DE68904540T2 - METHOD AND DEVICE FOR CERTIFICATION. - Google Patents

Description

This invention relates to the authentication of devices and messages.

It is a general requirement to verify the authenticity of a data value that represents a monetary value, or to be able to infer the authenticity of the entity that creates that data value.

To prevent counterfeiting, only a manufacturing source that manufactures units should have the facility to produce authenticity verification devices of the units. This implies that the source must possess some secret. The difficulty in verifying authenticity lies in providing the authenticator with the means to enable verification. Many systems use an algorithm controlled by a secret key, so that a data value passed through the algorithm results in a secret transformation of that data value. The data value thus transformed is used as an authentication certificate or authentication code that can be verified by the authenticator. Such a verification procedure involves the authenticator having the same performs a secret transformation of the data value to obtain an authenticity certificate, which is compared for equality with that provided by the source unit.

The problem with this approach is that the authenticator must duplicate the data modification by the source in order to verify the result for equality. This means that the authenticator can forge an authenticity certificate and claim that it came from the source. Another problem is that the authenticator must also have knowledge of the key. This problem is particularly acute when multiple entities must authenticate another entity, since each must possess the secret key. A revelation of the key by one authenticator therefore puts all authenticators and the source at risk. Furthermore, the secret key must be securely distributed to every possible authenticator before the event. This therefore limits the ability to authenticate to only those entrusted entities that are expected to need the function.

Where it may be necessary for a large number of unpredictable entities to have the ability to authenticate other entities, the use of secret key algorithms is quite impractical. Furthermore, if it is desirable to completely deny the authenticator the ability to forge an authenticity certificate, the duplicative identity testing method cannot be used.

US-A-4 549 075 deals with a certification procedure that uses a symmetric algorithm.

Another known technique, which is the starting point of the present invention, uses the technique public key cryptography using an asymmetric algorithm. Public key cryptography is described in the article: Communications of the ACM, Vol. 21, No. 2, February 1978, pages 120 - 126, RL Rivest et al. "A Method for Obtaining Digital Signatures and Public Key Cryptosystems". In this known technique, a data item, or a change-sensitive compression of a data set, is encrypted using a secret key or secret procedure. Authenticity is checked by obtaining the original data item (or change-sensitive compression) used as a comparison value and then using a public key or public procedure to decrypt the data provided by the source. The equality of the decrypted data with the reference data implies that the secret key or secret procedure was used and therefore that the data value is genuine. (See also US-A-4 405 829).

This technique allows any entity to know the public key or procedure used to verify the authenticity of data, which comes from an entity that holds the complementary secret key or procedure. Consequently, the key distribution problem is made much easier than previously known, and security is not required.

However, the publicly known procedure must not allow the secret key or the secret procedure to be easily determined. In general, algorithms with this property require significant computing power to perform the secret procedure. This usually makes them unsuitable for low-cost devices where speed of operation is a must. When multiple portable units or the data they contain are checked for authenticity, must be verifiable, then the secret key and algorithm must be contained in each unit. In this case, the revelation of the secret key in one unit will compromise all similar units.

This technique is therefore impractical for low-cost, duplicated units.

European Patent Application No. 0 252 499 discloses a method of providing a specific card identification, in the form of a "smart card", which includes selecting a modulus which is a product of two prime numbers, providing an information sequence specific to the identity card, using a pseudorandom function to transform such sequence and a plurality of selected indices to derive a plurality of values associated therewith which are quadratic residuals with respect to the modulus, computing the square roots of the reciprocals of the quadratic residuals and recording the information sequence, such square roots and the related indices in the card identifier. Such a card is authenticated by transmitting the information sequence and the selected indices from the card to a verification device and by generating the squared residuals in the verification device using the pseudorandom function, selecting a random number located in the card, calculating the square value of the random number and transmitting such square value from the card to the verification device, generating a random vector in the verification device which is transmitted to the card, calculating the product of the random number in the card and a selection of the stored square root values dependent on the random vector, transmitting the product to the verification device, squaring the transmitted product and multiplying such squared value by a selection of the calculated squared residual values selected in accordance with the random vector and checking that the resulting value is equal to the squared random number. This known method is complex and in particular involves selecting and using squared residual values.

It is an object of the present invention to provide a relatively simple method and apparatus for the authentication of devices and messages.

Therefore, according to a first aspect of the present invention, a method for producing a unit is provided, comprising the steps of:

(a) selecting a modulus N that is a product of at least two prime numbers;

(b) selecting an integer e as a relative prime with respect to φ(N), where φ(N) is the Euler totient function of N; and

(c) determining an integer d such that ed = 1 (mod φ(N)), characterized by the steps:

(d) Select a set of n public factors F1, ..., Fn (0 < Fi < N); n ≥ 2;

(e) Calculate Si = Fid (mod N) for i = 1, ..., n; and

(f) Store the n values Si (i = 1, ..., n) and the value N in the unit.

According to a second aspect of the invention, there is provided a method for authenticating a unit, manufactured according to the first aspect of the invention, characterized by the steps:

(j) establishing communication of the unit with an authenticating device;

(k) generating an n-bit binary string V = vi (i = 1, ..., n) in the authentication device;

(l) Transferring the binary string V to the unit;

(m) Calculating

in unity;

(n) transferring Y to the authentication device;

(o) Calculating

Xact = Ye (mod N)

in the authentication device; and

(p) Comparing Xref and Xact.

According to a third aspect of the invention, there is provided a method for acknowledging a message M generated by or presented to a unit manufactured according to the first aspect of the invention, characterized by the steps:

(q) computing a change-sensitive transformation H of the message M;

(r) Generate an n-bit binary string

V = vi (i = 1, ..., n) using the calculated value of H;

(s) Calculating

(t) appending Y as a message authentication coding (MAC) certificate to the message M.

According to a fourth aspect of the invention, a unit is provided comprising processing devices, input/output devices and storage devices, characterized in that the storage devices comprise a module N which is the product of at least two prime numbers and a group of n factors

Si (i = 1, ..., n ≥ 2), where

Si = Fid (mod N),

where d is the secret key counterpart of a public key e associated with the module N and Fi (i = 1, ..., n) are n public factors, with 0 < Fi < N, and that the processing devices are suitable

where V = vi represents an n-bit binary string.

According to a fifth aspect of the invention there is provided an authenticating device for use with a unit according to the fourth aspect of the invention, with further processing devices, further input/output devices and further storage devices, characterized in that the further storage devices store n ≥ 2 public factors Fi (i = 1, ..., n), the modulus N and the public key e, and wherein the further processing devices are adapted to use the stored values of Fi, N and e

Xact = Ye (mod N) and compare Xref with Xact.

Embodiments of the present invention will now be described by way of example with reference to the accompanying drawings, in which:

Fig. 1 is a block diagram illustrating the procedure used by a card issuer in creating a smart card;

Fig. 2 is a block diagram of a card in operative connection with a card acceptance device;

Fig. 3 is a block diagram of a message source unit;

Fig. 4 is a block diagram of a message authentication unit; and

Fig. 5 is a diagram illustrating the mapping of a memory used in an alternative embodiment of the invention.

First, to help understand the invention, the theoretical basis underlying the invention is explained. It is known that if N is the product of (at least) two prime numbers P, Q, i.e. if

N = P Q;

and if e is a relative prime to φ(N), where

φ(n) = (P - 1) (Q - 1)

is an Eulerian totient function (the number of integers smaller than N that are a relative prime with respect to N), then in modulus-N arithmetic a value d can be determined (see, for example, the above-mentioned article by Rivest et al.) which is the multiplicative inverse of e such that

ed = 1 (mod φ(N)).

The value d generally refers to the secret key counterpart of the public key e.

If

X = Ye (mod N),

is, then therefore

Y = Xd (mod N)

for all values of Y, 0 < Y < N.

Furthermore, if

X = F1 F2; ... Fn (mod N), (1)

where the Fi (i = 1, ..., n) are integer values, with

0 < Fi < N,

then

Xd = F₁d F₂d ... Fnd (mod N)

and

Xd (mod N) = {F₁d (mod N) F₂d (mod N) ...

{ f } (mod N ) .

It is

Si = Fid (mod N); i = 1, ..., n. (2)

Then

Xd (mod N) = S1 S2; ... Sn (mod N).

It is

Y = Xd (mod N).

Therefore

Y = S1 S2; ... Sn (mod N) (3)

Let V be a binary string of n bits, V = v₁ ... vn, such that each bit vi of V is a flag indicating the connection of the corresponding F₁, ..., Fn and S₁, ..., Sn in the calculation of X and Y, respectively, so that

is.

Starting from (3)

Therefore, provided that the N and d values used in (1) and (2) meet the above requirements,

for all values of Fi, 0 < Fi < N.

With the above in mind, a first embodiment of the invention will now be described, wherein many low-cost devices in the form of units, referred to in the descriptions of the preferred embodiments as smart cards, are produced by a card issuer and distributed to individuals. The embodiment makes it possible to to quickly authenticate such issued cards using verification devices.

Referring first to Fig. 1, a card issuer, as shown in Box 12, selects a plurality of n public factors Fi (i = 1, ..., n), where 0 < Fi < N, and such factors, together with the value of the modulus N and the value of e, are made publicly available to authenticators, i.e., organizations that may wish to authenticate the authenticity of smart cards issued by the smart card issuer. In a particular application, an appropriate value for n is 32 and the value of N is in the range 2512 < N < 2513.

The card issuer calculates the n values Si, where

Si = Fid (mod N), i = 1, ..., n,

is as shown in Box 14, using the intended values of N and d (Box 16), where d is kept secret. These values Si are also kept secret. The card issuer then issues cards containing n values Si (i = 1, ..., n) stored in a secure manner, e.g. in a secure PROM. Here, a "secure PROM" is understood to mean a PROM whose contents are protected against unauthorized reading, and such protection may include, for example, software protection or hardware protection in the form of a shield.

When it is desired to confirm the authenticity of a smart card 30, see Fig. 2, the card 30 is inserted into a card acceptor 32, thereby establishing a data communication path 34 between the smart card 30 and the card acceptor 32.

The smart card 30 includes a microprocessor 36, a RAM 38, a program PROM 40 which stores the program controlling the function of the card 30, a secure PROM 42 which stores the n in corresponding memory cells 102-1 through 102-n stored values Si, (i = 1, ..., n) and the value N stored in a memory cell 104, and an input/output unit 44. Since N is a public value, this can alternatively be stored in the RAM 38. The devices 36, 38, 40, 42 and 44 within the card are interconnected by a communication bus 46.

The card acceptor 32 includes a microprocessor 50, a RAM 52, a program PROM 54 storing the program controlling the operation of the acceptor 32, a keypad 56, a display 58, a printer 60, a random number generator 62, and an input/output unit 64. The RAM 52 includes memory cells 112-1 to 112-n storing the n public factors F1, ..., Fn and memory cells 114, 116 storing the values N and e, respectively. The various units housed in the card acceptor 32 are interconnected by a communication bus 66.

When a card 30 inserted into the card acceptor 32 is to be checked for authenticity, the random number generator 62 generates an n-bit random number V with n bits vi (i = 1, ..., n). To ensure that V contains at least two bits equal to binary 1, the microprocessor 50 is controlled, when necessary, to progressively set the least significant bits of V to a binary 1 until there are at least two binary 1 bits in V. Therefore, if the initial value of V consists entirely of zero bits, the two least significant bits are set to a binary 1. The value V is stored in the RAM 52.

The value V is then transferred from the RAM 52 via the input/output unit 64, via the communication path 34 and the input/output unit 44 and stored in the RAM 38 contained in the card 30. The microprocessor 36 checks that V contains at least two binary 1-bits and, if so, calculates the value Y using the values Si stored in PROM 42, where

The value Y is then transmitted via the input/output unit 44, the transmission path 34 and the input/output unit 64 and stored in the RAM 52. Using the values Fi with (i = 1, ..., n), V and e stored in the RAM 52, the microprocessor 50 then calculates

and

Xact = Ye (mod N),

and checks whether

Xref = Xact.

Equality means that the Xact response is authentic with a probability of 1:N. The authenticity of the card 30 that generated the response has a probability of 1:2n-n. By issuing repeated random calls in the form of random values of V, the probability that the card 30 is authentic can be increased exponentially by 1:(2n-n)j, where j is the number of calls issued.

It is clear that card 30 only

to respond to a call. Since this is at most n - 1 multiplications using modulus-N arithmetic, the work factor for any large value of d is significantly less than Y = Xref d (mod N). In this context, it is evident that, since d is in fact the secret key associated with card 30, and provided that

ed = 1 (mod φ(N))

is that d will then be of the order of 2N/3 for common values of e. Thus, in the described embodiment, the security of authentication, which is comparable to that achievable with public key digital signature methods, is achieved with significantly less computational effort. Furthermore, without using a secret key during the authentication process, it is possible to generate a plurality of cards 30 loaded with the S₁, ... Sn values, which are dynamically called up by a verification device in order to achieve similar confidentiality levels to those obtained with public key digital signature verification methods.

It will be appreciated that the result of the authentication procedure may be displayed on the display 58 and/or recorded via the printer 60.

In a second embodiment of the invention, a record forming a message M is authenticated by attaching a certificate thereto. Such a message M may, for example, be a record representing a legal document, a program file, or other information. Referring to Fig. 3, a message source unit 30A is shown including a message buffer 70 temporarily storing a message M to be authenticated. The message source 30A further includes a microprocessor 36A, a RAM 38A, a program PROM 40A, a secure PROM 42A, and an input/output unit 44A connected to a communication path 34A. The message source unit 30A also includes a communication bus 46A interconnecting the devices 36A, 38A, 40A, 42A, 44A, and 70. It is clear that the devices having the reference numerals with suffix A in Fig. 3 correspond to the similarly designated devices of the device shown in Fig. 2. Smart Card 30, and the message source device 30A may be a smart card in a practical implementation. Further, the secure PROM 42A stores the values S₁, S₂...Sn in cells 102A-1 through 102A-n, the value of the modulus N in the memory cell 104A, and the value of e in the memory cell 106A. Obviously, the values of N and e, which are public values, may alternatively be stored in the RAM 38A.

A message M stored in the message buffer 70 is authenticated by appending to it a message authentication code (MAC) which is calculated in the following manner.

Using the stored values of N and e, the microprocessor 36A first calculates a change-sensitive transformation H of the message M. In the preferred embodiment, this is done by calculating

H = Me (mod N)

The value H is then converted to a binary value J, which is segmented into subfields of length n (if necessary, filling an incomplete field with predetermined binary bits) and the individual subfields are added modulo 2 (exclusive-or operation) so that the resulting binary set as V = vi, (i = 1, ..., n) , is used in the calculation of Y, where

is as described in the first embodiment.

This value of Y is then appended as a message authentication code (MAC) when the message M is received from the message source unit 30A via the Input/output unit 44A to communication path 34A.

An authenticating device 32A, Fig. 4, which is of generally similar construction to the card acceptor 32 shown in Fig. 2, can be used to authenticate the transmitted message M. The authenticating device 32A includes a message buffer 72, a RAM 52A, a program PROM 54A, a keyboard 56A, a display 58A, a printer 60A, an input/output unit 64A and an interconnecting communication bus 66A.

In the RAM 52A, in the cells 112A-1 to 112A-n, 114A and 116A, the public factor values F₁, ..., Fn are stored together with the public key e and the modulus N.

The message M received via the communication path 34A is stored in the message buffer 72 together with the MAC, Y .

Using the received message M, the microprocessor 50A calculates H and J to obtain V as in the message source unit 30A and then calculates, using the public factors Fi stored in the RAM 52A,

Using the received value Y stored in the message buffer 70, the microprocessor 50A then calculates

Xact = Ye (mod N)

Finally, the values Xact and Xref are compared using the microprocessor 50A. Equality of Xact and Xref means that the values S₁, ..., Sn present in the message source unit 30A and therefore those of the message M are authentic within a probability of 1:N. It will be appreciated that this embodiment has the advantage that a low-cost device (the message source unit 30A) can easily certify data originating therefrom with a probability of 1:N.

It is assumed that in the second embodiment, as in the first embodiment, in order to protect the Si values from disclosure, it must be ensured that V contains at least two binary 1 bits, if necessary by progressively setting the least significant bits of V to a binary 1.

The second embodiment of the invention offers the further advantage that different message source units 30A, or the data originating therefrom, can be authenticated without the direct presence of the device at the time of authentication. This possibility is particularly useful for the authentication of messages that may have been previously produced by different message source units 30A in the form of low-cost devices, e.g. smart cards. Several message source units can share the same F1, ..., Fn values, which would be standardized for the scheme with individual integrity ensured via different values of e and N.

However, it is preferred to standardize the e and the F₁, ..., Fn for all users of an authentication scheme within a group of users and for the operator of each message source unit to publish a value N specific to the message source unit to be used by it. Should an operator own several such units, instead of specifying a specific value N for each unit, the integrity can be ensured in a manner as now described under Reference to the third embodiment of the invention.

According to a third embodiment of the invention, a message M can be authenticated as originating from a specific message source unit from a set of such message source units using the same F1, ..., Fn and N and e values. This has the advantage that it is impossible for a member of such a set to masquerade as another member of this set. To achieve this, the operator of the system assigns to each message source unit a public factor FID which is specific to this source unit. Furthermore, the operator of the system calculates for each such FID value a corresponding SID value;

SID = FIDd (mod N),

where d is the system secret key and stores SID in the secure storage of the relevant message source device.

Referring to Fig. 5, a diagram of the secure PROM 42B included in the message source unit is shown. The PROM 42B includes memory cells 102B-1 through 102B-n storing the n values S1, ..., and Sn, respectively, memory cells 104B and 106B storing the values N, and e, respectively, and memory cells 108, 110 storing the values FID, and SID, respectively.

In the third embodiment, it can be seen that the function is the same as for the second embodiment, except that the calculation of the MAC, Y, is carried out according to the formula

using the stored SID and Si values. Accordingly, the calculation of Xref in the message authenticity confirmation unit is carried out according to the formula

performed using the stored Fi values, wherein the FID value included in the certified message is transmitted from the message source entity to the message authenticity confirmation entity for use in calculating the Xref.

It can be seen that since the third embodiment uses SID in calculating Y, the requirement that V contain at least two binary 1 bits is reduced to the requirement that V be non-zero.

The embodiments described above can be used for any application where it is desired to verify the authenticity of devices or data emanating from them. However, a significant application is in intelligent transaction elements or intelligent smart cards used in electronic money transfers at the point of service (EFTPOS). For various cost and security reasons, it can be seen that the so-called "smart card" offers a highly effective technology for the point of service (EFTPOS).

A key reason for using smart card technology is to enable a transaction or handover to be completed completely separate from the card issuer's authorization system, with a minimum of risk for the various parties involved.

From a risk analysis perspective, the following areas must be considered:

(a) Is the cardholder legitimate?

(b) Is the card genuine?

(c) is the value in question loaded into the card or issued through the card genuine?

(d) Is the transaction claim made by the card user genuine?

The authenticity of the cardholder is generally achieved by entering a personal identification number (PIN) which is verified by or with the smart card before sensitive processes are initiated. Such a PIN can be entered via a keypad, e.g. keypad 56 in Fig. 2, or via a keypad integrated in the card (not shown).

It is generally recognized that it is necessary to establish card authenticity prior to the transfer of values in order to prevent fraudulent values from being loaded into or dispensed through the card. However, this requirement appears fundamental in many implementations because it is not possible to confirm the authenticity of the value data exchange at the service point.

Taking into account the dispersion of the value of a card, card authentication is unnecessary, provided that the card itself can produce an authentication certificate for the data originating from it, so that the certificate can be tested by any other entity. This has important consequences for remote card authentication or home banking applications, since the need for a trusted card authentication device is eliminated from the point of view of card acceptance. This possibility also enables any intermediary entity handling the value message between the card and the entity guaranteeing the amount to test the authenticity of the data so that settlement actions are undertaken. In this sense, the possibility exists for true electronic currency circulation. Considering value input, if a data value originating from a card can be shown to be genuine, then it is assumed that only a genuine card can correctly perform the attestation calculation. Therefore, if only a genuine card can output a correct value, then the requirement to prevent the loading of counterfeit values can easily be met by designing authentic cards so that they themselves reject the attempt to load a counterfeit value.

Since the card includes the ability to generate certificates, it can therefore verify a certificate as well. This can be done in a fourth embodiment of the invention by calculating a certificate for the data value to be loaded, presented to the card in the same way as is done by the card itself, and appending the certificate to the value to be loaded. The card can repeat the process and compare the result with the presented certificate. The assumption is that only the value issued by the guaranteeing entity can correctly load a value in such a way that it can be assumed that this entity knows the secret certificate calculation method.

However, this method would require that the entity generating the loaded value certificate have a record of each card secret available (given the potential size of the card network, the possibility that different value generators may wish to load values, and the highly desirable need for unique authentication of each card), so this requirement may become unmanageable.

The primary advantage of the embodiments described above is that any entity can easily verify the authenticity of data originating from another entity. If it is assured that the source of the data values to be loaded was a similar entity to the entity accepting the load, then any other entity, including the target card itself, can similarly easily test the loaded data for authenticity before acceptance.

Thus, the need to determine the authenticity of a card, or conversely, the need for the card to authenticate the charging device, is eliminated when the public message authentication technique is used, as described in the third embodiment.

Therefore, the fourth embodiment of the invention provides an apparatus and method for avoiding the need for trusted terminal devices that may have the ability to add information or value to the units of the set by presenting such information with an authenticity certificate so that the member unit can determine the authenticity of the information presented by the recognized source prior to accepting it. In the fourth embodiment, it is possible for the member unit (smart card) to both generate its own certificates and test certificates of other units by, in the first case, using the methods of the third embodiment to generate certificates and, in the second case, using the complementary methods of the third embodiment to test the certificates.

In this fourth embodiment, the card may further contain the Fi, N and e values stored therein appropriate for each load value generator authorized by the card issuer to perform the value load function. Typically, all generators should have the same public factors Fi and public key e , with individual integrity achieved using different N values.

Although in the preferred embodiments the computations within the card 30 and the acceptor 32, the message source unit 30A and the message authentication unit 32A have been described as being effected by the microprocessors 36, 50, 36A, 50A, it should be understood that with modification each microprocessor may be associated with a corresponding computation unit which performs the function

f(P) = P M (mod N)

executes.

Such an associated circuit may use shift register and serial adder/subtractor elements so that a value M is multiplied by a value P while, if necessary, simultaneously subtracting the value N to achieve the desired product value PM (mod N) within a single calculation cycle. Through this unit, the function

with the progressively offered values Si as indicated by the values of the bits vi of V .

The embodiments described above provide a high level of security for both the authentication of the entities and the certification of the messages. However, it is apparent that depending on the system implementation, an intelligent attacker can compromise a system using such authentication and/or certification methods, as will now be explained. Thus, since the factors Fi and Si are selected according to the value of V for multiplication, it follows that if the system design provides a suitably modified authentication device to produce any desired values of V, for example if the values

Va = 3 (decimal) = 011 (binary)

and Vb = 7 (decimal) = 111 (binary)

can be freely selected, then the corresponding Y-values

Ya = S1 S2; (mod N)

and Yb = S₁ S₂ S₃ (mod N)

generated.

There

S3; = Yb/Ya = (S₁ S₂ S₃) / (S₁ S₂) (mod N)

is known. Similarly, any desired Si can be determined, provided division operations can be performed. Due to the modulus N operation on Ya and Yb, a simple division will not necessarily give a correct value. However, since N is composed of (usually two) large primes, most numbers in the range 1 to N-1 have a modulus N reciprocal, i.e., given Y, there is generally a value Y-1 such that

Y Y⊃min;¹ = 1 (mod N)

is.

Well-known mathematical methods can be used to find such a reciprocal Y⊃min;¹. Therefore,

S3; = Yb Ya⊃min;¹ (mod N)

determined, and similar procedures can also be used to determine the remaining Si values in general. If the determined Si values are available, the intelligent attacker can fraudulently carry out the authentication and certification procedures using suitable hardware.

To avoid such an attack, it should be made impossible to read V values that contain a set of Y Values that can be manipulated to determine individual factors Si.

In a fifth embodiment of the invention, this problem is reduced by including an additional public parity factor Fp and an associated secret factor Sp in the system, where

Sp = Fpd (mod N)

and ensure that, using Sp if necessary, all Y values are the product of an even number of factors, thus preventing the determination of any single factor. For example, with this arrangement,

for V = 1 (decimal), Y = S₁ Sp (mod N)

for V = 2 (decimal), Y = S₂ Sp (mod N)

for V = 3 (decimal), Y = S₁ S₂ (mod N), etc.

Therefore, in the arrangement described with reference to Fig. 1, a card issuer selects an additional public factor Fp, calculates Sp and stores Sp on the cards to be issued. Similarly, in the message validation system described with reference to Figs. 3 and 4, the additional secret parity factor Sp is stored in the PROM 42A and the corresponding public parity factor Fp is stored in the RAM 52A. In the specific detection arrangement described with reference to Fig. 5, again the secret parity factor Sp is stored in the secure PROM 42B in addition to the SID value, and in this arrangement there is the further advantage that V can be in the whole range from 0 to 2n-1. This is desirable for message certification as it eliminates any need to adjust the message verification result. Therefore, in this arrangement

for V = 0 (decimal), Y = SID Sp (mod N)

for V = 1 (decimal), Y = SID S�1 (mod N)

for V = 2 (decimal), Y = SID S₂ (mod N)

for V = 3 (decimal), Y = SID S₁ S₂ Sp (mod N), etc.

Although it can be argued that if the fifth embodiment is used, an attacker can selectively evaluate all factor pairs,

e.g. B. S1; S2; = V3; V₀⊃min;¹

and use these pairs to generate fake certificates in a message certification scheme, so that such an attack is made impossible due to the number of pairs that would have to be obtained and used fraudulently in the system, where n has a suitably large value.

Another way to prevent selective extraction of Si values by an attacker is to ensure that any Y value is not evenly related to any other Y value. This can be achieved by including a variable component in the Y calculation that cannot be controlled or predicted by an attacker. Such a variable component should be chosen from a sufficiently large set of possible component values to make repeated occurrence of any specific value statistically unlikely. That is, the number of Y values required to ensure that the same variable component is included in the calculation should be unacceptably large for the attacker.

It is evident that the Y values actually form a basic set of pseudorandomly distributed 2n values within the set bounded by 1 and N-1. Second, it is evident that the computational separation of these Y values is actually well-determined. Applying a shift value to all Y values in the basic set would actually produce another set of well-separated Y values within the set 1, N-1. Provided that the number of Y sets that could be produced by a shift was large enough to to be statistically unambiguous, the mathematical extraction of the factors indicating a certain Y-value becomes impractical, unless the set shift value was known, since the number of valid Y-values within a set 1, N-1 would be increased from 2n to 2n times the number of Y-sets.

In the extreme case, assuming that the number of Y-sets was N-1, then the number of valid Y-values would be 2n(N-1). This would raise the probability that an entity producing a Y-value was authentic or that a message from the entity was authentic from 2n to 2n(N-1). For common N-values of 2⁵¹² < N < 2⁵¹³, then the degree of authenticity probability would be 2n 2⁵¹². This is not the case in practice, since the degree of available Y-values is N-1, which limits the probability to 1 : (N-1). Of course, since this degree of probability far exceeds any acceptable requirement, the number of Y-sets can be reduced significantly. If s is equal to the number of binary bits available to denote the record number, then the number of records would be 2s, giving an authenticity probability of 2n 2s or 2n+s. Note that n and s can in principle be varied in size to achieve the level of probable authenticity protection desired in the system. However, since the 2n component can be extended beyond V by an attacker, the 2s component should be large enough to render such an attack useless. Also note that n determines the range of V and should be large enough to preclude undetected manipulation of the message content if V originates from a control function of a message.

In such a system, it is necessary to transmit to the authenticator the Y-set, which is used for a special Y-calculation by the certifying unit is used. If this is revealed directly as a shift value, then the above attacks can still be carried out, since reversing the shift process would yield the original set of Y values, and so by extracting it, the set of Si values. Consequently, the shift value or set identifier should be provided in a way that is ordinarily usable by the authenticator for checking the Y, but not for creating the Y.

For example, it is possible to include in the authentication protocol a fixed value Fset that is passed to the authenticator for each Y calculation. Fset is determined by the certifier by selecting a set number Sset and calculating

Fset = Sset (mod N)

generated. It should be noted that Sset cannot be determined from Fset without knowledge of d. For the unit authentication

(i) the unit selects a Sset

(ii) calculate Fset = Ssete (mod N)

(iii) transmits Fset to the authentication device, which

(iv) selects a V value and passes this value to the unit that

(mod N) is calculated, which is transmitted to the authentication device Y by

= Xact = Ye (mod N)

checks.

It is to be noted that, since F set is a pseudorandom distribution within the set 1, N-1, of where it is not possible to determine Sset, then it is not necessary to choose Sset randomly. Protection against analytical attacks can be obtained merely by ensuring that Sset does not repeat predictably within an attack session. One such method of achieving this is to run an increasing count for Y calculations and use this count to update Sset. This method has the further advantage of providing the entity creator with a cryptographic test procedure for loss or duplication messages transmitted to it from the source entity.

Therefore, in a sixth embodiment of the invention for message certification where Sset is a function of the counter value,

SID = FIDd (mod N)

Si = Fid (mod N)

Sp = Fpd (mod N) optionally included if V has even parity,

and the certificate Y is computed over a message containing FID, Fset therein, where Fset = Ssete (mod N).

To generate the Sset counter values, a hardware counter can be provided in a smart card or device to be authenticated, such as the card 30 in Fig. 2, or in a message source unit, such as the message source unit 30A in Fig. 3. Alternatively, the microprocessor 36 or 36A therein can be programmed to provide a counting function using the storage areas in the RAM memory 38 or 38A. A similar device can be used when a specific recognition factor SID and an associated FID are used, as described above with reference to the third embodiment of the invention.

In the device just considered, the protocol is increased by the inclusion of Fset. This is unimportant for interactive entity authentication by locally communicating devices, but may lead to unacceptable oversize for message certification.

Another method of pseudorandomly varying the principle of Y values, which does not add anything significant to the protocol, is to use pre-calculated displacement values, the selection of which is notified to the authenticator.

In a seventh embodiment of the invention, V, consisting of n bits, is divided into two parts Vs and Va, where Vs is chosen by the certifier and Va is chosen as before in the authenticator (or determined by the message content). The number of bits in each of Vs and Va is predetermined. For example, where n = 32, each of Vs and Va may have 16 bits. The bits of Vs are used to select the Sset shift value with the bits of Va used to select the Sa values. It is also noted that the Sset shift values may be combined to obtain 2ns shift values, where ns is the number of basic shift values available.

Therefore, in the seventh embodiment

Xact = Ye (mod N), as before.

The values Ssi = Fsid (mod N) are stored by the certifier (smart card or card source device) and used in a similar manner to the Sai values, but chosen pseudorandomly by the certifier.

The Fsi values are made publicly available in the same way as the Fai values.

In this embodiment, the Vs would be included in the certified message instead of Fset (and decomposed for Va).

Therefore, for message certification, where the specific determining factors

SID and FID are used,

M = Vs, FID, message.

As in the second embodiment, a change-sensitive transformation H of the composite message M is formed and the value of Va is derived therefrom. The following calculations are then carried out:

From the above it is evident that the authenticity of a particular Y-value is, as before, 1 : N. The authenticity of the unit producing the Y-value (unit counterfeit) is determined by the number of bits in Vs and Va and is therefore 1 : 2ns+na.

Claims (22)

1. Method for producing a unit (30, 30A) with the steps: (a) selecting a modulus N that is a product of at least two prime numbers; (b) selecting an integer e as a relative prime with respect to φ(N), where φ(N) is the Eulerian totient function of N; and (c) determining an integer d such that e.d = 1 (mod φ(N)), characterized by the steps: (d) Selecting a set of n public factors F₁, ..., Fn (0< Fi< N); n&ge;2; (e) Calculate Si = Sid (mod N) for i=1, ..., n; and (f) Storing n values Si (i=1, ..., n) and the value N in the unit. 2. Method according to claim 1, characterized in that the n values Si are stored in a programmable read-only memory (PROM) (42, 42A, 42B) contained in the unit (30, 30A). 3. Method according to claim 2, characterized in that the unit (30, 30A) contains processing devices (36, 36A) and input/output devices (44, 44A). 4. Method according to claim 1, characterized by the steps: (g) Assigning a public factor FID specific to the unit; (h) Calculate SID = FIDd (mod N); and (i) Store the SID value in the unit. 5. Method for authenticating a unit (30, 30A) manufactured according to one of claims 1 to 4, characterized by the steps: (j) Establishing communication of the unit (30, 30A) with an authenticity confirmation device (32, 32A); (k) generating an n-bit binary string V = Vi (i=1, ..., n) in the authentication device (32, 32A); (l) Transferring the binary string V to the unit (30, 30A); (m) Calculating (n) transmitting Y into the authentication device (32, 32A); (o) Calculating Xact = Ye (mod N) in the Authentication device; and (p) Comparing Xref and Xact. 6. Method according to claim 5, characterized in that the authentication device (32, 32A) includes storage devices (52, 52A) suitable for storing the public factors F₁, .., Fn and the values of N and e. 7 A method according to claim 6, characterized by the step of repeating steps (k) to (p) a plurality of times using random values of V. 8. Method for confirming a message M generated by or presented to a unit (30, 30A) manufactured according to one of claims 1 to 4, characterized by the steps: (q) computing a change-sensitive transformation H of the message M; (r) Generate an n-bit binary string V = vi (i=1, ..., n) using the calculated value of H; (s) Calculating (t) appending Y as a message authentication code (MAC) for the message M. 9. Method according to claim 8, characterized in that the step (q), calculating the change-sensitive transformation H is carried out by calculating H = Me (mod N). 10. Method according to claim 8 or 9, characterized in that the step (r), generating an n-bit binary string V, is carried out by the steps: (u) converting H into a binary value J; (v) segmenting J into subfields of length n; and (w) Adding the individual subfields together modulo 2 to form the n-bit binary string V. 11. Method according to one of claims 5 to 10, characterized in that in step (m) and in step (s) the value of Y is calculated according to the formula where Sset is selected in the unit (30, 30A) by the steps (x) Calculate Fset = Ssete (mod N) in the unit (30, 30A) and (y) transmitting F set to the authentication device (32, 32A); and that in step (o) the value of Xref is calculated according to the formula 12. The method of claim 11, characterized in that Sset is selected according to a count value that is incremented for each Y calculation. 13. Method according to claim 12, characterized in that Sset is determined by calculating a product in the Unit (30, 30A) including a selection of a set Ssi of factors Si, the selection being made according to a binary string Vs= vsi generated in the unit (30, 30A), the value of Y being calculated according to the formula with vai values corresponding to the bits of the n-bit binary strings generated in the authentication device (32, 32A); by the step: (z) transmitted from Vs to the authenticating device (31, 32A), and that the value Xref in the authenticating device (32, 32A) is calculated according to the formula 14. Method according to one of claims 5 to 13, characterized in that in step (m) and in step (s) the value of Y is calculated using selectively an additional predetermined factor Sp such that the total number of factors included in the calculation of Y is even, and in step (o) the value of Xref is calculated using selectively an additional factor Fp accordingly, wcbei Sp = Fpd. 15. A unit (30, 30A) comprising processing devices (36, 36A), input/output devices (44, 44A) and storage devices (42, 42A, 42B), characterized in that the storage devices (42, 42A, 42B) store a module N which is the product of at least two prime numbers and a group of n≥ 2 factors Si (i=1, ..., n), where i = Fid (mod N), where d is the secret key counterpart of a public key e associated with the module N, and Fi (i=1, ..., n) n are public factors, with 0<Fi< N and that the processing devices (36, 36A) are suitable where V = Vi represents an n-bit binary string. 16. A unit according to claim 15, characterized in that the storage devices (42A, 42B) are further adapted to store the value of the public key e and that the processing devices are further adapted to H = Me (mod N), where M is a message to be transmitted by the unit (30, 30A), converting H into a binary n-bit vector V, and using the bits vi of the calculated vector V, and that the input/output devices (44, 44A) are adapted to transmit Y as a message authentication code (MAC) associated with the message. 17. A unit according to claim 15 or 16, characterized in that the storage device (42B) stores a public factor FID which is specific to the unit and a value SID with SID = FIDd (mod N). 18. A unit according to any one of claims 15 to 17, characterized in that the value of Y includes an additional factor Sset which is dependent on a count value which is incremented for each Y calculation. 19. A unit according to any one of claims 15 to 18, characterized in that the storage means (42, 42A, 42B) store an additional parity factor Sp and that the processing device (36, 36A) is adapted to calculate the value of Y by selectively including the additional parity factor Sp in the expression for Y such that the total number of factors included in the calculation of Y is even. 20. An authentication device (32, 32A) for use with a unit (30, 30A) according to any one of claims 15 to 19, comprising further processing devices (50, 50A), further input/output devices (64, 64A) and further storage devices (52, 52A), characterized in that the further storage devices (52, 52A) store n≥2 public factors Fi (i=1, ..., n), the modulus N and the public key e, and wherein the further processing devices (50, 50A) are adapted to use the stored values of Fi, N and e Xref = Ye (mod N) and compare Xref with Xact. 21. Authentication device according to claim 20 for use with a unit according to claim 17, characterized in that the further processing devices are suitable to calculate. 22. A unit according to any one of claims 15 to 19, characterized in that the unit contains an authenticating device according to claim 20 or claim 21.