EP1129436A1 - Verschlüsselungsverfahren und vorrichtung dafür - Google Patents
Verschlüsselungsverfahren und vorrichtung dafürInfo
- Publication number
- EP1129436A1 EP1129436A1 EP98954915A EP98954915A EP1129436A1 EP 1129436 A1 EP1129436 A1 EP 1129436A1 EP 98954915 A EP98954915 A EP 98954915A EP 98954915 A EP98954915 A EP 98954915A EP 1129436 A1 EP1129436 A1 EP 1129436A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- token
- signature
- user data
- symmetric key
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
- G06Q20/40145—Biometric identity checks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/409—Device specific authentication in transaction processing
- G06Q20/4097—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
- G06Q20/40975—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
Definitions
- This invention relates to a method of encryption and apparatus therefor, particularly for use with a token such as a smart card.
- Smart cards which contain onboard memory and computer processing ability are known.
- One application for such smart cards is for use as tokens for electronic transactions particularly in the banking sector.
- the card is used to "sign" a transaction digitally so that the instructed party (a bank in a funds transfer operation, for example) knows that the transaction is instructed by the holder of the card.
- Such a transaction begins with the holder inserting the card into a suitable reader connected to a computer terminal in communication with the bank via a telephone line or the internet.
- the use of a PIN number known only to the holder grants initial access by the holder to the functions provided by the bank to the card holder.
- the holder can then instruct a transaction and the transaction is authenticated by a public/private key operation using the card.
- the card provides this by holding a private key of the holder and digitally signing the data. Subsequent verification by the bank using the holder's public key will identify that the digitally signed instruction came from the holder's card unambiguously.
- a disadvantage of transactions such as this is that current smart cards only have limited onboard processing power and since a private key operation requires high computational power, it is not feasible to provide the private key operation for the transaction in the card itself. Instead, this is performed by the terminal to which the card reader is connected. This requires that the private key be provided by the card to the terminal so that the operation may be performed. Once the private key has left the card, however, the security provided by the card will be at risk since the private key may be intercepted or copied. Once this has occurred, it is possible for the holder to be impersonated, since the private key relied upon for authentication of the transaction has been compromised.
- a method of encryption for creating token bound output data from user data using a symmetric key capable token comprising the steps of a. providing the user data or a representation thereof as an input to a symmetric key operation supported by the token, b. retrieving the output of the symmetric key operation as a token signature; and c. combining the token signature with the user data or representation to generate the token bound output data.
- said representation is a fingerprint of the user data, most preferably generated using a hash function
- the method may further comprise the step of generating a session key for each symmetric key operation and the session key may be generated by modifying a symmetric key stored in the token number with a random number.
- steps (a) and (b) may be conducted recursively and the respective token signatures combined as a single combined token signature and/or the method may further comprise the steps of: (i) processing the output data to generate a further input related to the output data;
- the user data or representation may also be split into a plurality of blocks and separate token signatures are generated for each block, the token signatures being all combined with the user data or representation to generate the token bound output data.
- the output data is used as an input parameter to a private/public key signature generation operation, to form a private/public key signature for the user data.
- the invention further provides a method of verifying token bound output data created by the above method by regenerating the token signature using the symmetric key to verify the token, the symmetric key preferably being held by a secure access module at a remote location.
- a method of generating a private key signature in respect of user data using a token comprising the steps of: a. providing the user data or a representation thereof as an input to a symmetric key operation supported by the token; b. retrieving the output of the symmetric key operation as a token signature; c. combining the token signature with the user data to generate token bound output data; and d. providing the output data as an input parameter to a private key signature generation operation, to form a private key signature for the user data.
- the method of the second aspect may further comprise the steps of using a signature verification operation to verify the token bound output data and re-generating the token signature using the symmetric key to verify the token.
- the invention extends to apparatus for performing the above methods.
- a token for an electronic transaction the token supporting a symmetric key operation to generate a token signature from input data.
- the token further stores a private key for a digital transaction signature operation and is embodied as a smartcard.
- on-line symmetric key authentication of the smart card by a Secure Access Module is employed on top of a private/public key system.
- the former binds the transaction to the physical smart card that the user is holding.
- a two-layer security system is provided in which basic transaction-related operations are protected by the private/public key system and the symmetric key encryption binds these operations with the user's smart card.
- FIG. 1 is a schematic diagram of the main structural elements involved in an electronic transaction using the embodiment of the invention.
- Multi Payment Card Operating System smartcard and to use of existing features of this card to provide enhanced cryptographic security. It will be appreciated, however, that the invention is equally applicable for use with other smartcards and tokens generally.
- a Gemplus MPCOS smartcard 10 is shown.
- the smartcard includes an onboard processor and memory chip 20 connected to data input/output terminals 30.
- the smartcard 10 is insertable in a reader 40 which includes contacts (not shown) which engage the terminals 30 thus allowing the card to communicate through the reader 40.
- the reader 40 is connected to a computer terminal 50 which is in turn connectable via a direct dial-in connection or via the internet to an entity to be instructed, for example an on-line computer 60 at a bank.
- the bank's computer 60 is further connectable to a Secure Access Module (SAM) 70 which stores at least one symmetric key also held by the card 10 as described hereinafter.
- SAM 70 may be present in the Bank itself or may be held by a trusted third party.
- the smartcard 10 of the embodiment of the invention stores not only a private key for electronic transaction use but also a symmetric key such as a triple DES key, for a symmetric encryption operation.
- the symmetric key is used is the embodiment of the invention to encrypt transaction dependent information which then forms part of the public/private key operation described with reference to the prior art. Since symmetric encryption requires relatively less computational power, this encryption can be conducted by the card processor, so that the symmetric key need never leave the card and thus its security is not compromised.
- cryptographic binding of the smartcard to the private key stored therein can be achieved by injecting a smartcard "signature" into the transaction, based on the symmetric key held by the card.
- a smartcard signature for a MPCOS Smartcard is via the SELFK command using a card specific key K. More information on this secure messaging command may be found in the Gemplus "MPCOS-3DES Reference Manual".
- a generic smartcard signature generation operation using SELFK command has the following steps:
- the terminal software generates a 8-byte number R, which is essentially random, such as a hash value of user data.
- the terminal sends the command SELFK (R, Kindex) to the MPCOS card to generate a card signature, where Kindex indicates the secret symmetric key K held by the card to be used for encryption (the card may have several keys, each having a different Kindex) .
- the terminal retrieves both the smartcard signature S and card random number CR.
- the bank sends these values together with the card serial number (CSN) and Kindex to the SAM 70 which securely holds the symmetric keys associated with the card to re-compute the value of S. If the two S values do match, the bank can be sure that the MPCOS card with the CSN serial number is indeed present. To prevent misuse, the comparison of the S values should only be done in the SAM 70 itself. The comparison result is then output to the bank computer 60.
- the SAM 70 needs to store the card specific key K. Since many keys for different cards 10 will need to be stored, the SAM 70 may hold a master key, from which all the specific keys K can be derived. The SAM 70, however, needs to be held in a secure environment, for example in the data centre of the bank or other secure premises and guarded with a sound and secure policy.
- the MPCOS card only outputs the 4 least significant bytes of S as a security measure. Therefore, only the 4 least significant bytes are sent by terminal 40 and compared by the SAM 70. However, 4 bytes of signature S may not provide sufficient security strength to prevent an exhaustive search attack.
- the signature algorithm is preferably, therefore, extended as follows: 1. The terminal software generates the number R.
- the terminal sends the command SELFK (R, Kindex) to the MPCOS card.
- the MPCOS card generates a 8-byte random number CR 2c.
- the terminal retrieves both the 4 byte output value S and 8-byte card random number CR. 2e.
- the terminal concatenates S to an initially empty buffer S' , and similarly concatenates CR to an initially empty buffer CR' .
- cryptogram S' can have any length, depending upon the number of iterations n and can be used as the MPCOS card signature of the input value R.
- the signature S' is notionally divided into n four byte elements and corresponding n eight byte elements of random number CR' .
- the SAM 70 then repeats the algorithm noted using the initial input R, the elements of CR' and the hash function H to generate and verify the elements of S'.
- S' should preferably have a length of at least 128-bits. This can be achieved by setting the loop number n in step 2 to 4.
- the implementation may make use of the latest advancements in hash function technology. In particular, use could be made of the HMAC algorithm (Internet RFC 2085, 2104 and 2202) or the simultaneous use of both MD5 and SHA in a secure socket layer protocol (SSL v3) .
- the smartcard signature is applied to a transaction as follows :
- a digital transaction signature operation is required to verify the user requesting the transaction.
- the digital transaction signature usually consists of applying a private key operation p to the hash value h (D) of a document D, which is the value R referred to above, such a signature being denoted by p (h (D) ) .
- the transaction signature is modified to p (h (D ⁇ ⁇ S (h (D ) ) ) or p (h (D
- the private key operation instead of applying the private key operation to the document directly, this is applied to the hash function fingerprint of the concatenation of the document and the smart card signature of the document.
- the smartcard does not have sufficient computing power to perform the private key operation. Therefore, the private key is output from the card to the terminal 50 which computes the private key operation which generates the digital transaction signature before sending this to the bank computer 60 together with the document, the token signature, the card serial number (CSN) and Kindex.
- the bank computer 60 then performs a public key operation using the document transaction signature, the user's public key, the smartcard signature and the document, to verify the document transaction signature.
- the bank then generates the hash function fingerprint h(D) of the document.
- the smartcard signature S(R) , card serial number CSN and the hash function fingerprint h(D) are then sent to the SAM 70 which performs the symmetric encryption operation on h(D) using the symmetric key it holds and CR (CR') from the card signature and compares the result with S (S') from the card signature to determine if the signature came from the card identified by the card serial number. If so, an indication is given to the bank computer 60 thus providing a verification that the transaction was conducted with the physical presence of the card 10.
- h (D) is longer than the 8-byte number R needed for generating the smart card signature.
- h (D) can be split into 8-byte blocks of h (D) x , ..., h (D) m (discarding any incomplete trailing block) with each block being processed independently. These processed blocks are then concatenated so that the transaction signature is modified to p (h (D ⁇ ⁇ S (h (D) 1 ) I
- Each block can be processed to form a concatenated signature S' as discussed above.
- the loop count 2a-2f above for each S' can be correspondingly reduced to balance between security and data length.
- a variation of the method using the following steps can prevent such an attack, by providing a means for the smartcard to encrypt an input related to the signature with the card's session key:
- a cryptogram can be generated from the MPCOS card that assures that the digital transaction signature is generated during the same session as the last SELFK command used to create the smartcard signature using the following steps:
- the value read in step 5 is added to the digital transaction signature.
- the SAM 70 then checks encrypted value m as part of the smartcard signature verification routine. With this enhancement, a positive verification by the SAM 70 securely indicates that the public key signature is indeed generated during one single smart card session.
- the embodiment described is not to be construed as limitative.
- the invention is applicable to other kinds of tokens other than smartcards such as a PCMCIA token.
- the token signature generating method can be used on its own or with other encryption or digital signing techniques, not limited to public/private key operations for digital transaction signature generation as described.
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Accounting & Taxation (AREA)
- General Physics & Mathematics (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Finance (AREA)
- Computer Security & Cryptography (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Computer Networks & Wireless Communication (AREA)
- Storage Device Security (AREA)
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/SG1998/000088 WO2000028493A1 (en) | 1998-11-10 | 1998-11-10 | A method of encryption and apparatus therefor |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1129436A1 true EP1129436A1 (de) | 2001-09-05 |
Family
ID=20429886
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP98954915A Withdrawn EP1129436A1 (de) | 1998-11-10 | 1998-11-10 | Verschlüsselungsverfahren und vorrichtung dafür |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP1129436A1 (de) |
AU (1) | AU1184499A (de) |
WO (1) | WO2000028493A1 (de) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1316171A4 (de) | 2000-08-04 | 2006-05-03 | First Data Corp | Personen- und kontobezogenes digitales unterschriftssystem |
KR20020076750A (ko) * | 2001-03-30 | 2002-10-11 | 주식회사 하렉스인포텍 | 이동통신단말기에 금융정보를 내장하여 결제하는 방법 및그 시스템 |
DE10219731A1 (de) | 2002-05-02 | 2003-11-20 | Giesecke & Devrient Gmbh | Verfahren zur Ausführung einer Datentransaktion mittels einer aus einer Haupt- und einer trennbaren Hilfskomponente bestehenden Transaktionsvorrichtung |
US20130132281A1 (en) * | 2011-11-22 | 2013-05-23 | Xerox Corporation | Computer-implemented method for capturing data using provided instructions |
CN104579677B (zh) * | 2014-11-18 | 2017-12-19 | 飞天诚信科技股份有限公司 | 一种安全快速的数据签名方法 |
CN113067701B (zh) * | 2021-03-29 | 2022-09-02 | 武汉天喻信息产业股份有限公司 | 一种更新绑定关系的方法及装置 |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US3806704A (en) * | 1971-08-02 | 1974-04-23 | T Shinal | Identification system |
US5280527A (en) * | 1992-04-14 | 1994-01-18 | Kamahira Safe Co., Inc. | Biometric token for authorizing access to a host system |
US5422953A (en) * | 1993-05-05 | 1995-06-06 | Fischer; Addison M. | Personal date/time notary device |
US5661803A (en) * | 1995-03-31 | 1997-08-26 | Pitney Bowes Inc. | Method of token verification in a key management system |
JP3570114B2 (ja) * | 1996-10-21 | 2004-09-29 | 富士ゼロックス株式会社 | データ検証方法およびデータ検証システム |
KR100372628B1 (ko) * | 1996-11-20 | 2003-02-17 | 텍섹 인코포레이티드 | 암호매체 |
-
1998
- 1998-11-10 EP EP98954915A patent/EP1129436A1/de not_active Withdrawn
- 1998-11-10 WO PCT/SG1998/000088 patent/WO2000028493A1/en not_active Application Discontinuation
- 1998-11-10 AU AU11844/99A patent/AU1184499A/en not_active Abandoned
Non-Patent Citations (1)
Title |
---|
See references of WO0028493A1 * |
Also Published As
Publication number | Publication date |
---|---|
WO2000028493A1 (en) | 2000-05-18 |
AU1184499A (en) | 2000-05-29 |
WO2000028493A8 (en) | 2001-02-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US5602918A (en) | Application level security system and method | |
US9640012B2 (en) | Transaction verification protocol for smart cards | |
US8559639B2 (en) | Method and apparatus for secure cryptographic key generation, certification and use | |
US6385723B1 (en) | Key transformation unit for an IC card | |
US7254706B2 (en) | System and method for downloading of files to a secure terminal | |
JP4559679B2 (ja) | 基本的なレジスタ演算を用いた暗号プリミティブのインプリメント | |
EP1873960A1 (de) | Verfahren zum Ableiten eines Sitzungsschlüssels auf einer IC-Karte | |
US20020144117A1 (en) | System and method for securely copying a cryptographic key | |
JPH113033A (ja) | クライアント−サーバ電子取引においてクライアントの本人確認を確立する方法、それに関連するスマートカードとサーバ、および、ユーザが検証者と共に操作を行うことが認可されるかどうかを決定する方法とシステム | |
US20070168291A1 (en) | Electronic negotiable documents | |
US8046584B2 (en) | Message authentication device | |
KR20030095341A (ko) | 전자티켓 유통시스템에서의 인증방법 및 ic 카드 | |
WO1998052163A2 (en) | Ic card transportation key set | |
JP2003534585A (ja) | コンピュータネットワークを越える安全な支払い方法およびそのシステム | |
CN101770619A (zh) | 一种用于网上支付的多因子认证方法和认证系统 | |
JP3980145B2 (ja) | チップカード用暗号鍵認証方法および証明書 | |
EP3702991A1 (de) | Mobile zahlungen unter verwendung mehrerer kryptographischer protokolle | |
EP2179533B1 (de) | Verfahren und system zur sicheren fernübertragung eines master-schlüssels für eine automatisierte bankschaltermaschine | |
JP2003501698A (ja) | 基本的なレジスタ演算を用いたパラメータの生成 | |
JP2003044436A (ja) | 認証処理方法、および情報処理装置、並びにコンピュータ・プログラム | |
CN101639957A (zh) | 一种实现圈存或圈提的方法、终端及银行业务系统 | |
JP3925975B2 (ja) | ネットワークシステムにおけるicカード処理方法 | |
KR20220086135A (ko) | 블록체인 기반의 전력 거래 운영 시스템 | |
WO2000028493A1 (en) | A method of encryption and apparatus therefor | |
WO1996024997A1 (en) | Electronic negotiable documents |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20010514 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): DE FR GB |
|
17Q | First examination report despatched |
Effective date: 20020521 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20040601 |