EP1254438A1 - Method for protecting against theft the authenticating value of multiple application smart cards, smart cards therefor and terminals designed to receive said cards - Google Patents

Method for protecting against theft the authenticating value of multiple application smart cards, smart cards therefor and terminals designed to receive said cards

Info

Publication number
EP1254438A1
EP1254438A1 EP01907630A EP01907630A EP1254438A1 EP 1254438 A1 EP1254438 A1 EP 1254438A1 EP 01907630 A EP01907630 A EP 01907630A EP 01907630 A EP01907630 A EP 01907630A EP 1254438 A1 EP1254438 A1 EP 1254438A1
Authority
EP
European Patent Office
Prior art keywords
authentication value
application
card
terminal
operating system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP01907630A
Other languages
German (de)
French (fr)
Inventor
Pierre Girard
Christophe Bidan
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Gemplus SA
Original Assignee
Gemplus Card International SA
Gemplus SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gemplus Card International SA, Gemplus SA filed Critical Gemplus Card International SA
Publication of EP1254438A1 publication Critical patent/EP1254438A1/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/355Personalisation of cards for use
    • G06Q20/3552Downloading or loading of personalisation data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/357Cards having a plurality of specified features
    • G06Q20/3576Multiple memory zones on card
    • G06Q20/35765Access rights to memory zones
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code
    • G07F7/1083Counting of PIN attempts

Definitions

  • the invention relates to a method of protection against theft of the authentication value for multi-application smart cards capable of communicating with the outside by means of a terminal. It also relates to smart cards implementing said method and to terminals capable of receiving said cards.
  • the invention applies very particularly to multi-application smart cards used with mobile telephones such as telephones defined by the GSM standard.
  • multi-application chip card is understood to mean cards containing one or more integrated circuit chips, said cards being intended to be able to execute different application programs loaded or downloaded during the life of the card.
  • the term authentication value which is also known as the authentication code, is used to authenticate the card holder.
  • the authentication value can be a known datum of the holder alone (in general, a personal identification number or PIN- Personnal Identifier Number), deduced from a biometric characteristic of the holder (for example, voice, fingerprint, heat ...) or resulting from an action that only the holder can perform (for example, signature).
  • multi-application smart cards generally have a single authentication value for all applications.
  • the OP specification defined by VISA and which currently serves as the standard for loading / downloading and internal management of applications on multi-application smart cards, defines a single global PIN for all resident and future applications of the map.
  • the depositor identified an attack enabling the authentication value of the card to be found.
  • the verification of the identity of the user of the card is generally carried out via an application responsible for displaying, on the screen of the terminal in which the smart card (s) is inserted. , a menu inviting the user to present the authentication value. Once the authentication value has been presented, the terminal returns this value to said application which verifies
  • Access to the application in charge of displaying, on the screen of the terminal in which the smart card (s) is inserted, the menu inviting the user to present the authentication value is generally controlled so that only authorized applications can initiate verification of the authentication value.
  • a malicious application having access to a terminal can simulate on this terminal the menu inviting the user to present its authentication value. The user will then confidently present its authentication value, thus allowing the malicious application to discover this value. Subsequently, the malicious application may, thanks to its ability to communicate with the outside world, provide authentication value to the developer of the malicious application. This will be all the easier in the case of a terminal such as a mobile phone for which the malicious application can dial a number in order to communicate the authentication value.
  • the object of the present invention is to remedy these problems.
  • the subject of the present invention is a method of protecting against theft the authentication value for multi-application smart card (s) comprising an operating system, mainly characterized in that it comprises, to prevent an application having a access to a terminal to simulate the menu inviting the user to present the authentication value, a mechanism forcing access to the interface for presentation of the authentication value by the operating system of the card whatever the application that initiated the process, as soon as there is a request for authentication value.
  • the mechanism comprises the reservation on the terminal of at least one function key or of a sequence of function keys able to trigger a call from the card's operating system.
  • the implementation of the mechanism includes the following sequence of actions: - pressing the function key (s) by the user of the card to authorize the presentation of the authentication value and causing a temporary locking of the applications of the card, - presentation of the authentication value,
  • the invention also relates to a multi-application smart card (s) comprising an operating system and means of communication with a terminal, mainly characterized in that it comprises means for system calls from the terminal for the presentation of the authentication value cannot be intercepted by the applications.
  • a multi-application smart card comprising an operating system and means of communication with a terminal, mainly characterized in that it comprises means for system calls from the terminal for the presentation of the authentication value cannot be intercepted by the applications.
  • the invention relates to a terminal capable of communicating with a smart card (s), mainly characterized in that it comprises at least one function key or a sequence of function keys reserved for making a system call to the card and initiating the presentation. of the authentication value.
  • a smart card mainly characterized in that it comprises at least one function key or a sequence of function keys reserved for making a system call to the card and initiating the presentation. of the authentication value.
  • FIG. 1 represents the diagram illustrating the implementation of the method according to the invention
  • FIG. 2 represents the diagram of a terminal capable of communicating with a smart card (s) according to the invention
  • FIG. 3 represents the diagram a multi-application card according to the invention. A practical embodiment of the method according to the invention will be described below with reference to FIG. 1.
  • the method comprises temporarily locking the application selected by the user or an application called by the application selected by this user; a call from the operating system of the smart card (s) for the implementation by the operating system of the procedure for verifying the authentication value.
  • the locking is obtained by the association of a function key or a sequence of keys provided on the terminal in order to be able to initiate the presentation of the authentication value and a system call triggered by pressing this function key or the function key sequence.
  • the operating system of the card unlocks the running application which can then resume its execution at the place where it was suspended; otherwise, the operating system displays an error message and performs the appropriate security actions (for example, permanently locking the application and displaying an alert message).
  • FIG. 2 illustrates a terminal T able to communicate with a smart card (s).
  • This terminal has, in known manner, a central processing unit UC with a program memory MPT.
  • This memory includes an IT interface for communication with smart cards (s) per se. Only a modification is provided to allow the terminal to wait for pressing the P IN key (or the sequence of function keys) after the display of the message requesting the authentication value and send a call to the card's operating system.
  • a multi-application smart card (s) C has been shown diagrammatically in FIG. 3 in order to illustrate the various elements involved in the implementation of the method according to the invention.
  • a single integrated circuit chip P is present in the card, it is a chip containing one or more microprocessor (s) and its associated memories in particular a program memory MPC.
  • This memory contains the operating system and the interface for presenting and verifying the authentication value.
  • another MPA program memory is intended to memorize the different application programs A1, A2, ... An.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Finance (AREA)
  • Telephone Function (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention concerns a method for protecting against theft the authenticating value for multiple application smart cards. In order to prevent an application having access to a terminal from simulating the menu asking the user to present the authenticating value, the method provides a mechanism forcing access to the interface for presentation and verification of the authenticating value by the secure operating system whatever the application which has initiated the procedure, whenever there is a request for authenticating value. The invention is applicable to terminals (T) designed to communicate with smart cards (C) including therefor at least a function key (PIN) or a sequence of function keys reserved for a system call to the card and to initiate presentation of the authenticating value.

Description

PROCEDE DE PROTECTION CONTRE LE VOL DE LA VALEUR D'AUTHENTIFICATION POUR CARTES A PUCE (S) MULTI- APPLICATIONS, CARTES A PUCE (S) METTANT EN ŒUVRE LE PROCEDE ET TERMINAUX SUSCEPTIBLES DE RECEVOIR LESDITES PROTECTION AGAINST THEFT OF THE AUTHENTICATION VALUE FOR MULTI-APPLICATION CHIP CARD (S), CHIP CARD (S) IMPLEMENTING THE METHOD AND TERMINALS CAPABLE OF RECEIVING THE SAME
CARTESCARDS
L'invention concerne un procédé de protection contre le vol de la valeur d' authentification pour les cartes à puce (s) multi applications aptes à communiquer avec l'extérieur au moyen d'un terminal. Elle concerne également les cartes à puce (s) mettant en œuvre ledit procédé et les terminaux susceptibles de recevoir lesdites cartes. L'invention s'applique tout particulièrement aux cartes à puces multi applications utilisées avec les téléphones mobiles tels que les téléphones définis par le standard GSM.The invention relates to a method of protection against theft of the authentication value for multi-application smart cards capable of communicating with the outside by means of a terminal. It also relates to smart cards implementing said method and to terminals capable of receiving said cards. The invention applies very particularly to multi-application smart cards used with mobile telephones such as telephones defined by the GSM standard.
On entend par cartes à puce (s) multi-applications des cartes contenant une ou plusieurs puces de circuit intégré lesdites cartes étant destinées à pouvoir exécuter différents programmes d'application chargés ou téléchargés au cours de la vie de la carte.The term “multi-application chip card (s)” is understood to mean cards containing one or more integrated circuit chips, said cards being intended to be able to execute different application programs loaded or downloaded during the life of the card.
Parmi les solutions de cartes multi-applications existantes à ce ]our, nous pouvons signaler « JavaCard » défini par Sun ou « SmartCard for Windows » défini par Microsoft . Pour simplifier, on parlera dans la suite d'applications pour désigner les programmes d'applications (ou Applet en terminologie anglo saxonne) .Among the multi-application card solutions available to date, we can mention "JavaCard" defined by Sun or "SmartCard for Windows" defined by Microsoft. To simplify, we will talk in the following applications to designate application programs (or Applet in English terminology).
On entend par valeur d' authentification, que l'on dénomme également code d' authentification, une valeur permettant d'authentifier le titulaire de la carte. La valeur d' authentification peut être une donnée connue du titulaire seul (en général, un numéro d'identification personnel ou PIN- Personnal Identifier Number) , déduite d'une caractéristique biométrique du titulaire ( par exemple, voix, empreinte digitale, chaleur...) ou résultant d'une action que seul le titulaire peut effectuer (par exemple, signature) .The term authentication value, which is also known as the authentication code, is used to authenticate the card holder. The authentication value can be a known datum of the holder alone (in general, a personal identification number or PIN- Personnal Identifier Number), deduced from a biometric characteristic of the holder (for example, voice, fingerprint, heat ...) or resulting from an action that only the holder can perform (for example, signature).
Pour des raisons de compatibilité avec les cartes à puce (s) ne supportant qu'une unique application, et de simplicité pour l'utilisateur de la carte, les cartes à puce multi-applications ont généralement une seule valeur d' authentification pour toutes les applications. Ainsi, la spécification OP définie par VISA, et qui tient lieu actuellement de standard pour le chargement/téléchargement et la gestion interne d'applications sur les cartes à puce multi- applications, définit un unique PIN global pour toutes les applications résidentes et futures de la carte.For reasons of compatibility with smart cards supporting only one application, and for simplicity for the card user, multi-application smart cards generally have a single authentication value for all applications. Thus, the OP specification defined by VISA, and which currently serves as the standard for loading / downloading and internal management of applications on multi-application smart cards, defines a single global PIN for all resident and future applications of the map.
Le problème soulevé par le déposant dans le cas d'une carte multi-applications , vient de ce que la carte est prévue pour pouvoir charger ou télécharger de nouvelles applications pendant toute sa vie. A priori ceci est un avantage, mais en pratique cette caractéristique rend la carte vulnérable, car des applications malveillantes pourront être chargées avec d'autres applications de manière transparente vis à vis du titulaire. C'est donc une porte ouverte à de telles applications qui bien sûr en pratique vont chercher à découvrir la valeur d' authentification de la carte.The problem raised by the depositor in the case of a multi-application card comes from the fact that the card is designed to be able to load or download new applications throughout its life. A priori this is an advantage, but in practice this characteristic makes the card vulnerable, since malicious applications can be loaded with other applications in a transparent manner vis-à-vis the holder. It is therefore an open door to such applications which of course in practice will seek to discover the authentication value of the card.
Suite à cette observation, le déposant a identifié une attaque permettant de trouver la valeur d' authentification de la carte.Following this observation, the depositor identified an attack enabling the authentication value of the card to be found.
Cette attaque suppose l'existence d'une application malveillante possédant un accès vers l'extérieur. Une application possède un accès vers un terminal dès lors qu'il existe un terminal permettant; à l'application de directement dialoguer avec l'utilisateur via ce terminal. On peut citer par exemple dans le cadre du GSM les applications pouvant modifier les menus affichés sur le téléphone mobile.This attack assumes the existence of a malicious application with access to the outside. An application has access to a terminal as soon as there is a terminal allowing; the application to directly communicate with the user via this terminal. We can cite for example in the context of GSM applications that can modify the menus displayed on the mobile phone.
Voici alors la procédure suivie lors de cette attaque au moyen d'une application qui peut dialoguer avec l'extérieur. En fait, l'application utilise sa capacité à dialoguer avec l'extérieur pour simuler sur le terminal l'interface qui permet de demander à l'utilisateur d'entrer la valeur d' authentification.Here is the procedure followed during this attack using an application that can communicate with the outside. In fact, the application uses its ability to interact with the outside world to simulate on the terminal the interface which allows the user to be asked to enter the authentication value.
En effet, la vérification de l'identité de l'utilisateur de la carte est généralement réalisée par l'intermédiaire d'une application en charge d'afficher, sur l'écran du terminal dans lequel est insérée la carte à puce(s), un menu invitant l'utilisateur de présenter la valeur d' authentification. Une fois la valeur d' authentification présentée, le terminal retourne cette valeur à ladite application qui vérifieIndeed, the verification of the identity of the user of the card is generally carried out via an application responsible for displaying, on the screen of the terminal in which the smart card (s) is inserted. , a menu inviting the user to present the authentication value. Once the authentication value has been presented, the terminal returns this value to said application which verifies
(éventuellement par l'intermédiaire d'une application en charge de la vérification de la valeur d' authentification) que la valeur présentée par l'utilisateur est identique à la valeur d' authentification de la carte. Si tel est le cas, l'application répond par l'affirmation ; par la négation dans le cas contraire.(possibly via an application in charge of verifying the authentication value) that the value presented by the user is identical to the authentication value of the card. If this is the case, the application responds with the affirmation; by negation otherwise.
L'accès à l'application en charge de l'affichage, sur l'écran du terminal dans lequel est insérée la carte à puce (s), du menu invitant l'utilisateur à présenter la valeur d' authentification est généralement contrôlée afin que seules les applications autorisées puissent initier la vérification de la valeur d' authentification.Access to the application in charge of displaying, on the screen of the terminal in which the smart card (s) is inserted, the menu inviting the user to present the authentication value is generally controlled so that only authorized applications can initiate verification of the authentication value.
Néanmoins, une application malveillante possédant un accès vers un terminal peut simuler sur ce terminal le menu invitant l'utilisateur à présenter sa valeur d' authentification. L'utilisateur va alors en toute confiance présenter sa valeur d' authentification, permettant ainsi à l'application malveillante de découvrir cette valeur. Par la suite, l'application malveillante pourra, grâce à sa capacité de dialoguer vers l'extérieur, fournir la valeur d' authentification au développeur de l'application malveillante. Ceci sera d'autant plus facile dans le cas d'un terminal tel qu'un téléphone mobile pour lequel l'application malveillante pourra composer un numéro afin de communiquer la valeur d' authentification.However, a malicious application having access to a terminal can simulate on this terminal the menu inviting the user to present its authentication value. The user will then confidently present its authentication value, thus allowing the malicious application to discover this value. Subsequently, the malicious application may, thanks to its ability to communicate with the outside world, provide authentication value to the developer of the malicious application. This will be all the easier in the case of a terminal such as a mobile phone for which the malicious application can dial a number in order to communicate the authentication value.
La présente invention a pour but de remédier à ces problèmes .The object of the present invention is to remedy these problems.
La présente invention a pour objet un procédé de protection contre le vol de la valeur d' authentification pour carte à puce (s) multi applications comprenant un système d'exploitation, principalement caractérisé en ce qu' il comprend, pour empêcher une application possédant un accès vers un terminal de simuler le menu invitant l'utilisateur à présenter la valeur d' authentification, un mécanisme forçant l'accès à l'interface de présentation de la valeur d' authentification par le système d'exploitation de la carte quelle que soit l'application ayant initié le processus, dès lors qu'il y a une demande de valeur d' authentification.The subject of the present invention is a method of protecting against theft the authentication value for multi-application smart card (s) comprising an operating system, mainly characterized in that it comprises, to prevent an application having a access to a terminal to simulate the menu inviting the user to present the authentication value, a mechanism forcing access to the interface for presentation of the authentication value by the operating system of the card whatever the application that initiated the process, as soon as there is a request for authentication value.
Selon une autre caractéristique, le mécanisme comporte la réservation sur le terminal d'au moins une touche fonction ou d'une séquence de touches fonction apte à provoquer un appel du système d'exploitation de la carte.According to another characteristic, the mechanism comprises the reservation on the terminal of at least one function key or of a sequence of function keys able to trigger a call from the card's operating system.
La mise en œuvre du mécanisme comprend la séquence d'actions suivantes : - l'appui sur la ou les touches fonction par l'utilisateur de la carte pour autoriser la présentation de la valeur d' authentification et provoquer un verrouillage provisoire des applications de la carte, - la présentation de la valeur d' authentification,The implementation of the mechanism includes the following sequence of actions: - pressing the function key (s) by the user of the card to authorize the presentation of the authentication value and causing a temporary locking of the applications of the card, - presentation of the authentication value,
- la mise en œuvre de la procédure de vérification de la valeur d' authentification par le système d'exploitation après les deux premières actions.- the implementation of the procedure for verifying the authentication value by the operating system after the first two actions.
L'invention concerne également une carte à puce (s) multi applications comprenant un système d'exploitation et des moyens de communication avec un terminal, principalement caractérisé en ce qu'elle comprend des moyens pour que les appels système en provenance du terminal pour la présentation de la valeur d' authentification ne puissent être intercepter par les applications .The invention also relates to a multi-application smart card (s) comprising an operating system and means of communication with a terminal, mainly characterized in that it comprises means for system calls from the terminal for the presentation of the authentication value cannot be intercepted by the applications.
L'invention concerne un terminal susceptible de communiquer avec une carte à puce (s), principalement caractérisé en ce qu'il comprend au moins une touche fonction ou une séquence de touches fonction réservée pour effectuer un appel système à la carte et initier la présentation de la valeur d' authentification.The invention relates to a terminal capable of communicating with a smart card (s), mainly characterized in that it comprises at least one function key or a sequence of function keys reserved for making a system call to the card and initiating the presentation. of the authentication value.
Le terminal pourra être un téléphone mobile par exemple du type GSM. D'autres particularités et avantages de l'invention apparaîtront clairement à la lecture de la description qui est faite ci après et en regard des dessins sur lesquels : la figure 1 représente le schéma illustrant la mise en œuvre du procédé selon l'invention, la figure 2 représente le schéma d'un terminal susceptible de communiquer avec une carte à puce (s) selon l'invention, la figure 3 représente le schéma d'une carte multi application selon l'invention. Une réalisation pratique du procédé selon l'invention va être décrite dans la suite en regard de la figure 1.The terminal could be a mobile phone, for example of the GSM type. Other features and advantages of the invention will appear clearly on reading the description which is given below and with reference to the drawings in which: FIG. 1 represents the diagram illustrating the implementation of the method according to the invention, FIG. 2 represents the diagram of a terminal capable of communicating with a smart card (s) according to the invention, FIG. 3 represents the diagram a multi-application card according to the invention. A practical embodiment of the method according to the invention will be described below with reference to FIG. 1.
Le procédé comprend un verrouillage provisoire de l'application sélectionnée par l'utilisateur ou d'une application appelée par l'application sélectionnée par cet utilisateur ; un appel du système d'exploitation de la carte à puce (s) pour la mise en œuvre par le système d'exploitation de la procédure de vérification de la valeur d' authentification.The method comprises temporarily locking the application selected by the user or an application called by the application selected by this user; a call from the operating system of the smart card (s) for the implementation by the operating system of the procedure for verifying the authentication value.
Selon la réalisation proposée, le verrouillage est obtenu par l'association d'une touche fonction ou d'une séquence de touches prévue sur le terminal pour pouvoir initier la présentation de la valeur d' authentification et un appel système déclenché par 1 ' appui de cette touche fonction ou de la séquence de touches fonction.According to the proposed embodiment, the locking is obtained by the association of a function key or a sequence of keys provided on the terminal in order to be able to initiate the presentation of the authentication value and a system call triggered by pressing this function key or the function key sequence.
Dès lors que l'utilisateur voie apparaître un message de demande de la valeur d' authentification sur l'écran du terminal, il ne peut poursuivre la procédure de présentation de la valeur d' authentification qu'après avoir appuyé sur ladite touche, garantissant de cette manière que la procédure de vérification de la valeur d' authentification est effectuée par le système d'exploitation ou sous son contrôle.As soon as the user sees a message requesting the authentication value on the terminal screen, he can only continue with the procedure for presenting the authentication value after having pressed the said key, guaranteeing that this way the procedure for verifying the authentication value is performed by the operating system or under its control.
En effet, lorsqu'une application s'exécute au sein de la carte et que le menu de présentation de la valeur d' authentification apparaît sur l'écran du terminal, l'utilisateur doit appuyer sur la touche fonction prévue portant la référence PIN sur les schémas (ou sur la séquence de touches fonction) pour présenter sa valeur d' authentification. Cette action permet de verrouiller provisoirement l'application en cours d'exécution (c'est à dire que l'application est suspendue) et de lancer un appel vers le système d'exploitation de la carte. C'est alors sous le contrôle du système d'exploitation qu'est effectuée la procédure de présentation et de vérification de la valeur d' authentification. Cette vérification consiste à comparer la valeur d' authentification présentée par l'utilisateur avec la valeur d' authentification mémorisée dans la carte. Lorsque la valeur d' authentification présentée par l'utilisateur est correcte, le système d'exploitation de la carte déverrouille l'application en cours d'exécution qui peut alors reprendre son exécution à l'endroit où elle a été suspendue ; dans le cas contraire, le système d'exploitation affiche un message d'erreur et exécute les actions de sécurité adéquates ( par exemple verrouiller définitivement l'application et afficher un message d'alerte) .Indeed, when an application is executed within the card and the menu for presenting the authentication value appears on the terminal screen, the user must press the provided function key bearing the reference P IN on the diagrams (or on the function key sequence) to present their authentication value. This action temporarily locks the running application (i.e. the application is suspended) and initiates a call to the card's operating system. It is then under the control of the operating system that the procedure for presenting and verifying the authentication value is carried out. This verification consists in comparing the authentication value presented by the user with the authentication value stored in the card. When the authentication value presented by the user is correct, the operating system of the card unlocks the running application which can then resume its execution at the place where it was suspended; otherwise, the operating system displays an error message and performs the appropriate security actions (for example, permanently locking the application and displaying an alert message).
La figure 2 illustre un terminal T apte à communiquer avec une carte à puce (s) . Ce terminal possède de manière connue une unité centrale de traitement UC avec une mémoire de programme MPT. Cette mémoire comporte une interface IT de communication avec les cartes à puce (s) classique en soi. Seule une modification est prévue pour permettre au terminal de se mettre en attente de l'appui sur la touche PIN ( ou la séquence de touches fonction) après l'affichage du message de demande de la valeur d' authentification et d'envoyer un appel au système d'exploitation de la carte .FIG. 2 illustrates a terminal T able to communicate with a smart card (s). This terminal has, in known manner, a central processing unit UC with a program memory MPT. This memory includes an IT interface for communication with smart cards (s) per se. Only a modification is provided to allow the terminal to wait for pressing the P IN key (or the sequence of function keys) after the display of the message requesting the authentication value and send a call to the card's operating system.
Une carte à puce (s) C multi applications a été schématisée sur la figure 3 afin d'illustrer les différents éléments entrant dans la mise en œuvre du procédé conforme à l'invention. Prenons le cas pour simplifier où une seule puce P de circuit intégré est présente dans la carte, il s'agit d'une puce contenant un ou plusieurs microprocesseur (s) et ses mémoires associées en particulier une mémoire de programmes MPC. Cette mémoire contient le système d'exploitation et l'interface de présentation et de vérification de la valeur d' authentification. En général une autre mémoire de programmes MPA est destinée à mémoriser les différents programmes d'applications Al, A2 , ... An. A multi-application smart card (s) C has been shown diagrammatically in FIG. 3 in order to illustrate the various elements involved in the implementation of the method according to the invention. Let us take the case to simplify where a single integrated circuit chip P is present in the card, it is a chip containing one or more microprocessor (s) and its associated memories in particular a program memory MPC. This memory contains the operating system and the interface for presenting and verifying the authentication value. In general, another MPA program memory is intended to memorize the different application programs A1, A2, ... An.

Claims

REVENDICATIONS
1. Procédé de protection contre le vol de la valeur d' authentification pour carte à puce (s) multi applications comportant un système d'exploitation et une interface de présentation et de vérification de la valeur d' authentification de l'utilisateur de ladite carte, caractérisé en ce qu'il comprend, pour empêcher une application possédant un accès vers un terminal de simuler le menu invitant l'utilisateur à présenter la valeur d' authentification, un mécanisme forçant l'accès à l'interface de présentation et de vérification de la valeur d' authentification par le système d'exploitation de la carte quelle que soit l'application ayant initié le processus, dès lors qu'il y a une demande de valeur d' authentification.1. Method for protecting against theft the authentication value for multi-application smart card (s) comprising an operating system and an interface for presenting and verifying the authentication value of the user of said card , characterized in that it comprises, to prevent an application having access to a terminal from simulating the menu inviting the user to present the authentication value, a mechanism forcing access to the presentation and verification interface the authentication value by the operating system of the card regardless of the application that initiated the process, as soon as there is a request for authentication value.
2. Procédé de protection contre le vol de la valeur d' authentification selon la revendication 1, caractérisé en ce que le mécanisme comporte la réservation sur le terminal d'au moins une touche fonction ou d'une séquence de plusieurs touches fonction apte à provoquer un appel du système d'exploitation de la carte.2. Method of protection against theft of the authentication value according to claim 1, characterized in that the mechanism comprises the reservation on the terminal of at least one function key or a sequence of several function keys capable of causing a call from the card's operating system.
3. Procédé de protection contre le vol de la valeur d' authentification selon la revendication 1 ou 2, caractérisé en ce que la mise en œuvre du mécanisme comprend la séquence d'actions suivantes : - l'appui sur la ou les touches fonction par l'utilisateur de la carte pour autoriser la présentation de la valeur d' authentification et provoquer un verrouillage provisoire de l'application, - la présentation de la valeur d' authentification, - la mise en œuvre de la procédure de vérification de la valeur d' authentification par le système d'exploitation après les deux premières actions.3. Method of protection against theft of the authentication value according to claim 1 or 2, characterized in that the implementation of the mechanism comprises the following sequence of actions: - pressing the function key (s) by the user of the card to authorize the presentation of the authentication value and cause a temporary locking of the application, - the presentation of the authentication value, - the implementation of the procedure for verifying the authentication value by the operating system after the first two actions.
4. Carte à puce (s) multi applications comprenant un système d'exploitation et des moyens de communication avec un terminal, caractérisé en ce qu'elle comprend des moyens (MPC) pour que les appels système en provenance du terminal (T) pour la présentation de la valeur d' authentification ne puissent être interceptés par les applications de la carte.4. Multi-application smart card (s) comprising an operating system and means of communication with a terminal, characterized in that it comprises means (MPC) for system calls from the terminal (T) to the presentation of the authentication value can not be intercepted by the applications of the card.
5. Terminal susceptible de communiquer avec une carte à puce (s) , caractérisé en ce qu'il comprend au moins une touche fonction (PIN) OU une séquence de touches fonction réservée pour effectuer un appel système à la carte et initier la présentation de la valeur d' authentification.5. Terminal capable of communicating with a smart card (s), characterized in that it comprises at least one function key (P IN ) OR a sequence of function keys reserved for making a system call à la carte and initiating the presentation of the authentication value.
6. Terminal selon la revendication 5, caractérisé en ce qu'il est constitué par un téléphone mobile. 6. Terminal according to claim 5, characterized in that it is constituted by a mobile telephone.
EP01907630A 2000-01-24 2001-01-18 Method for protecting against theft the authenticating value of multiple application smart cards, smart cards therefor and terminals designed to receive said cards Withdrawn EP1254438A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
FR0000829 2000-01-24
FR0000829A FR2804234B1 (en) 2000-01-24 2000-01-24 METHOD FOR PROTECTION AGAINST THEFT OF THE AUTHENTICATION VALUE FOR MULTI-APPLICATION CHIP CARDS, CHIP CARDS IMPLEMENTING THE METHOD AND TERMINALS CAPABLE OF RECEIVING SAID CARDS
PCT/FR2001/000165 WO2001055980A1 (en) 2000-01-24 2001-01-18 Method for protecting against theft the authenticating value of multiple application smart cards, smart cards therefor and terminals designed to receive said cards

Publications (1)

Publication Number Publication Date
EP1254438A1 true EP1254438A1 (en) 2002-11-06

Family

ID=8846206

Family Applications (1)

Application Number Title Priority Date Filing Date
EP01907630A Withdrawn EP1254438A1 (en) 2000-01-24 2001-01-18 Method for protecting against theft the authenticating value of multiple application smart cards, smart cards therefor and terminals designed to receive said cards

Country Status (6)

Country Link
US (1) US20030079127A1 (en)
EP (1) EP1254438A1 (en)
CN (1) CN1416559A (en)
AU (1) AU2001235546A1 (en)
FR (1) FR2804234B1 (en)
WO (1) WO2001055980A1 (en)

Families Citing this family (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2790844B1 (en) * 1999-03-09 2001-05-25 Gemplus Card Int METHOD AND DEVICE FOR MONITORING THE PROGRESS OF A PROGRAM, PROGRAM DEVICE FOR MONITORING ITS PROGRAM
US7322043B2 (en) * 2002-06-20 2008-01-22 Hewlett-Packard Development Company, L.P. Allowing an electronic device accessing a service to be authenticated
US8010405B1 (en) 2002-07-26 2011-08-30 Visa Usa Inc. Multi-application smart card device software solution for smart cardholder reward selection and redemption
US20040122774A1 (en) * 2002-08-02 2004-06-24 Martin Studd Method and system for executing applications on a mobile device
US8626577B2 (en) 2002-09-13 2014-01-07 Visa U.S.A Network centric loyalty system
US9852437B2 (en) 2002-09-13 2017-12-26 Visa U.S.A. Inc. Opt-in/opt-out in loyalty system
US7121456B2 (en) 2002-09-13 2006-10-17 Visa U.S.A. Inc. Method and system for managing token image replacement
US8015060B2 (en) 2002-09-13 2011-09-06 Visa Usa, Inc. Method and system for managing limited use coupon and coupon prioritization
US7827077B2 (en) 2003-05-02 2010-11-02 Visa U.S.A. Inc. Method and apparatus for management of electronic receipts on portable devices
US8554610B1 (en) 2003-08-29 2013-10-08 Visa U.S.A. Inc. Method and system for providing reward status
US7104446B2 (en) 2003-09-03 2006-09-12 Visa U.S.A., Inc. Method, system and portable consumer device using wildcard values
US7051923B2 (en) 2003-09-12 2006-05-30 Visa U.S.A., Inc. Method and system for providing interactive cardholder rewards image replacement
US8407083B2 (en) 2003-09-30 2013-03-26 Visa U.S.A., Inc. Method and system for managing reward reversal after posting
US8005763B2 (en) 2003-09-30 2011-08-23 Visa U.S.A. Inc. Method and system for providing a distributed adaptive rules based dynamic pricing system
US7653602B2 (en) 2003-11-06 2010-01-26 Visa U.S.A. Inc. Centralized electronic commerce card transactions
FR2864292B1 (en) * 2003-12-17 2006-03-31 Gemplus Card Int FULLY SIMULTANEOUS FUNCTIONING OF A DUAL INTERFACE OBJECT
CN100413359C (en) * 2005-01-28 2008-08-20 北京握奇数据系统有限公司 Mobile terminal and starting method thereof
US20070192840A1 (en) * 2006-02-10 2007-08-16 Lauri Pesonen Mobile communication terminal
US8095977B2 (en) * 2007-01-19 2012-01-10 Microsoft Corporation Secure PIN transmission
FR2917868B1 (en) * 2007-06-22 2009-09-25 Eads Defence And Security Syst SECURITY SYSTEM AND METHOD USING SECURITY DEVICE
US20110145082A1 (en) 2009-12-16 2011-06-16 Ayman Hammad Merchant alerts incorporating receipt data
US8429048B2 (en) 2009-12-28 2013-04-23 Visa International Service Association System and method for processing payment transaction receipts
US10020847B2 (en) * 2011-11-15 2018-07-10 Famoco NFC device and connection system of NFC devices
US10147090B2 (en) 2012-10-01 2018-12-04 Nxp B.V. Validating a transaction with a secure input without requiring pin code entry
US9495524B2 (en) 2012-10-01 2016-11-15 Nxp B.V. Secure user authentication using a master secure element
EP2942733A1 (en) * 2014-05-09 2015-11-11 Nxp B.V. Architecture for platform security using a dedicated security device for user interaction

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4918653A (en) * 1988-01-28 1990-04-17 International Business Machines Corporation Trusted path mechanism for an operating system
DE69827405T2 (en) * 1997-03-24 2005-05-19 Visa International Service Association, Foster City SYSTEM AND METHOD FOR A MULTIPURPOSE CHIP CARD THAT ENABLES SUBSEQUENT STORAGE OF AN APPLICATION TO THIS CARD
US6824064B2 (en) * 2000-12-06 2004-11-30 Mobile-Mind, Inc. Concurrent communication with multiple applications on a smart card

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO0155980A1 *

Also Published As

Publication number Publication date
CN1416559A (en) 2003-05-07
FR2804234B1 (en) 2003-05-09
AU2001235546A1 (en) 2001-08-07
US20030079127A1 (en) 2003-04-24
FR2804234A1 (en) 2001-07-27
WO2001055980A1 (en) 2001-08-02

Similar Documents

Publication Publication Date Title
EP1254438A1 (en) Method for protecting against theft the authenticating value of multiple application smart cards, smart cards therefor and terminals designed to receive said cards
EP3243177B1 (en) Method for processing an authorisation to implement a service, devices and corresponding computer program
US20060242691A1 (en) Method for carrying out a secure electronic transaction using a portable data support
CA2757390A1 (en) Nfc transaction server
FR2743910A1 (en) METHOD FOR IMPLEMENTING A SECURE PROGRAM IN A MICROPROCESSOR CARD AND MICROPROCESSOR CARD COMPRISING A SECURE PROGRAM
FR2989799A1 (en) METHOD FOR TRANSFERRING A DEVICE TO ANOTHER RIGHTS OF ACCESS TO A SERVICE
FR2987199A1 (en) SECURING A DATA TRANSMISSION.
EP1250686B1 (en) Method for protecting against theft of a pin number in (a) multi-application smart card(s) and chip card(s) implementing said method
EP1460593A1 (en) Secure payment terminal
WO2017093182A1 (en) Payment method and device using said method
FR2945141A1 (en) Contactless payment application e.g. local payment application, management method for mobile telephone, involves finalizing payment session if verification indicator is informed, and resetting indicator when session is completed
WO2020254026A1 (en) Method and device for authenticating a user using the conductivity of the human body
EP1142193A1 (en) Method for secure data loading between two security modules
EP0957461B1 (en) IC-Card personalization process
FR2923041A1 (en) METHOD OF OPENING SECURED TO THIRDS OF A MICROCIRCUIT CARD.
WO2009138641A1 (en) Method of use of a host terminal by an external device connected to the terminal
EP0974131B1 (en) Dynamic data interpretation method for a chip card
FR2834366A1 (en) SELF-LOCKING CHIP CARD, DEVICE FOR SECURING SUCH A CARD AND RELATED METHODS
FR2913551A1 (en) User authenticating method for use in Internet network, involves authenticating authentication server by token and vice versa for each of web pages requested by user, by executing control script e.g. java script, in computer
FR3080693A1 (en) MUTUAL AUTHENTICATION OF A DEVICE OR SYSTEM CONTAINING SENSITIVE OR CONFIDENTIAL DATA COMMANDABLE BY A USER
WO2013098238A1 (en) Method and system for securing a payment carried out with the aid of a payment card
FR2994499A1 (en) AUTHENTICITY VERIFICATION METHOD, SERVER, CORRESPONDING COMPUTER SYSTEM AND PROGRAM
FR3129757A1 (en) Process for establishing a transaction between a communicating object and a transaction control module associated with a device for providing goods or services
FR2819909A1 (en) METHOD FOR CREATING PRIVATE SECURE DATA FILES AND CHIP CARD HAVING SECURE PRIVATE FILE
FR3082030A1 (en) CUSTOMIZABLE CHIP CARD AND PERSONALIZATION METHOD

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20020826

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR

AX Request for extension of the european patent

Free format text: AL;LT;LV;MK;RO;SI

RIN1 Information on inventor provided before grant (corrected)

Inventor name: BIDAN, CHRISTOPHE

Inventor name: GIRARD, PIERRE

17Q First examination report despatched

Effective date: 20040204

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20040615