GB2541013A - User identification system and method - Google Patents

User identification system and method Download PDF

Info

Publication number
GB2541013A
GB2541013A GB1513913.2A GB201513913A GB2541013A GB 2541013 A GB2541013 A GB 2541013A GB 201513913 A GB201513913 A GB 201513913A GB 2541013 A GB2541013 A GB 2541013A
Authority
GB
United Kingdom
Prior art keywords
secure
data
user
responder
physical token
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB1513913.2A
Other versions
GB201513913D0 (en
Inventor
Draper Alan
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
De la Rue International Ltd
Original Assignee
De la Rue International Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by De la Rue International Ltd filed Critical De la Rue International Ltd
Priority to GB1513913.2A priority Critical patent/GB2541013A/en
Publication of GB201513913D0 publication Critical patent/GB201513913D0/en
Priority to PCT/GB2016/052441 priority patent/WO2017021738A1/en
Publication of GB2541013A publication Critical patent/GB2541013A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C1/00Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3278Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Finance (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Credit Cards Or The Like (AREA)

Abstract

A user identification system comprises user equipment 101, such as a smartphone or other mobile device, having a user identity application. A physical token 103, such as a machine-readable travel document (MRTD), is connected in use to the user equipment 101 via a wired data connection. The physical token 103 comprises a secure element 106, such as a SIM, storing user identity data, and a secure responder 110 storing security data, wherein the secure element is used to authenticate the secure responder of the physical token using the security data. If authentication of the secure responder 110 is achieved, the identity data is provided to the user identity application for communication by the user equipment 101 to a remote device. The physical token 103 may be detachably connected to the user equipment 101 so as to allow it to be used with other user equipment. The physical token 103 may be provided as a case for the user equipment. The system may be arranged as an electronic identity card, such as an electronic passport, or e-passport.

Description

User Identification System and Method Field of the Invention
The present invention relates to a user identification system and an associated method. An example of such a system is in the provision of an electronic passport (“e-passport”) in which electronic data identifying the user is communicated to a reader device so as to enable the user to be identified.
Background to the Invention
The last two decades have witnessed a proliferation in the use of mobile devices. More recently, mobile phones in the form of “smart phones” have taken on an ever increasing role in the home and work lives of users. This trend is expected to continue. In some cases smart phones are now being used in new applications such as to enable small value cashless payments to vendors using RFID technology. Furthermore, when travelling it is also now possible to store e-tickets and boarding passes in an electronic format on such smart phones. There exists further interest in the use of mobile devices to replace identification documents, including identity cards, passports and travel visas. These developments encounter significant challenges in providing sufficient levels of security acceptable to users, operator entities and official authorities.
Processors for mobile devices are by their nature programmable and provide access to all of the memory and interfaces built into the device. However it is desirable for some types of information, such as cryptographic keys, to be kept in a protected area so that only authorised usage can take place.
In addition, some types of activity (such as confirming a user PIN) should ideally be protected against software modification. This requires not only protected memory, but protected execution of instructions and isolation of input devices.
The solutions which enable these requirements to be met offer potential routes of development to enable mobile devices to be used in user identification applications. However, they conflict with allowing a software program to have complete unfettered access to all of the memory and interfaces in the device.
To overcome the conflict, processor manufacturers now incorporate hardware security extensions into some products. These provide ways to deny general-purpose software, such as downloadable applications (“apps”), the ability to modify security-related activities like bootstrapping, digital signing operations and PIN entry. This approach has become known as a Trusted Execution Environment (TEE). The TEE concept is now established for mobile devices, and it can combine with Near Field Communication (NFC) to emulate some of the features of a more conventional smart card chip. An example TEE implementation suitable for mobile devices is that provided by ARM® Trustzone®. TEE implementations do have a number of potential security weaknesses, some of which are associated with the hardware within the mobile devices. These mean that TEE implementations in their present form do not provide sufficient levels of security to satisfy the stringent criteria required by authorities in “identity card” type applications.
In comparison an electronic passport utilises a contactless smart card chip as a security feature; unlike a mobile phone, this class of processor has strong antitamper mechanisms built into the hardware, and requires no internal power supply. It stores all programs and most data in one-time-programmable (OTP) memory, and no changes are allowed after the document has been issued. Information about the passport holder is written to the chip under secure control; the chip is then instructed to place itself into a locked state, which permanently disables all methods for writing memory through the communications interface. These measures provide significantly enhanced security in comparison with the TEE implementation, in part due to the ability to embody security capabilities in the passport “hardware”.
If an e-passport were implemented in a smart phone then there is plainly value for a criminal attacker to obtain a stolen phone containing an e-passport, and to clone or modify it. The black market price of a forged passport is reportedly in the thousands of dollars, so a successful method for compromising such a phone would be valuable to organised crime, and would justify a heavy investment on the part of criminals. Particularly damaging scenarios of certain successful attacks might include the compromising of multiple handsets rather than simply a single specific handset. The multitude of possible attack mechanisms means that detecting and closing such vulnerabilities is complex and expensive for manufacturers. In contrast, there are relatively few routes open to attackers of e-passport chips.
In view of the issues discussed above there exists a desire to implement an identity card, such as an electronic passport, using a mobile device.
Summary of the Invention
In accordance with a first aspect of the invention we provide a user identification system comprising: a. user equipment having a user identity application; b. a physical token for connecting in use to the user equipment via a wired data connection, the physical token comprising: i. a secure element storing user identity data, and ii. a secure responder storing security data wherein the secure element is further adapted in use to authenticate the secure responder of the physical token using the security data and, if authentication of the secure responder is achieved, to provide the identity data to the user identity application for communication by the user equipment to a remote device.
We have realised that the security problems associated with the provision of secure environments provided in software on user equipment (smart phones and other analogous devices) can be addressed by using a combination of the smart phone running an appropriate application, and additional hardware in the form of a physical token which is physically coupled with the smartphone so as to provide a data connection between the token and the smartphone. The secure element is preferably located at or adjacent the connection point with the user equipment such as by inserting the secure element into a suitable socket in the body of the user equipment handset. The secure responder is typically positioned remotely from the secure element such that the secure responder is located on or within the physical token in such a way as to protect against modification of the physical token. The status of the secure responder is assured using an authentication by the secure element. The physical token not only provides a vehicle for the provision of the additional security features in the form of the secure element and responder, it preferably also serves a practical purpose of acting as a physical document in the event that the user equipment is lost or electronic communication malfunctions. These features combine together to provide a user identification system which has high levels of security and enables the use of the additional features of the user equipment.
The term “user equipment” is used herein in the context of the field of mobile telephony to describe mobile devices, particularly those in the form of mobile telephone handsets, including smart phones. The term is used in recognition of the rapid rate of development of this technical field, particularly in terms of the nature of the different microwave and wireless transmission frequencies and protocols used to provide communication with various remote equipment including mobile base stations and local wireless routers.
In order to aid practical usage and particularly in order to allow users to upgrade or change their handset, the physical token is typically detachably connectable to the user equipment so as to allow the physical token to be used with other user equipment. This is particularly advantageous in the case of identity cards including passports which typically remain valid for a period exceeding the normal ownership lifetime of a user equipment handset.
As is explained above, the secure element provides one of the security aspects of the invention. Whilst the secure element is part of the physical token it is preferably designed in a manner so as to minimise the chance of a security breach. For this reason it is preferred if the secure element is adapted to be coupled with a secure connector of the user equipment. For example the secure connector is preferably a socket within the user equipment in which the secure element is inserted, the socket preferably including wired circuitry within the user equipment such that the data from the secure element may only be accessed by privileged elements within the user equipment. One secure mechanism for effecting this is by providing the secure element as a SIM. A will be appreciated, SIMs are designed to have strong security.
The secure responder is preferably provided as a hardware unclonable responder. This responder has physical unclonable function. It is also provided with encryption capability (such as AES) and a memory to enable its operation. The physical unclonable function may be provided by use of an integrated circuit which generates the security data in a form which is unique to the physical arrangement of the integrated circuit. This means that, statistically, the manufacture of an “identical” integrated circuit would nevertheless result in different security data. The security data may then be used, in some cases via a further data processing operation, into a form in which it may be used as a private key for operation of encrypted authentication with the security element. The combination of the physical unclonable function and an encryption key technique provides a high level of security for the responder. As mentioned earlier, the secure responder is preferably positioned as part of the physical token so as to prevent tampering. In this way any tampering with the physical token will cause the secure responder to become inoperable, thereby necessarily preventing authentication by the secure element. The physical token may take a number of forms, including the geometry and dimensions of known identity cards or credit cards. In a particularly useful form from a practical standpoint, the physical token may be provided as at least part of a case for the user equipment.
As will be appreciated, modern user equipment such as a smart phone, is able to communicate with external devices by the use of a number of different communication frequencies and protocols, including the mobile telephony bands. It is preferred in the present system that the user equipment is provided with a wireless communication device and the system is used in cooperation with a third party device which communicates wirelessly with the wireless communication device so as to identify the user of the system. In order to enhance the security of the system, particularly in respect of malicious hardware detecting communications from the user equipment, preferably the communication with external devices regarding the identity data is performed using short range RFID frequencies, and in particular using the near field communication (NFC) protocol.
The system is expected to find particular benefit in the provision of an electronic identity card, such as a passport. It is particularly advantageous for these applications for the physical token to be provided with human readable or machine readable token data which includes at least part of the information contained in the user identity data. The token data is typically printed on the physical token. A number of different known security techniques used in passports and other secure documents may be applied to the token. In the case of an electronic passport, the token data may provide the same visual information as provided by the passport data page for example, optionally including a photograph of the user.
In accordance with a second aspect of the invention we provide a method of identifying a user in which user equipment having a user identity application is connected via a wired data connection to a physical token, wherein the physical token comprises a secure element storing user identity data, and a secure responder storing security data, the method comprising: a) causing the secure element to authenticate the secure responder of the physical token using the security data and, if authentication of the secure responder is achieved then, b) providing the identity data from the secure element to the user identity application; and, c) transmitting the identity data, by the user identity application, from the user equipment to a remote device so that the user may be identified from the identity data.
The method of the second aspect is of course preferably used in conjunction with the apparatus provided by the system of the first aspect of the invention. Whilst step (a) relates to the authentication, it will be understood that this is typically preceded by a step of physically connecting the physical token to the user equipment. This will normally be performed by the user. It is conceivable in the alternative to provide a permanent coupling between the user equipment and the physical token, in which case novel designs may be needed in practice (such as the physical token providing the rear surface of the user equipment).
However, a separable arrangement is likely to be viewed by users as more attractive.
Whilst step (a) discusses authentication of the secure responder by the secure element, additional security may be provided if, in addition either before or after step (a), but in any case prior to step (b), a step is performed in which the secure responder authenticates the secure element. In either case, in general, a suitable encryption technique using encryption keys will be used to achieve the authentication process. Step (c) is normally only permitted upon the successful authentication in step (a). Likewise for step (b). The data communication in step (b) that is provided between the secure element and the identity application is preferably achieved via a secure communication route internally within the user equipment. As mentioned, the transmission of the identity data in step (c) is preferably effected using short range wireless communication.
In accordance with a third aspect of the invention we provide a physical token for connecting in use to a user equipment via a wired data connection, the physical token comprising: i. a secure element storing user identity data, and ii. a secure responder storing security data wherein the secure element is further adapted in use to authenticate the secure responder of the physical token using the security data and, if authentication of the secure responder is achieved, to provide the identity data to the user equipment for communication to a remote device.
The physical token is preferably used as the physical token according to the first aspect. Nevertheless the physical token may be used in other applications in conjunction with user equipment. The optional or preferred features of the physical token, or the manner in which physical token is used, as discussed above in association with the first or second aspects may be applicable to the physical token in accordance with the third aspect of the invention.
The concept of the physical token is discussed above in association with user equipment, particularly with reference to a smart phone. However, we have realised that a modification of the concept may be used more broadly in applications other than user identification systems and in which information identifying a particular component is provided to additional equipment via a wired link. The additional equipment may be connected to the component directly or via intervening components for example. Such additional equipment could potentially be remote equipment to which data are sent via a secured wired network. Examples of such components and their respective equipment include components of complex machines such as vehicles.
Thus in accordance with a fourth aspect we provide a physical component for connecting in use to additional equipment via a wired data connection, the component comprising: i. a secure element storing secure element data, and ii. a secure responder storing security data wherein the secure element is further adapted in use to authenticate the secure responder of the component using the security data and, if authentication of the secure responder is achieved, to provide the secure element data to the additional equipment.
As will be understood from the forgoing discussion, the optional or preferred features of the physical token apply equally to the physical component.
Brief Description of the Drawings
An example of a system and method according to the invention are now described with reference to the accompanying drawings, in which:
Figure 1 is a schematic plan view of an example system;
Figure 2 shows the example system when viewed from one end and in an open configuration;
Figure 3 shows the example system when viewed from one end and in a closed configuration;
Figure 4 is a flow diagram showing the operation of the example;
Figure 5 is a schematic representation of the communication between the components of the example system and an external e-passport reader; and,
Figure 6 shows a block diagram of the hardware unclonable responder of the example.
In order to illustrate one application of the invention we now describe an example in the form of a smart phone e-passport. Several techniques are combined, so as to provide both security and utility at a comparable level with a conventional e-passport, which at the same time offer the convenience and extra features a smart phone can provide. A conventional e-passport design treats the chip (integrated circuit) as just one of many security features. The physical passport uses features categorised as Levels 1, 2 and 3, Overt”, “Specialist” and “Covert” respectively. Overt features can be easily checked with simple equipment such as a magnifier or UV lamp, or just the naked eye. They include intaglio printing techniques, holograms, watermarks and tamper-evident chemical paper sensitization. Integrated circuit chip features fall into this category.
Specialist features can be checked using equipment which is hard to obtain commercially, such as special diffraction gratings that expose microscopic printing details.
Covert features are protected by secrecy such as the use of special threads to stitch together the pages of a book, arranged in a complex and unpublished pattern. Another covert feature is the ‘deliberate mistake’; thousands of lines of microscopic text might be printed repeating the same words, such as the name of the issuing state or just the word “Passport”. In one place, known only to the maker of the printing plate, a change might be made like a slight misspelling. A forger would be unlikely to reproduce a covert feature, so the issuer could detect even an extremely sophisticated fake. A typical national passport specification would normally incorporate two or more specialist and covert features.
Firstly, two key areas where the smart phone on its own cannot meet the needs of an e-passport are in “Corroboration” and “Unpowered cognisability”. To provide corroboration an e-passport has the same data printed in ink as it has in the chip. In terms of unpowered cognisability an e-passport can be authenticated without recourse to the chip, through its physical security features.
These factors suggest that a physical printed token of some kind should be part of the solution. It is expected to need to meet a standard similar to ICAO 9303; a token size of ID-1 (86x54mm) might be suitable.
The token should be able to connect physically (and securely) to a suitable smart phone. A number of practical requirements arise from this. The smart phone “passport application” should not work without the token. The token should preferably be able to be removed for safe storage, or moved from one phone to another. Communication between the token and any TEE on the smart phone must be secure. Preferably the token, which might be a machine readable transport document (MTRD), should not be visible to casual onlookers
Furthermore, long-term secret keys need to be protected to a high standard such as an Evaluation Assurance Level of at least level 4. Since this is hard to achieve with a TEE itself, an additional piece of hardware such as a Secure Element (SE) based on the design of a Universal Subscriber Identity Modules (USIM), could be used to store security-enforcing data.
In this particular example an ID-1 size MRTD is suggested incorporating physical security features at Overt, Specialist and Covert levels. The MRTD is provided with a Hardware Unclonable Responder (HUR) device bonded into the substrate of the MRTD. The HUR is a proposed Application-Specific Integrated Circuit (ASIC) device, able to complete a challenge-response protocol as a means of authentication as is explained later. It is wired, via a long-life flexible hinge, to a Secure Element (SE). The Secure Element is designed to be plugged into a suitable socket in the phone, allowing the MRTD to be physically disconnected from the smart phone if desired, for example when not in use. A secure-world application (user identity application) running on the phone in a TEE communicates with the SE, through a trusted path internal to the phone. As will be understood, a secure-world application is one which is trusted by the TEE; it is protected by signatures and is authenticated by the TEE hardware before it can run. It can access the ‘trusted path’ to the SE. Other conventional applications run in ‘normal-world’ they are untrusted and so the TEE hardware prevents them from accessing the connection to the SE.
Personalized data relating to the user (identity data), which matches the printed data on the MRTD, is stored on the Secure Element. The Secure element also contains a Secure Object Descriptor (a hash of the SE data and signature of the issuer), together with a private key for use in Active Authentication (AA).
The SE is configured to authenticate the MRTD by challenging the HUR and validating its response. This protects against removal and substitution of the token. Note that an SE can be assured to EAL 4+ using existing technology, unlike the phone TEE itself.
The TEE controls the NFC communication capability of the smart phone. This emulates conventional e-passport protocols. The TEE obtains data via its trusted path to the SE. The TEE also houses data pertaining to visas, relying on signatures/hashes stored in the SE to provide authentication.
The mechanical layout of the example system is illustrated in Figure 1 in which the MRTD is provided by building it into a protective phone cover.
The TEE-Passport system 100 comprises a smart phone 101 positioned within a protective cover 102. The cover 102 includes a fold-out token 103. The token 103 includes an MRTD 104 permanently bonded to a hinge 105. A SIM 106 is provided as a secure element and is likewise bonded to the hinge 105 to enable the SIM 106 to be moved by virtue of the hinge with respect to the MRTD 104. The smart phone 101 is provided with a socket 107 for receipt of the SIM 106. The socket 107 is provided with wiring to interface securely with a TEE running on the smart phone 101. The MRTD is generally planar (for example it may have the dimensions of ID-1, ID-2 or ID-3 cards) and includes printed data relating to the user including an image of the user 108. This data is also held electronically in a machine readable zone (MRZ) 109 for example using magnetic domains which enable the MRTD data to be read by a swiping action in a similar manner to conventional paper passports. MRZ readers use Optical Character Recognition to read the MRZ, not magnetism. Note that at step 205, the e-passport reader has to read the MRZ optically, then use it to calculate a key which encrypts communication - that is part of the normal interoperable functionality of an e-passport. The MRTD 104 also includes a hardware unclonable responder (HUR) 110 which is bonded integrally with the substrate of the MRTD and is wired to the SIM 106 through the hinge.
Figure 2 illustrates a view of the system 100 from one end. The MRTD 104 is hinged so as to allow it to rest against the rear surface of the smart phone. A further cover 111 is provided on the opposite side of the case so fold over the MRTD 104 when stored against the smart phone face, so as to conceal the MRTD 104 from view. The cover may be provided with a magnetic closure to hold it in position. Figure 3 provides a similar view with the MRTD 104 in a closed, stowed, configuration.
Figure 4 illustrates the operation of the system 100.
At step 200 the issuing authority personalizes the MRTD and the SE together; the SE also stores information allowing it to authenticate the HUR.
At step 201, the e-passport holder (that is, the user) attaches the cover 102 containing the token 103, that is the TEE-Passport hardware, to the smart phone 101, which involves inserting the SE SIM 106 into the purpose-designed socket 107. In practice the SE is physically similar to a USIM.
The TEE-Passport must be ‘activated’ before use; the activation process involves downloading an application from the issuer’s website, and entering a numeric 6 digit card access number (CAN). The CAN is printed on the MRTD.
The CAN is used under the Supplementary Access Control protocol (used in newer conventional e-passports) for this stage.
Once activated, the TEE-Passport emulates a conventional e-passport; it implements basic access control (BAC), supplementary access control (SAC) and Extended Access Control (EAC) protocols and can perform Active Authentication. However it has more functionality besides; the extra capabilities, such as electronic visa storage, are key drivers for take-up in the marketplace.
At step 202 the activation process starts with the passport holder navigating to the passport-issuer’s website, and downloading an app. The phone TEE already has an embedded trust-root which enables it to authenticate the app each time it is used.
At step 203 the app communicates with the SE SIM 106 by using the SAC protocol. It does so through the trusted wired path within the smart phone 101, not over a contactless route. The first time this happens, the user must enter the CAN; this provides assurance that the MRTD 104 is present, at least to the same level as if the MRZ-scan were used as a password. Although the SE could incorporate protection against CAN-guessing, it is not essential; the communication does not take place over-the-air, so an attacker would need physical possession of the SE.
Once the TEE has established authenticated communication with the SE, it stores the CAN in secure non-volatile memory for future use. The CAN storage does not need to meet EAL 4, since the CAN is visibly printed on the MRTD and serves only to prevent skimming.
The app could also at this point send activation information back to the issuer, who would then ‘know’ which phone has the associated TEE-Passport installed. However that would not be necessary in order for the system to operate.
At step 204 the SE SIM 106 authenticates the HUR 110 using encrypted communication.
At step 205, if the authentication at step 204 is successful the system is ready for operation as an e-passport. This situation is illustrated in Figure 5. As will be understood, when the user is at a border crossing and presents the system to an e-passport reader 113, the app running on the smart phone 101 detects the NFC communication from the reader (using NFC subsystem 112 on the smart phone) and, in response, communicates the identity data of the user to the reader. The reader treats the e-passport system as if it were a conventional e-passport. The MRTD 104 may also be checked by a human official 114 in a known manner, particularly by viewing the data printed upon the MRTD, including the image of the user.
An advantage of having a removable token 103 is that the token can be separated from the host smart phone 101, and kept in a safe place. Although large numbers of phones are lost and stolen, it is likely that only a small number of those would have tokens 103 attached when they disappear.
When the token is reconnected to the host, the phone will already have the trusted app running under the TEE, and CAN, so it will reconnect to the SE.
There is no reason not to allow the movement of the TEE-Passport token to another host user equipment device. As long as the passport-holder has the physical MRTD 104 and a compatible smart phone, they can move it from one device to another safely. If the new phone already has the issuer’s app installed, there is no need to contact the website.
If the old phone were to be passed to someone else (sold or given away) it might be sensible to de-activate its token connection first which would mean in effect just deleting its copy of the CAN. If that were done inadvertently, it would be simple to re-activate the same host by entering the CAN again.
The HUR 110 is bonded into the substrate of the MRTD card body, in a tamper-evident way so the surface of the card would have to be damaged in order to substitute or physically attack the HUR.
Similarly the flexible connector which crosses the hinge 105 from the HUR to the SE is also bonded into the hinge material, and the protective casing 102. There is the opportunity here to incorporate security features such as chemical and heat sensitization, as well as anti-forgery mechanisms like complex UV-fluorescent woven threads.
The logical connection focussed upon the SE authenticating the HUR 110, to protect against separation of the SE from the MRTD 104. The HUR is a generic physical device that can complete a challenge-response protocol, proving knowledge of a private key.
As has been discussed the TEE-Passport system example under discussion uses a Secure Element (SE) in the form of a high-security chip which houses key material and sensitive data. The SE is housed within the phone when in use and has a trusted wired path to the TEE. However the SE USIM 106 needs to be able to assure the authenticity of the fold-out printed MRTD 104.
It does this by running an authentication protocol involving a chip bonded into the MRTD card body. That device needs to be relatively cheap and simple, yet able to securely store a private key and prove knowledge of it. A proposed device to fulfil that need is presented here as a Hardware Unclonable Responder (HUR) 110 with reference to Figure 6.
The HUR is an Application-Specific Integrated Circuit (ASIC) which puts together the proven concepts of a Physical Unclonable Function (PUF), a hardware AES implementation and a small amount of E2PROM (Electrically Erasable Programmable Read-Only Memory). A block diagram of the HUR 110 is shown in Figure 6. The PUF concept provides a way for a simple chip to generate a bit-string which is (statistically) unique to it. Other chips of the identical design would not generate the same value, with high probability. What’s more, a given chip will generate the same value even in varying environmental conditions. Such chips are commercially available, for example NXP SmartMX2 (see www.nxp.com).
An advantage of the PUF over a typical non-volatile memory chip is that the unique value is not stored anywhere; it is rather a characteristic of the minute variations in manufacture. Laboratory attacks are therefore less likely to be a serious threat to a PUF than a memory chip. An attacker cannot discover the value (by examining or probing the chip microscopically) without changing it. These properties make the PUF an effective way to create and store a single, uncopyable, private key.
The HUR 110 is a conceptual ASIC which incorporates a PUF 120 in its design at the silicon level. It uses the PUF as a subsystem to provide the private key; that key is not stored in non-volatile memory in the HUR, it only ever exists in RAM for short periods.
Figure 6 shows the other components besides the PUF module 120: a) a small amount of e2prom 121 (as little as 256 bits); b) a small amount of RAM 122 for temporary storage during calculations; c) an AES hardware module 123; and, d) a logic and communication module 124.
Only a small number of simple functions need to be implemented in the logic and communication module 124, since the bulk of the authentication protocol work is carried out by the AES hardware module 123.
The purpose of the HUR 110 in the TEE-Passport design is to provide one-way authentication, that is, the SE needs to be assured that the HUR 110 is authentic. It is not necessary for the HUR to authenticate the SE. Even so the HUR itself is capable of mutual authentication if required.
The SE is a high-security device accredited to EAL4 or above, based on the design of a USIM. It includes secure non-volatile memory, and is well protected against even sophisticated attacks. It can therefore safely store a key K which it uses to authenticate the HUR 110.
The HUR on the other hand is a simpler and cheaper device, and its non-volatile memory might be less immune to attack. It is therefore important that the HUR e2prom 121 does not store K in the plain. Instead it stores an encrypted version of K, using the AES algorithm and the private key Kp provided by the PUF 120.
The PUF 120 can also be used as a hardware random number generator. Care is needed to ensure that enough entropy is available; even so, multiple calls to obtain entropy could be combined with the help of the AES hardware module 123 to generate random numbers for use in the authentication protocol.
Communication can use a simple two-wire serial protocol at low bandwidth, since only a few tens of bytes need to be exchanged. The protocol operates as shown in the tables below:
Table 1. At SE initialization time (in a secure environment)
Note that a sophisticated attacker might find a way to unlock the HUR key and send a spoof LOADKEY message, or discover the stored value X. However, neither of these is of significant value to a TEE-Passport attacker though. Assume the attacker does not know K, because it is hard to attack the SE, but she could change the stored value of X. That would render the HUR unable to authenticate to the same SE, but it would also not authenticate to another genuine SE, since its K would be different.
Knowledge of X is also unhelpful in the absence of Kp, which (we assume) cannot be extracted from the PUF.
Table 2: At authentication time - SE check authenticity of HUR This takes place in the field any time the TEE-Passport is used.
The principal key K is never exposed during the authentication process. Also, none of the exchanges can be used to provide an oracle to encrypt over K.
The system uses a TEE-hosted application to run on the smart phone 101, which serves principally as a communication relay between the SE and a border crossing chip reader. The same application, or similar ones defined by international agreement, provides visa functionality. This would include maintaining entry/exit records to speed up the process of visa checking at immigration points.
The app would need to be signed using a private key traceable to a trust-root embedded in the TEE by the manufacturer. Trusted OS components would load the TEE-Passport app and confirm its measurement before allowing it to run. It would then be granted access to the hardware trusted path to the SE; communication with the SE would be authenticated using the SAC protocol.
Visa storage and entry/exit information would also rely on the SE. The TEE-Passport app would need to implement a visa communication interoperability standard. The possibility arises that a visa could be issued to the passport holder via the web, as long as a suitable protocol can be agreed upon.
Smart phone manufacturers would need to co-operate to a certain extent to allow general update of this approach. For example, a suitable SE specification would have to be developed, along with a standard for the trusted path and physical SE socket. Manufacturers offering compliant devices would gain a commercial advantage over their competitors, and would also open a market for replacing older models.
Similarly, manufacturers would need to incorporate several root certificates in their TEE hardware, which would serve to authenticate downloaded TEE-Passport apps. Since it is likely that there would be multiple competing apps, with accreditation by different issuing states, it is unlikely that there would be a single trust root acceptable to all issuers.
The security features of the system are summarised for convenience in Table 3. Table 3: Security
The present example system provides the potential for increased functionality over conventional e-passports. As will be understood conventional e-passport chips do not permit any post-issuance writes; therefore they cannot be used to store visas, or record border crossing events. At present, these processes are managed using the paper pages in a passport book, so there could be scope for a TEE to implement an electronic equivalent. Mobile devices are already used to some extent for travel, for example to carry a barcode representing an e-ticket, so this would be seen perhaps as only an incremental step.
In order to achieve this, the example system described above would need to store visa and entry/exit data on the SE rather than in the smart phone TEE, so that it could be moved from one device to another. This helps with security since the SE is easier to protect than the more complex TEE.
This approach would compete with other potential e-visa solutions currently under consideration; for example server hosted databases, accessible to border crossing terminals, which would not require visa data to be carried by the passport holder.

Claims (24)

1. A user identification system comprising: a. user equipment having a user identity application; b. a physical token for connecting in use to the user equipment via a wired data connection, the physical token comprising: 1. a secure element storing user identity data, and ii. a secure responder storing security data wherein the secure element is further adapted in use to authenticate the secure responder of the physical token using the security data and, if authentication of the secure responder is achieved, to provide the identity data to the user identity application for communication by the user equipment to a remote device.
2. A user identification system according to claim 1, wherein the physical token is detachably connectable to the user equipment so as to allow the physical token to be used with other user equipment.
3. A user identification system according to any of the preceding claims, wherein the secure element is adapted to be coupled with a secure connector of the user equipment.
4. A user identification system according to any of the preceding claims, wherein the secure element is embodied as a SIM.
5. A user identification system according to any of the preceding claims, wherein the secure responder is provided as a hardware unclonable responder having a physical unclonable function, an encryption capability and a memory.
6. A user identification system according to claim 5, wherein the physical unclonable function is provided by use of an integrated circuit which generates the security data which is unique to the physical arrangement of integrated circuit.
7. A user identification system according to claim 6, wherein the security data is used as a private key for operation of encrypted authentication with the security element.
8. A user identification system according to any of the preceding claims, wherein the secure responder is positioned as part of the physical token so as to prevent tampering with the physical token without causing the secure responder to become inoperable.
9. A user identification system according to any of the preceding claims, wherein the physical token is provided as a case for the user equipment.
10. A user identification system according to any of the preceding claims, wherein the user equipment is provided with wireless communication device and the system is used in cooperation with a third party device which communicates wirelessly with the wireless communication device so as to identify the user of the system.
11. A user identification system according to claim 10, wherein the wireless communication device is operative using the near field communication protocol.
12. A user identification system according to any of the preceding claims, wherein the system is arranged as an electronic identity card, such as a passport.
13. A user identification system according to any of the preceding claims, wherein the physical token is provided with, human readable or machine readable, token data which includes at least part of the information contained in the user identity data.
14. A user identification system according to claim 13, wherein the token data is printed on the physical token.
15. A method of identifying a user in which user equipment having a user identity application is connected via a wired data connection to a physical token, wherein the physical token comprises a secure element storing user identity data, and a secure responder storing security data, the method comprising: a) causing the secure element to authenticate the secure responder of the physical token using the security data and, if authentication of the secure responder is achieved then, b) providing the identity data from the secure element to the user identity application; and, c) transmitting the identity data, by the user identity application, from the user equipment to a remote device so that the user may be identified from the identity data.
16. A method according to claim 15 comprising, prior to step (a), physically connecting the physical token to the user equipment.
17. A method according to claim 15 or claim 16, wherein at least prior to step (b) the secure responder authenticates the secure element.
18. A method according to any of claims 15 to 16 wherein any authentication between the secure element and secure responder is effected using encryption keys.
19. A method according to any of claims 15 to 18, wherein step (c) is only permitted upon the successful authentication in step (a).
20. A method according to any of claims 15 to 19, wherein data communication is provided between the secure element and the identity application using a secure communication route.
21. A method according to any of claims 15 to 20, wherein the transmission of the identity data in step (c) is effected using short range wireless communication.
22. A physical token for connecting in use to a user equipment via a wired data connection, the physical token comprising: i. a secure element storing user identity data, and ii. a secure responder storing security data wherein the secure element is further adapted in use to authenticate the secure responder of the physical token using the security data and, if authentication of the secure responder is achieved, to provide the identity data to the user equipment for communication to a remote device.
23. A physical component for connecting in use to additional equipment via a wired data connection, the component comprising: i. a secure element storing secure element data, and ii. a secure responder storing security data wherein the secure element is further adapted in use to authenticate the secure responder of the component using the security data and, if authentication of the secure responder is achieved, to provide the secure element data to the additional equipment.
24. A physical token according to claim 22, or a physical component according claim 23, further comprising the additional subject matter of any of claims 1 to 14.
GB1513913.2A 2015-08-06 2015-08-06 User identification system and method Withdrawn GB2541013A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB1513913.2A GB2541013A (en) 2015-08-06 2015-08-06 User identification system and method
PCT/GB2016/052441 WO2017021738A1 (en) 2015-08-06 2016-08-05 Puf based mobile user passport identification system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1513913.2A GB2541013A (en) 2015-08-06 2015-08-06 User identification system and method

Publications (2)

Publication Number Publication Date
GB201513913D0 GB201513913D0 (en) 2015-09-23
GB2541013A true GB2541013A (en) 2017-02-08

Family

ID=54200344

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1513913.2A Withdrawn GB2541013A (en) 2015-08-06 2015-08-06 User identification system and method

Country Status (2)

Country Link
GB (1) GB2541013A (en)
WO (1) WO2017021738A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3588418A1 (en) * 2018-06-29 2020-01-01 Ingenico Group Method for conducting a transaction, terminal, server and corresponding computer program
US20220051250A1 (en) * 2020-08-12 2022-02-17 Capital One Services, Llc Systems and methods for chip-based identity verification and transaction authentication
US20220385485A1 (en) * 2021-06-01 2022-12-01 Micron Technology, Inc. Identity theft protection with no password access

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109802929B (en) * 2017-11-17 2022-09-30 厦门雅迅网络股份有限公司 Client program upgrading method based on dual systems and computer readable storage medium
RU183728U1 (en) * 2018-06-21 2018-10-02 Сергей Александрович Мосиенко CRYPOGRAPHIC METER READER
CN109361697B (en) * 2018-11-29 2020-12-25 深圳市安信认证系统有限公司 Method for realizing credible identity authentication based on SIM card loading PKI
US11658959B2 (en) * 2019-10-07 2023-05-23 Apple Inc. User authentication framework

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110023103A1 (en) * 2008-01-16 2011-01-27 Frank Dietrich Method for reading attributes from an id token
KR101084347B1 (en) * 2011-06-30 2011-11-16 한국조폐공사 Nfc smart phone for reading electronic passport and method thereof
US20130243266A1 (en) * 2012-03-16 2013-09-19 L-1 Secure Credentialing, Inc. iPassport Apparatus and Method
EP2881879A1 (en) * 2013-12-06 2015-06-10 Bundesdruckerei GmbH Method for authenticating a person

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2501144B (en) * 2012-04-10 2019-06-26 Sita Information Networking Computing Ireland Ltd Airport security check system and method therefor
US9436940B2 (en) * 2012-07-09 2016-09-06 Maxim Integrated Products, Inc. Embedded secure element for authentication, storage and transaction within a mobile terminal

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110023103A1 (en) * 2008-01-16 2011-01-27 Frank Dietrich Method for reading attributes from an id token
KR101084347B1 (en) * 2011-06-30 2011-11-16 한국조폐공사 Nfc smart phone for reading electronic passport and method thereof
US20130243266A1 (en) * 2012-03-16 2013-09-19 L-1 Secure Credentialing, Inc. iPassport Apparatus and Method
EP2881879A1 (en) * 2013-12-06 2015-06-10 Bundesdruckerei GmbH Method for authenticating a person

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3588418A1 (en) * 2018-06-29 2020-01-01 Ingenico Group Method for conducting a transaction, terminal, server and corresponding computer program
US20200005306A1 (en) * 2018-06-29 2020-01-02 Ingenico Group Method for carrying out a transaction, corresponding terminal, server and computer program
FR3083356A1 (en) * 2018-06-29 2020-01-03 Ingenico Group METHOD OF PERFORMING A TRANSACTION, TERMINAL, SERVER AND CORRESPONDING COMPUTER PROGRAM
US11880840B2 (en) * 2018-06-29 2024-01-23 Banks And Acquirers International Holding Method for carrying out a transaction, corresponding terminal, server and computer program
US20220051250A1 (en) * 2020-08-12 2022-02-17 Capital One Services, Llc Systems and methods for chip-based identity verification and transaction authentication
US11715103B2 (en) * 2020-08-12 2023-08-01 Capital One Services, Llc Systems and methods for chip-based identity verification and transaction authentication
US20240005323A1 (en) * 2020-08-12 2024-01-04 Capital One Services, Llc Systems and methods for chip-based identity verification and transaction authentication
US20220385485A1 (en) * 2021-06-01 2022-12-01 Micron Technology, Inc. Identity theft protection with no password access

Also Published As

Publication number Publication date
GB201513913D0 (en) 2015-09-23
WO2017021738A1 (en) 2017-02-09

Similar Documents

Publication Publication Date Title
US11664997B2 (en) Authentication in ubiquitous environment
CA2608834C (en) Method for accessing a data station to an electronic device
US9674705B2 (en) Method and system for secure peer-to-peer mobile communications
GB2541013A (en) User identification system and method
ES2599985T3 (en) Validation at any time for verification tokens
CN100533459C (en) Data safety reading method and safety storage apparatus thereof
US20130243266A1 (en) iPassport Apparatus and Method
AU2022291642A1 (en) Biometric reader in card
WO2013155562A1 (en) Nfc card lock
CN103812649B (en) Method and system for safety access control of machine-card interface, and handset terminal
AU2023200044A1 (en) System and method for updating firmware
Ranasinghe et al. RFID/NFC device with embedded fingerprint authentication system
WO2017127879A1 (en) Indirect security system and method
EP2071486A1 (en) Method and arrangement for managing sensitive personal data
US9491154B2 (en) Document, method for authenticating a user, in particular for releasing a chip card function, and computer system
Liersch Electronic passports–from secure specifications to secure implementations
KR20050079951A (en) Authetification system using public certification with smart card that includes i.c chip
EP3678872B1 (en) Document authentication using distributed ledger
Parsovs Security improvements for the Estonian ID card
EVANGELISTA Security Target SOMA-c003 Electronic Passport
Hyppönen et al. Transforming Mobile Platform with KI-SIM Card into an Open Mobile Identity Tool
EVANGELISTA Security Target Lite SOMA801NXP Electronic Passport
Morpho Filename 7301-9301-112 ASE-Lite IDeal Pass v2-SAC-EAC JC ePassport 4.0. 0 (SAC-EAC configuration) v1. 0.3. doc Document version 1.0. 3 approved Date 2013-11-28 Author Morpho BV
EVANGELISTA Security Target SOMA-c003 Electronic Passport Basic
EVANGELISTA Security Target SOMA801STM Electronic Passport

Legal Events

Date Code Title Description
732E Amendments to the register in respect of changes of name or changes affecting rights (sect. 32/1977)

Free format text: REGISTERED BETWEEN 20200123 AND 20200129

WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)