EP1129436A1 - Verschlüsselungsverfahren und vorrichtung dafür - Google Patents

Verschlüsselungsverfahren und vorrichtung dafür

Info

Publication number
EP1129436A1
EP1129436A1 EP98954915A EP98954915A EP1129436A1 EP 1129436 A1 EP1129436 A1 EP 1129436A1 EP 98954915 A EP98954915 A EP 98954915A EP 98954915 A EP98954915 A EP 98954915A EP 1129436 A1 EP1129436 A1 EP 1129436A1
Authority
EP
European Patent Office
Prior art keywords
token
signature
user data
symmetric key
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP98954915A
Other languages
English (en)
French (fr)
Inventor
Teow Hin Ngair
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Kent Ridge Digital Labs
Original Assignee
Kent Ridge Digital Labs
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kent Ridge Digital Labs filed Critical Kent Ridge Digital Labs
Publication of EP1129436A1 publication Critical patent/EP1129436A1/de
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means

Definitions

  • This invention relates to a method of encryption and apparatus therefor, particularly for use with a token such as a smart card.
  • Smart cards which contain onboard memory and computer processing ability are known.
  • One application for such smart cards is for use as tokens for electronic transactions particularly in the banking sector.
  • the card is used to "sign" a transaction digitally so that the instructed party (a bank in a funds transfer operation, for example) knows that the transaction is instructed by the holder of the card.
  • Such a transaction begins with the holder inserting the card into a suitable reader connected to a computer terminal in communication with the bank via a telephone line or the internet.
  • the use of a PIN number known only to the holder grants initial access by the holder to the functions provided by the bank to the card holder.
  • the holder can then instruct a transaction and the transaction is authenticated by a public/private key operation using the card.
  • the card provides this by holding a private key of the holder and digitally signing the data. Subsequent verification by the bank using the holder's public key will identify that the digitally signed instruction came from the holder's card unambiguously.
  • a disadvantage of transactions such as this is that current smart cards only have limited onboard processing power and since a private key operation requires high computational power, it is not feasible to provide the private key operation for the transaction in the card itself. Instead, this is performed by the terminal to which the card reader is connected. This requires that the private key be provided by the card to the terminal so that the operation may be performed. Once the private key has left the card, however, the security provided by the card will be at risk since the private key may be intercepted or copied. Once this has occurred, it is possible for the holder to be impersonated, since the private key relied upon for authentication of the transaction has been compromised.
  • a method of encryption for creating token bound output data from user data using a symmetric key capable token comprising the steps of a. providing the user data or a representation thereof as an input to a symmetric key operation supported by the token, b. retrieving the output of the symmetric key operation as a token signature; and c. combining the token signature with the user data or representation to generate the token bound output data.
  • said representation is a fingerprint of the user data, most preferably generated using a hash function
  • the method may further comprise the step of generating a session key for each symmetric key operation and the session key may be generated by modifying a symmetric key stored in the token number with a random number.
  • steps (a) and (b) may be conducted recursively and the respective token signatures combined as a single combined token signature and/or the method may further comprise the steps of: (i) processing the output data to generate a further input related to the output data;
  • the user data or representation may also be split into a plurality of blocks and separate token signatures are generated for each block, the token signatures being all combined with the user data or representation to generate the token bound output data.
  • the output data is used as an input parameter to a private/public key signature generation operation, to form a private/public key signature for the user data.
  • the invention further provides a method of verifying token bound output data created by the above method by regenerating the token signature using the symmetric key to verify the token, the symmetric key preferably being held by a secure access module at a remote location.
  • a method of generating a private key signature in respect of user data using a token comprising the steps of: a. providing the user data or a representation thereof as an input to a symmetric key operation supported by the token; b. retrieving the output of the symmetric key operation as a token signature; c. combining the token signature with the user data to generate token bound output data; and d. providing the output data as an input parameter to a private key signature generation operation, to form a private key signature for the user data.
  • the method of the second aspect may further comprise the steps of using a signature verification operation to verify the token bound output data and re-generating the token signature using the symmetric key to verify the token.
  • the invention extends to apparatus for performing the above methods.
  • a token for an electronic transaction the token supporting a symmetric key operation to generate a token signature from input data.
  • the token further stores a private key for a digital transaction signature operation and is embodied as a smartcard.
  • on-line symmetric key authentication of the smart card by a Secure Access Module is employed on top of a private/public key system.
  • the former binds the transaction to the physical smart card that the user is holding.
  • a two-layer security system is provided in which basic transaction-related operations are protected by the private/public key system and the symmetric key encryption binds these operations with the user's smart card.
  • FIG. 1 is a schematic diagram of the main structural elements involved in an electronic transaction using the embodiment of the invention.
  • Multi Payment Card Operating System smartcard and to use of existing features of this card to provide enhanced cryptographic security. It will be appreciated, however, that the invention is equally applicable for use with other smartcards and tokens generally.
  • a Gemplus MPCOS smartcard 10 is shown.
  • the smartcard includes an onboard processor and memory chip 20 connected to data input/output terminals 30.
  • the smartcard 10 is insertable in a reader 40 which includes contacts (not shown) which engage the terminals 30 thus allowing the card to communicate through the reader 40.
  • the reader 40 is connected to a computer terminal 50 which is in turn connectable via a direct dial-in connection or via the internet to an entity to be instructed, for example an on-line computer 60 at a bank.
  • the bank's computer 60 is further connectable to a Secure Access Module (SAM) 70 which stores at least one symmetric key also held by the card 10 as described hereinafter.
  • SAM 70 may be present in the Bank itself or may be held by a trusted third party.
  • the smartcard 10 of the embodiment of the invention stores not only a private key for electronic transaction use but also a symmetric key such as a triple DES key, for a symmetric encryption operation.
  • the symmetric key is used is the embodiment of the invention to encrypt transaction dependent information which then forms part of the public/private key operation described with reference to the prior art. Since symmetric encryption requires relatively less computational power, this encryption can be conducted by the card processor, so that the symmetric key need never leave the card and thus its security is not compromised.
  • cryptographic binding of the smartcard to the private key stored therein can be achieved by injecting a smartcard "signature" into the transaction, based on the symmetric key held by the card.
  • a smartcard signature for a MPCOS Smartcard is via the SELFK command using a card specific key K. More information on this secure messaging command may be found in the Gemplus "MPCOS-3DES Reference Manual".
  • a generic smartcard signature generation operation using SELFK command has the following steps:
  • the terminal software generates a 8-byte number R, which is essentially random, such as a hash value of user data.
  • the terminal sends the command SELFK (R, Kindex) to the MPCOS card to generate a card signature, where Kindex indicates the secret symmetric key K held by the card to be used for encryption (the card may have several keys, each having a different Kindex) .
  • the terminal retrieves both the smartcard signature S and card random number CR.
  • the bank sends these values together with the card serial number (CSN) and Kindex to the SAM 70 which securely holds the symmetric keys associated with the card to re-compute the value of S. If the two S values do match, the bank can be sure that the MPCOS card with the CSN serial number is indeed present. To prevent misuse, the comparison of the S values should only be done in the SAM 70 itself. The comparison result is then output to the bank computer 60.
  • the SAM 70 needs to store the card specific key K. Since many keys for different cards 10 will need to be stored, the SAM 70 may hold a master key, from which all the specific keys K can be derived. The SAM 70, however, needs to be held in a secure environment, for example in the data centre of the bank or other secure premises and guarded with a sound and secure policy.
  • the MPCOS card only outputs the 4 least significant bytes of S as a security measure. Therefore, only the 4 least significant bytes are sent by terminal 40 and compared by the SAM 70. However, 4 bytes of signature S may not provide sufficient security strength to prevent an exhaustive search attack.
  • the signature algorithm is preferably, therefore, extended as follows: 1. The terminal software generates the number R.
  • the terminal sends the command SELFK (R, Kindex) to the MPCOS card.
  • the MPCOS card generates a 8-byte random number CR 2c.
  • the terminal retrieves both the 4 byte output value S and 8-byte card random number CR. 2e.
  • the terminal concatenates S to an initially empty buffer S' , and similarly concatenates CR to an initially empty buffer CR' .
  • cryptogram S' can have any length, depending upon the number of iterations n and can be used as the MPCOS card signature of the input value R.
  • the signature S' is notionally divided into n four byte elements and corresponding n eight byte elements of random number CR' .
  • the SAM 70 then repeats the algorithm noted using the initial input R, the elements of CR' and the hash function H to generate and verify the elements of S'.
  • S' should preferably have a length of at least 128-bits. This can be achieved by setting the loop number n in step 2 to 4.
  • the implementation may make use of the latest advancements in hash function technology. In particular, use could be made of the HMAC algorithm (Internet RFC 2085, 2104 and 2202) or the simultaneous use of both MD5 and SHA in a secure socket layer protocol (SSL v3) .
  • the smartcard signature is applied to a transaction as follows :
  • a digital transaction signature operation is required to verify the user requesting the transaction.
  • the digital transaction signature usually consists of applying a private key operation p to the hash value h (D) of a document D, which is the value R referred to above, such a signature being denoted by p (h (D) ) .
  • the transaction signature is modified to p (h (D ⁇ ⁇ S (h (D ) ) ) or p (h (D
  • the private key operation instead of applying the private key operation to the document directly, this is applied to the hash function fingerprint of the concatenation of the document and the smart card signature of the document.
  • the smartcard does not have sufficient computing power to perform the private key operation. Therefore, the private key is output from the card to the terminal 50 which computes the private key operation which generates the digital transaction signature before sending this to the bank computer 60 together with the document, the token signature, the card serial number (CSN) and Kindex.
  • the bank computer 60 then performs a public key operation using the document transaction signature, the user's public key, the smartcard signature and the document, to verify the document transaction signature.
  • the bank then generates the hash function fingerprint h(D) of the document.
  • the smartcard signature S(R) , card serial number CSN and the hash function fingerprint h(D) are then sent to the SAM 70 which performs the symmetric encryption operation on h(D) using the symmetric key it holds and CR (CR') from the card signature and compares the result with S (S') from the card signature to determine if the signature came from the card identified by the card serial number. If so, an indication is given to the bank computer 60 thus providing a verification that the transaction was conducted with the physical presence of the card 10.
  • h (D) is longer than the 8-byte number R needed for generating the smart card signature.
  • h (D) can be split into 8-byte blocks of h (D) x , ..., h (D) m (discarding any incomplete trailing block) with each block being processed independently. These processed blocks are then concatenated so that the transaction signature is modified to p (h (D ⁇ ⁇ S (h (D) 1 ) I
  • Each block can be processed to form a concatenated signature S' as discussed above.
  • the loop count 2a-2f above for each S' can be correspondingly reduced to balance between security and data length.
  • a variation of the method using the following steps can prevent such an attack, by providing a means for the smartcard to encrypt an input related to the signature with the card's session key:
  • a cryptogram can be generated from the MPCOS card that assures that the digital transaction signature is generated during the same session as the last SELFK command used to create the smartcard signature using the following steps:
  • the value read in step 5 is added to the digital transaction signature.
  • the SAM 70 then checks encrypted value m as part of the smartcard signature verification routine. With this enhancement, a positive verification by the SAM 70 securely indicates that the public key signature is indeed generated during one single smart card session.
  • the embodiment described is not to be construed as limitative.
  • the invention is applicable to other kinds of tokens other than smartcards such as a PCMCIA token.
  • the token signature generating method can be used on its own or with other encryption or digital signing techniques, not limited to public/private key operations for digital transaction signature generation as described.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Storage Device Security (AREA)
EP98954915A 1998-11-10 1998-11-10 Verschlüsselungsverfahren und vorrichtung dafür Withdrawn EP1129436A1 (de)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/SG1998/000088 WO2000028493A1 (en) 1998-11-10 1998-11-10 A method of encryption and apparatus therefor

Publications (1)

Publication Number Publication Date
EP1129436A1 true EP1129436A1 (de) 2001-09-05

Family

ID=20429886

Family Applications (1)

Application Number Title Priority Date Filing Date
EP98954915A Withdrawn EP1129436A1 (de) 1998-11-10 1998-11-10 Verschlüsselungsverfahren und vorrichtung dafür

Country Status (3)

Country Link
EP (1) EP1129436A1 (de)
AU (1) AU1184499A (de)
WO (1) WO2000028493A1 (de)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1316171A4 (de) 2000-08-04 2006-05-03 First Data Corp Personen- und kontobezogenes digitales unterschriftssystem
KR20020076750A (ko) * 2001-03-30 2002-10-11 주식회사 하렉스인포텍 이동통신단말기에 금융정보를 내장하여 결제하는 방법 및그 시스템
DE10219731A1 (de) 2002-05-02 2003-11-20 Giesecke & Devrient Gmbh Verfahren zur Ausführung einer Datentransaktion mittels einer aus einer Haupt- und einer trennbaren Hilfskomponente bestehenden Transaktionsvorrichtung
US20130132281A1 (en) * 2011-11-22 2013-05-23 Xerox Corporation Computer-implemented method for capturing data using provided instructions
CN104579677B (zh) * 2014-11-18 2017-12-19 飞天诚信科技股份有限公司 一种安全快速的数据签名方法
CN113067701B (zh) * 2021-03-29 2022-09-02 武汉天喻信息产业股份有限公司 一种更新绑定关系的方法及装置

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3806704A (en) * 1971-08-02 1974-04-23 T Shinal Identification system
US5280527A (en) * 1992-04-14 1994-01-18 Kamahira Safe Co., Inc. Biometric token for authorizing access to a host system
US5422953A (en) * 1993-05-05 1995-06-06 Fischer; Addison M. Personal date/time notary device
US5661803A (en) * 1995-03-31 1997-08-26 Pitney Bowes Inc. Method of token verification in a key management system
JP3570114B2 (ja) * 1996-10-21 2004-09-29 富士ゼロックス株式会社 データ検証方法およびデータ検証システム
KR100372628B1 (ko) * 1996-11-20 2003-02-17 텍섹 인코포레이티드 암호매체

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO0028493A1 *

Also Published As

Publication number Publication date
WO2000028493A1 (en) 2000-05-18
AU1184499A (en) 2000-05-29
WO2000028493A8 (en) 2001-02-01

Similar Documents

Publication Publication Date Title
US5602918A (en) Application level security system and method
US9640012B2 (en) Transaction verification protocol for smart cards
US8559639B2 (en) Method and apparatus for secure cryptographic key generation, certification and use
US6385723B1 (en) Key transformation unit for an IC card
US7254706B2 (en) System and method for downloading of files to a secure terminal
JP4559679B2 (ja) 基本的なレジスタ演算を用いた暗号プリミティブのインプリメント
EP1873960A1 (de) Verfahren zum Ableiten eines Sitzungsschlüssels auf einer IC-Karte
US20020144117A1 (en) System and method for securely copying a cryptographic key
JPH113033A (ja) クライアント−サーバ電子取引においてクライアントの本人確認を確立する方法、それに関連するスマートカードとサーバ、および、ユーザが検証者と共に操作を行うことが認可されるかどうかを決定する方法とシステム
US20070168291A1 (en) Electronic negotiable documents
US8046584B2 (en) Message authentication device
KR20030095341A (ko) 전자티켓 유통시스템에서의 인증방법 및 ic 카드
WO1998052163A2 (en) Ic card transportation key set
JP2003534585A (ja) コンピュータネットワークを越える安全な支払い方法およびそのシステム
CN101770619A (zh) 一种用于网上支付的多因子认证方法和认证系统
JP3980145B2 (ja) チップカード用暗号鍵認証方法および証明書
EP3702991A1 (de) Mobile zahlungen unter verwendung mehrerer kryptographischer protokolle
EP2179533B1 (de) Verfahren und system zur sicheren fernübertragung eines master-schlüssels für eine automatisierte bankschaltermaschine
JP2003501698A (ja) 基本的なレジスタ演算を用いたパラメータの生成
JP2003044436A (ja) 認証処理方法、および情報処理装置、並びにコンピュータ・プログラム
CN101639957A (zh) 一种实现圈存或圈提的方法、终端及银行业务系统
JP3925975B2 (ja) ネットワークシステムにおけるicカード処理方法
KR20220086135A (ko) 블록체인 기반의 전력 거래 운영 시스템
WO2000028493A1 (en) A method of encryption and apparatus therefor
WO1996024997A1 (en) Electronic negotiable documents

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20010514

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): DE FR GB

17Q First examination report despatched

Effective date: 20020521

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20040601