EP3811584A1 - Smartcard as a security token - Google Patents
Smartcard as a security tokenInfo
- Publication number
- EP3811584A1 EP3811584A1 EP19734247.0A EP19734247A EP3811584A1 EP 3811584 A1 EP3811584 A1 EP 3811584A1 EP 19734247 A EP19734247 A EP 19734247A EP 3811584 A1 EP3811584 A1 EP 3811584A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- key
- security
- token server
- card
- token
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/36—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
- G06Q20/367—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
- G06Q20/3672—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes initialising or reloading thereof
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/36—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
- G06Q20/367—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
- G06Q20/3674—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes involving authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/385—Payment protocols; Details thereof using an alias or single-use codes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4018—Transaction verification using the card verification value [CVV] associated with the card
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/409—Device specific authentication in transaction processing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/067—Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
- G06F21/35—User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
Definitions
- the present invention is directed to a method for providing a security key, a smart card according to the invention being used to generate it.
- a clever procedure is proposed that enables the smart card, in cooperation with a token server, to provide, for example, a so-called one-time password or a dynamic check number.
- the present invention is also directed to a correspondingly configured computing arrangement and to a computer program product with control commands which implement the method or operate the computing arrangement.
- DE 10 2012 111 481 B4 shows a method for controlling the installation of an application on a mobile device with a token provider installed on the mobile device, which token knows the network address of a token server.
- DE 600 23 340 T2 shows a photographic system which u. a. used a token server.
- Check numbers are also known, which are intended to ensure that the user has the card for a transaction.
- CVC card verification codes
- the state of technology knows so-called card verification codes (CVC), i.e. a predetermined card number, which can be found on the back of a credit card.
- CVC card verification codes
- Such verification numbers are visible to everyone, including unauthorized cardholders, and are therefore insecure.
- display cards that is to say smart cards which are equipped with a display and which dynamically calculate a test number at runtime.
- the display card has electronic components in addition to the display, which carry out corresponding computing steps.
- Mobile phones are increasingly used in payment services because they have the necessary computing capacity and communication interfaces.
- different interfaces are known in mobile phones, where so-called nearfield communication is increasingly being used.
- nearfield communication is increasingly being used.
- software-based methods and hardware-based methods when generating security-relevant keys or authorization. Therefore, a brief overview of known methods is given below.
- a method for providing a security key using a smart card as a security token and a token verse comprising transmitting a random challenge message generated by the token server via a, in particular secured, data connection from the token server to a terminal, forwarding the generated one Challenge message from the terminal to the smart card, which transmits at least one piece of security information as a response message to the token server via the, in particular secured, data prompted to check the transmitted security information by the token server and, if the check is positive, to generate a symmetrical key as a function of the transmitted security information, to calculate a security key as a function of the generated symmetric key and to provide the calculated security key by means of the, in particular secured, Data connection from the token server to the terminal.
- the symmetric key can also be called a secret key.
- the security key can also be referred to as a security code or security check number.
- the EMC specialist understands a specification for payment cards, which is named after companies of the corresponding consortium, namely Europay International, MasterCard and VISA.
- HSM describes a so-called hardware security module, which is typically used as an internal or external peripheral device for the secure storage of cryptographic keys and the efficient and secure execution of cryptographic operations or applications.
- an existing and personalized security token for example a smart card, can be used to provide a one-time password OTP, e.g. B. for the login to a web service or the authorization of a transaction, or a dynamic CVC for an e-commerce transaction.
- OTP e.g. B.
- the existing token does not have to be modified for this. It serves as a hardware anchor for the secure generation of a one-time password or a verification number.
- a token server is introduced that takes over the authentication of the card and the derivation of the secret seed value (symmetrical key / symmetrical secret). While an asymmetrical key can be derived in accordance with the prior art and a server challenge is thereby signed, it is advantageous in the present invention to derive a symmetrical secret, in the calculation of which further external data may possibly also flow, such as for example Transaction data or time-dependent random data. This seed value must also be safely exported for verification on the web service.
- the process comprises various process steps, which can be represented in different granularity.
- An exemplary embodiment is described below, which has several steps, which can also be summarized. In this context, it may also be possible to add further sub-steps.
- the provision of the security key is demonstrated, which can be present as a so-called one-time password OTP or a check number CVC.
- the method for OTP / CVC generation is based on the following steps:
- Step 1 A, in particular secure, connection or data connection is established between the end user device (e.g. mobile phone) and the token server.
- the end user device e.g. mobile phone
- the token server e.g. TLS connection
- Step 2 The token server generates a random challenge, which it sends to the end user device.
- Step 3 The end user is asked to hold his EMV card against the mobile phone or to insert it into the card reader (PC / laptop). Optionally, he can also be asked to enter a PIN or a password that he himself selected in the registration phase.
- Step 4 The challenge of the token server (step 2) is sent to the card.
- the card responds with a signature and / or cryptogram, depending on the type of card and the method used (DDA, SDA, CDA).
- the chal lenge is included in the calculation of the signature or the cryptogram.
- data read out from the card e.g. PAN, cardholder name, expiration date
- PIN / password sent to the token server.
- a hash value can also be sent to the token server using a PIN / password.
- Step 5 the token server checks the signature or the cryptogram of the card for validity. Depending on the type of card, this can be done with publicly known keys (public keys) of the card network or by requesting the card issuer in the case of card cryptograms based on symmetrical keys. Alternatively, the symmetrical keys could be stored on the token server. In this case, the token server can check the cryptogram itself.
- public keys publicly known keys
- the symmetrical keys could be stored on the token server.
- the token server can check the cryptogram itself.
- Step 6 After successfully checking the card signature, the token server derives the symmetrical key (seed value) in accordance with one aspect of the present invention for OTP / CVC generation.
- Card data eg PAN, cardholder name, expiration date, card sequence number, ...) and the user's PIN / password are used for this.
- a server-specific secret eg a master key stored in an HSM
- a specific identifier of the web service (relying party) can also be included in the derivation (e.g. URL).
- the hash value can be formed from the card and user data and encrypted with the master key. Any cryptographically secure one-way function that maps the output data (card data, user data) unambiguously and collision-resistant to the final value (symmetrical secret) is generally suitable for derivation.
- Step 7 The actual OTP or CVC value is now calculated by the token server from the secret seed value derived in step 6.
- the calculation can be based on existing and known methods (e.g. OATH protocols such as T-OTP, H-OTP).
- OTP Order to Price
- Other data can also be included in the calculation of the OTP. This can e.g. Transaction data (or their hash values), if a transaction-specific OTP is formed to authorize a transaction. This data was then previously transmitted from the end user device to the token server.
- a challenge that was either transmitted by a server or entered by the user can also be included in the calculation of the OTP value.
- a CV that is valid for a limited period of time can be included in the calculation of a CVC.
- This random value is generated by the token server or another server and is valid for a predefined time interval. This value ensures that no future CVC values are predictable and there is proof that the card from which the CVC value is derived was actually available to the user at the time of the transaction. This prevents an attacker who does not have the card physically, carries out transactions with stolen credit card data.
- the generated CVC value can then be used within the time interval for an eCommerce transaction ("Card non present transaction"). Typical time intervals are 1 minute, 10 minutes, 20 minutes, or 1 hour.
- Step 8 The OTP / CVC value generated in step 7 is exported to the end user device via the, in particular secure, data connection. The value can then be displayed there or forwarded directly to a web service (verification server) for checking there.
- a web service verification server
- the token server can export the OTP / CVC value directly to a web service via a predefined interface.
- the destination address must have been communicated to the token server beforehand by the end user device.
- Step 1-6 proceed analogously to the phase of the OTP / CVC generation.
- the destination address of the web service can optionally be transmitted to which the secret seed value is to be transmitted.
- Step 7 The secret seed value is now exported to the corresponding web service.
- the web service needs the seed in order to be able to later check the OTP / CVC values on the server side.
- the web service In contrast to the token server, which derives the seed value dynamically with every transaction, the web service must save the seed permanently and securely. This export can take place via the end user device, which then forwards the value to the web service, or directly through the token server to the web service.
- the seed value should preferably be encrypted for export.
- the web service can transfer a certificate and a URL via the end user device.
- the token server then uses a whitelist to check whether it is an authorized web service.
- the seed value is encrypted and exported using the certificate's public key.
- the token server itself provides the functionality to check the OTP / CVC value. To do this, he provides the web service with an appropriate interface. The web service transmits the
- the token server has temporarily stored the user's seed value for the period of validity of the OTP / CVC value. During this period of validity, the web service can contact the token server and have the validity of the OTP / CVC value checked. After the validity interval has expired the token server rejects the seed value according to one aspect of the present invention.
- the web service uses an "ID-based encryption" (IBE) scheme according to the prior art.
- IBE "ID-based encryption”
- the end user transfers a URL or other specific identifier of the web service when registering.
- the token server uses this identifier as a public key (according to the corresponding and known IBE scheme) and uses it to encrypt the seed value.
- the encrypted seed value is either transferred to the end user device or directly to the web service.
- the proposed method is used to provide a security key, such as used in a payment process who can.
- the security key can be kept available to a web service or a payment terminal.
- An authorization is then issued.
- the smart card is a credit card that has electronic components that enable computing operations to be carried out or data communication to be carried out.
- a smart card typically comprises a computing unit, a storage unit and an induction coil.
- the induction coil is used for the power supply and can also act as an antenna for data communication. Alternatively, the power supply and the communication can be carried out with contacts.
- the smart card is physically present and can thus act as a security token that the user always carries with him.
- a smart card is a credit card with a correspondingly more compact one Design that does not bother the user, and thus the user acceptance is not weakened.
- the token server can generally be provided as a server, which is connected to the terminal device for technical reasons.
- the end device can in turn be a payment terminal or else a mobile phone.
- a challenge message is a request message, which is typically followed by a response message or an answer message.
- information is requested from the smart card, which in turn answers the smart card by means of the response message.
- TLS procedure serves to secure data communication, especially between the end device and the token server. So then the smart card is communicatively coupled to the terminal, i.e. H. this smart card is inserted into a card reader or it communicates wirelessly with the end device.
- the terminal device forwards the generated challenge message to the smart card, whereby further method steps can also be carried out.
- the PIN is included in the calculation of the seed and thus of the OTP / CVC.
- the PIN is used to authenticate the user to the verification server. For example, it can be provided that a password to be entered by the user or a PIN is also included in the calculation of the secret key.
- the smart card then generates a response message which is generated on the basis of stored arithmetic operations in which the challenge is incorporated.
- the smart card can fall back on the memory described and the computing unit carries out read or write operations.
- a cryptographic method can already be used here and the security information can include data from the smart card.
- the smart card causes the secure information to be transmitted to the token server, which can be carried out in such a way that the smart card merely provides the data or the information and the actual data communication takes place between the end device and the token server.
- the terminal can be connected to the Internet by means of wired communication, which creates a connection to the token server. It is also possible for the terminal to communicate wirelessly using a router, which in turn is connected to the Internet. In the event that the terminal is in the form of a mobile phone, these interfaces can be used and there is wireless communication with corresponding network components that communicate with the token server.
- Initiating the transmission essentially describes that the smart card does not have to establish the connection automatically, but rather communicates to the terminal device that data is now to be transmitted. Consequently, the actual data communication takes place via the data interface of the terminal. Since the security information of the smart card is now available to the token server, the token server can check this information. Corresponding control commands are stored on the token server and reference information is also stored, which makes it possible to carry out the check. In this way, data can be stored on the token server that describes expected security information. If this expected safety information is actually available, a positive check can be carried out. If, on the other hand, it is discovered that the security information does not meet expectations, it can be an attack and an error routine is executed. An error routine advantageously provides that no security key is generated and the method is terminated.
- the token server If the expected security information is checked positively, the token server generates a symmetrical key depending on the security information transmitted. This generation is typically based on stored control commands and information on the token server.
- the security information serves as an output value that is entered into a corresponding cryptographic function.
- the cryptographic function processes the security information and derives a symmetrical key from it.
- This cryptographic function can in turn be selected from a plurality of stored functions and can take into account the type of security information or the type of card type.
- Corresponding rules can be stored in a table which specifies which security information is processed how and also indicates which method is used for checking, generating and for further calculation. This calculation is applied to the symmetric key and the security key is created, which is required, for example, to authorize a financial transaction.
- the security key is therefore a password, a one-time password or a test number.
- the calculated security key is provided in such a way that the verification server can verify the security key and thus the requested service or the transaction is released.
- the security information comprises a signature and / or a cryptogram.
- the token server can have control commands and information that describe the signature and, if necessary, decrypt it.
- the signature can then be checked.
- the card calculates a cryptogram with a secret key over a few dates.
- the data and the cryptogram are transferred from the card to the token server.
- the token server itself must know the secret key, it calculates a cryptogram itself using the data and compares it with the cryptogram that was sent from the card. If the signature or the cryptogram cannot be evaluated positively, an error routine can be started again.
- data read out from the card are one PAN, a real name (for example the cardholder), an expiry date, a PIN, a password, a hash value, a card sequence number and / or a card type.
- the smart card can be evaluated whether the smart card is actually issued to a specific, expected user, the card holder's real name being read out.
- the expiry date of the smart card can be checked in an analogous manner and further data can be generated on the basis of such specific information.
- the symmetric keys can therefore be created depending on one or more data types. The above list can then act as an input for a function that it generates the symmetric key.
- the check is carried out as a function of a card type of the smart card.
- the security information can already provide the card type and can thus be evaluated, which security information is provided, and further process steps, such as the generation of a symmetrical key or the calculation of a security key depending on the present smart card, Type be carried out.
- the security key is present as a check number, a unique password and / or a password.
- the proposed method can replace or supplement known cryptographic methods and is suitable for generating a so-called CVC or a password.
- the password can be a so-called one-time password (OTP) or one-time password.
- a one-time password is a so-called one-time password or one-way password. This will be canceled as soon as it has been used.
- the security key can consequently be used, for example, in a web service or a payment process to authorize payment.
- generating the symmetrical key comprises selecting keys stored on the token.
- a database can be maintained which has the corresponding key.
- Symmetrical keys are typically keys that are known to both instances, that is, the instance that encrypts and also the instance that decrypts.
- at least one symmetric key can be stored on the token server.
- the generation of the symmetrical key comprises the use of a token server-specific key, which is included in the calculation of the secret key and prevents the calculation of the secret key without the knowledge of the token server-specific key ,
- the security key is calculated as a function of the symmetric key generated using a stored cryptographic function. This has the advantage that the calculation of the security key can be carried out independently by the token server, and furthermore a cryptographic function can be provided which uses the symmetric key as input, in order then to calculate the security key as output.
- the security key is calculated as a function of the symmetric key generated, the dependence being given by a cryptographic function.
- the symmetrical key acts as a starting value when calculating the security key.
- the symmetrical key is generated on the basis of a stored cryptographic function.
- the cryptographic function for generating the symmetric key can be the same or similar functions as are used for the calculation. Use of the security key, and thus the token server can advantageously only provide these cryptographic functions once.
- checking the transmitted security information comprises comparing the security information with stored reference values.
- another security mechanism is implemented.
- the token server generates a new challenge randomly each time, and the EMV card includes the challenge in the signature. This results in a new signature each time, which therefore cannot be compared with a reference value stored on the token server. Instead, the token server must verify the signature and include the challenge that is cached on the token server.
- a predetermined error routine is started in the event of a negative check.
- This has the advantage that an attack or an error can be reacted to in different ways.
- the method can either terminate or security mechanisms are executed. So for example, the corresponding user can be blocked or further data communication can be prevented since an attack, ie an unauthorized access, is expected.
- the terminal communicates with the smart card in a contactless or contact-based manner.
- a terminal for example in the form of a card reader, can be present, or a cell phone can also be provided as a terminal.
- Contactless communication is preferably so-called nearfield communication or communication between the smart card and the end device, which transmits data to a suitable smart card over short distances using inductive coupling.
- the terminal is provided as a mobile phone or a card reader.
- the proposed method can be integrated into existing infrastructures, and it is therefore possible to use the proposed method only in terms of software, i.e. H. based on control commands. This also saves a technical effort.
- a computing arrangement for providing a security key using a smart card as a security token and a token server comprising an interface unit designed to transmit a random challenge message generated by the token server via a secure data connection from the token server to a terminal , the terminal is set up to forward the generated challenge message from the terminal to the smart card, which is set up to transmit at least one piece of security information as a response message to the token server via the, in particular secured, data connection, the token server is set up to check the transmitted security information and, if the check is positive, to generate a symmetrical key as a function of the transmitted security information, a computing unit set up to calculate a security key depending on the symmetric key generated and a further interface unit set up to provide the calculated security key by means of the secure data connection from the token server to the terminal.
- the computing unit can be integrated in the token server, which has interface units. Analog interface units are also available in the terminal.
- the terminal can be a mobile terminal, preferably a mobile phone or a laptop.
- Portable terminals of a POS system are also advantageous here.
- the object is also achieved by a computer program product with control commands which implement the method or operate the proposed computing arrangement.
- the proposed method can be implemented as control commands in such a way that a communication protocol is created.
- the method steps are preferably carried out exactly as they are claimed.
- Individual process steps may be found in the prior art be, the proposed sequence in its entirety leading to the advantage according to the invention. Thus, all process steps must be considered in their entirety. This does not exclude that further process steps can be provided or sub-steps can be used.
- the method is suitable for operating the computing arrangement or the computing arrangement is set up to execute the method.
- the method thus comprises procedural steps which can be simulated as functional components of the computing arrangement.
- Structural features of the computing arrangement can also provide functionality that simulates the method steps.
- FIG. 4 shows a schematic flow diagram of the proposed method for providing a security key according to an aspect of the present invention.
- 1 shows an exemplary computing arrangement, the end user device, that is to say the end device, which communicates with a smart card being drawn in on the left-hand side.
- the smart card is shown here as an EMV card.
- the so-called token server which communicates with other servers in terms of network technology, for example a verification server and a salt server, is shown in the middle of FIG. 1.
- FIG. 2 shows further advantageous components, such as a salt server app and a transaction server.
- the challenge-response method already described is shown here and the challenge message is transmitted, which is signed and then returned together with the card data.
- a PIN or password can then be entered.
- the encrypted challenge or signed challenge with the card data and possibly the PIN and password is provided to the token server.
- the signed challenge is verified in the token server and a seed or a starting value is derived. Then there is communication with the salt server app, which is carried out, for example, on the salt server. This is followed by a request for transaction data to the transaction server, which can also be referred to as a payment server, and then transmitted back to the token server on this requested transaction data.
- the one-time password or the test number is then calculated.
- the calculated password or test number is transmitted to the end user device, which receives this data, i.e. the calculated security key, from the verification has the onsserver checked. The result is then transmitted to the transaction server and, if the verification is positive, the transaction can ultimately be carried out.
- FIG. 3 initially shows similar method steps, such as those mentioned in FIG. 2.
- the derived starting value or seed value is forwarded to the end user device. This is referred to here as exporting. This seed can then be transmitted from the end user device to the verification server and can then be used in further computing steps.
- FIG. 4 shows a method for providing a security key using a smart card as security token and a token server, comprising transmitting 101 a random challenge message generated by the token server 100 via a secure data connection from the token server to a terminal, forwarding 102 of the generated ones 100 challenge message from the terminal to the smart card, which prompts the transmission 103 of at least one piece of security information as a reply message to the token server via the secure data connection, the 104 token 104 is checked 104 by the token server and, if the check is positive, 104 is 105 generated 105 symmetrical key depending on the transmitted 103 security information, calculating 106 a security key depending on the generated 105 symmetric key and providing 107 the calculated 106 security key m by means of the secure data connection from the token server to the terminal.
- the security key can still be transmitted to the verification server and verified.
- Personalized EMV cards that have already been issued can be used as security tokens for OTP / CVC generation without the cards being originally able to do so. It is not necessary to modify the cards (no additional applets, no change in the card operating system, no larger memory requirements, no more expensive cards).
- the end user does not have to carry an additional token or a special reading device (e.g. CAP Reader), the publisher does not have to issue new tokens according to one aspect of the present invention.
- a card base of> 1 billion cards issued is immediately available as a security token.
- Certain card types (DDA cards, sometimes CDA cards) can also be used with this procedure without the involvement of the publisher.
- EMV card hardware security element
- a real two-factor procedure results with the cryptographic security of the card.
- no secret seed value has to be stored on a (potentially unsafe) customer device.
- the token server involved does not have to store any user-specific data. Dynamically derived seed values are discarded immediately after the transaction. This means that there are no databases with user data that could potentially be attacked
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Computer Security & Cryptography (AREA)
- Accounting & Taxation (AREA)
- Computer Networks & Wireless Communication (AREA)
- Theoretical Computer Science (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Finance (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102018005038.7A DE102018005038A1 (en) | 2018-06-25 | 2018-06-25 | Smart card as a security token |
PCT/EP2019/000191 WO2020001807A1 (en) | 2018-06-25 | 2019-06-18 | Smartcard as a security token |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3811584A1 true EP3811584A1 (en) | 2021-04-28 |
Family
ID=67107368
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP19734247.0A Withdrawn EP3811584A1 (en) | 2018-06-25 | 2019-06-18 | Smartcard as a security token |
Country Status (7)
Country | Link |
---|---|
US (1) | US11341232B2 (en) |
EP (1) | EP3811584A1 (en) |
CN (1) | CN112352410B (en) |
CA (1) | CA3101539A1 (en) |
DE (1) | DE102018005038A1 (en) |
MX (1) | MX2020014189A (en) |
WO (1) | WO2020001807A1 (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102017000768A1 (en) * | 2017-01-27 | 2018-08-02 | Giesecke+Devrient Mobile Security Gmbh | Method for performing two-factor authentication |
WO2020163580A1 (en) * | 2019-02-06 | 2020-08-13 | Mastercard International Incorporated | Method and system for generation of a high assurance payment token |
US11736466B2 (en) * | 2019-09-18 | 2023-08-22 | Bioconnect Inc. | Access control system |
US11336438B2 (en) * | 2020-03-31 | 2022-05-17 | EMC IP Holding Company LLC | Remote approval and execution of restricted operations |
FR3124285A1 (en) * | 2021-06-16 | 2022-12-23 | Orange | authentication method, device and corresponding program. |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6367013B1 (en) | 1995-01-17 | 2002-04-02 | Eoriginal Inc. | System and method for electronic transmission, storage, and retrieval of authenticated electronic original documents |
US6327578B1 (en) * | 1998-12-29 | 2001-12-04 | International Business Machines Corporation | Four-party credit/debit payment protocol |
US20050182934A1 (en) * | 2004-01-28 | 2005-08-18 | Laszlo Elteto | Method and apparatus for providing secure communications between a computer and a smart card chip |
US7930554B2 (en) | 2007-05-31 | 2011-04-19 | Vasco Data Security,Inc. | Remote authentication and transaction signatures |
CN101236674A (en) * | 2008-02-02 | 2008-08-06 | 东信和平智能卡股份有限公司 | Intelligent cipher key equipment and method for information exchange with external apparatus |
US8572394B2 (en) * | 2009-09-04 | 2013-10-29 | Computer Associates Think, Inc. | OTP generation using a camouflaged key |
US8582778B2 (en) * | 2011-06-01 | 2013-11-12 | International Business Machines Corporation | Integrated key server |
DE102012111481B4 (en) | 2012-11-27 | 2017-02-09 | Deutsche Telekom Ag | Method and device for detecting applications on mobile terminals |
US10880741B2 (en) * | 2013-07-23 | 2020-12-29 | Capital One Services, Llc | Automated bluetooth pairing |
-
2018
- 2018-06-25 DE DE102018005038.7A patent/DE102018005038A1/en active Pending
-
2019
- 2019-06-18 US US17/251,622 patent/US11341232B2/en active Active
- 2019-06-18 MX MX2020014189A patent/MX2020014189A/en unknown
- 2019-06-18 CN CN201980039518.7A patent/CN112352410B/en active Active
- 2019-06-18 EP EP19734247.0A patent/EP3811584A1/en not_active Withdrawn
- 2019-06-18 WO PCT/EP2019/000191 patent/WO2020001807A1/en unknown
- 2019-06-18 CA CA3101539A patent/CA3101539A1/en not_active Abandoned
Also Published As
Publication number | Publication date |
---|---|
US20210110027A1 (en) | 2021-04-15 |
MX2020014189A (en) | 2021-03-09 |
US11341232B2 (en) | 2022-05-24 |
WO2020001807A1 (en) | 2020-01-02 |
CN112352410A (en) | 2021-02-09 |
CN112352410B (en) | 2023-07-25 |
DE102018005038A1 (en) | 2020-01-02 |
CA3101539A1 (en) | 2020-01-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3574625B1 (en) | Method for carrying out an authentication | |
WO2020001807A1 (en) | Smartcard as a security token | |
DE102012219618B4 (en) | A method of creating a soft token, computer program product, and service computer system | |
EP2962439B1 (en) | Reading an attribute from an id token | |
EP3748521B1 (en) | Method for reading attributes from an id token | |
EP4128695B1 (en) | Personalized and server-specific authentication mechanism | |
DE102011116489A1 (en) | A mobile terminal, transaction terminal and method for performing a transaction at a transaction terminal by means of a mobile terminal | |
EP3641369B1 (en) | Protection of p2p communication | |
EP3271855B1 (en) | Method for generating a certificate for a security token | |
EP3298526B1 (en) | Method for reading attributes from an id token | |
EP2916252B1 (en) | Electronic transaction method and computer system | |
EP3882796A1 (en) | User authentication using two independent security elements | |
EP3035270A1 (en) | Card-based offline token generation | |
WO2014060265A1 (en) | Method for authentication by means of a token | |
WO2022175398A1 (en) | User authentication by means of two independent security elements | |
EP2819077A1 (en) | Method for activating at least one service in an e-wallet | |
EP3416120A1 (en) | Arrangement and method for user authentication and access authorization | |
DE102015017060A1 (en) | Method for reading attributes from an ID token | |
DE102015017061A1 (en) | Method for reading attributes from an ID token |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: UNKNOWN |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20210125 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20210814 |