secret group key (SKG) associated with the public group key (PKG).Type: GrantFiled: August 19, 2011Date of Patent: July 29, 2014Assignee: Giesecke & Devrient GmbHInventor: Gisela Meister
-
Publication number: 20130326235Abstract: In a cryptographic method between a portable data carrier and a terminal device there are employed a public data-carrier key and a secret data-carrier key of the data carrier as well as a public terminal key and a secret terminal key of the terminal device. The data carrier employs as a public data-carrier key a static public key. As a secret data-carrier key the data carrier employs a secret key that is derived from a secret basic key associated with the public data-carrier key. Within the framework of the method, the terminal device checks an authentication parameter associated with the data carrier and different from the data-carrier keys.Type: ApplicationFiled: December 21, 2011Publication date: December 5, 2013Applicant: GIESECKE & DEVRIENT GMBHInventor: Gisela Meister
-
Publication number: 20130151854Abstract: A method for authenticating a portable data carrier (10) to a terminal device employs a public key (PKG) and a secret key (SK1) of the data carrier (10) as well as a public session key (PKT) and a secret session key (SKT) of the terminal device. The data carrier (10) employs as a public key a public group key (PKG). As a secret key the data carrier (10) employs a key (SK1) that has been derived from a secret group key (SKG) associated with the public group key (PKG).Type: ApplicationFiled: August 19, 2011Publication date: June 13, 2013Inventor: Gisela Meister
-
Publication number: 20130031357Abstract: A method and a system for secure transfer of an application from a server (S) into a reading device unit (2) with authentication of a user with a data carrier unit (1), the server (S) making available the application, wherein, between the data carrier unit (1) and the server (S), a first cryptographically secured channel (K1) is set up based on first cryptographic information (A), and between a security module (3) of the reading device unit (2) and the server (S) a second cryptographically secured channel (K2) is set up based on second cryptographic information (B). The application is transferred from the server to the reading device unit via the second cryptographically secured channel (K2).Type: ApplicationFiled: March 25, 2011Publication date: January 31, 2013Inventors: Dieter Weiss, Gisela Meister, Jan Eichholz, Florian Gawlas
-
Publication number: 20130009752Abstract: A system for recognizing the presence of a second portable data carrier by a first portable data carrier, wherein the data carriers have respectively a contactless interface with an antenna and an electronic circuit for storing and/or processing data. An RFID reading device supplies the data carriers with energy and for the respective communication of the data carriers with the reading device. In the first and the second data carrier there is respectively provided a further communication device, via which an additional, direct communication channel, independent of the field of the reading device, is made available between the first and the second data carrier, to thereby check the immediate presence of the second data carrier in the field of the reading device by the first data carrier.Type: ApplicationFiled: March 25, 2011Publication date: January 10, 2013Inventors: Klaus Finkenzeller, Gisela Meister