EP1563360A1 - Verfahren zum schutz eines tragbaren datentr gers - Google Patents
Verfahren zum schutz eines tragbaren datentr gersInfo
- Publication number
- EP1563360A1 EP1563360A1 EP03773695A EP03773695A EP1563360A1 EP 1563360 A1 EP1563360 A1 EP 1563360A1 EP 03773695 A EP03773695 A EP 03773695A EP 03773695 A EP03773695 A EP 03773695A EP 1563360 A1 EP1563360 A1 EP 1563360A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- action
- fbz
- data carrier
- carried out
- operator error
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1025—Identification of user by a PIN code
- G07F7/1083—Counting of PIN attempts
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
Definitions
- the invention relates to a method for protecting a portable data carrier according to the preamble of claim 1.
- Secret data are often stored in portable data carriers and / or secret algorithms are implemented. These can be used, for example, to identify the data carrier as genuine to a terminal, i.e. H. authenticate the disk. Furthermore, the secret data or the secret algorithms are required for authentication of the terminal by the data carrier. Finally, the secret data or algorithms can be used to check a secret number or a biometric feature in order to determine whether a user is authorized to use the data carrier, i. H. the user is authenticated. In order to prevent the secret data or algorithms used in the authentication process from being spied on, it is already known to limit the number of authentication attempts by a misuse payer. The incorrect operator payer is incremented with each authentication attempt and reset when the authentication attempt is successful. If the incorrect operator pays a threshold value, no further authentication attempts are permitted.
- DE 43 39460 CI discloses a challenge-and-response method for authentication, which is carried out in the context of charging a value memory of a portable data carrier.
- a lock is set up in the data carrier, which can only be released by changing an error counter status. Then the error counter status is changed and the lock is released.
- authentication parameters are determined both in the terminal and in the data carrier and in the data carrier ger compared with each other. If there is a match, the blocking device is deactivated, so that the value memory can be recharged and the error counter can be reset.
- the object of the invention is to further increase the security standard for portable data carriers and, in particular, to restrict the unauthorized access to cryptographic functions.
- the invention is based on a method for protecting a portable data carrier, wherein an operator error payer is provided, by means of which the number of calls to an action of the data carrier is recorded and an execution of the action is only permitted if the operator error number is below a predefinable threshold value lies.
- the invention makes use of the knowledge that actions are usually also carried out from a portable data carrier that cannot be secured directly with a misuse payer in the usual way, but that if carried out any number of times, there is still the risk of Disclosure of secret data or algorithms exists.
- This stems from the fact that, in the conventional sense, the use of an incorrectly operated payer only comes into question when the data are checked for correctness when they are carried out. Depending on the result of the check, the operator error payer incremented each time the action is called is reset or not.
- the actions secured in the conventional way with a misuse payer are generally particularly critical with regard to potential spying because it depends on them, for example, how to continue using the application or access to data.
- the operator error payer is assigned to several actions of the data carrier by incrementing the operator error counter when a first action is called and resetting the operator error counter when a second action is successfully carried out. This has the advantage that any actions on the data carrier can be secured with a wrong operator payer against continually repeated calls. It is particularly advantageous that no change in the specification is required for the use of the invention with a data carrier.
- the first action and the second action can be integrated into a sequence, so that when the data carrier is operated correctly, the second action is always carried out when the first action is carried out. This ensures that if the data carrier is operated correctly after incrementing the operator error payer, there is always the possibility of resetting the operator error counter. At least one further action can be carried out between the first action and the second action. This has the advantage that the further action can also be secured with the incorrect operator payer.
- the operator error payer is preferably incremented at the beginning of the first action. The incrementation can take place immediately before or immediately after the check.
- the method according to the invention is used to secure first actions which are designed such that secret data are processed and / or secret algorithms are used when they are carried out.
- the first action can consist, for example, of generating a random number, encrypting a character string, calculating a checksum or generating a digital signature.
- the first action is usually designed so that when it is carried out the data carrier does not check whether there is authorized use of the data carrier.
- the second action is usually designed so that when it is carried out, information transmitted to the data carrier is checked and the operator who pays the operator is reset if the check is successful.
- the invention is explained below with reference to the embodiments shown in the drawing.
- the exemplary embodiments each relate to an application situation in which commands are transmitted from a terminal to a portable data carrier.
- the disk ger which can be designed as a chip card, for example, processes the commands and, if necessary, transmits a result to the terminal.
- the execution of commands which are critical in this respect is secured by the method according to the invention by a misuse payer. This is illustrated using some typical command sequences.
- Fig. 2 is a flowchart for a further command sequence, which is also secured with the inventive method and
- Fig. 3 is a flow chart for yet another command sequence, which in turn is secured with the inventive method.
- FIG. 1 shows a flowchart which is used to explain the protection of a command which is referred to as INTERNAL AUTHENTICATE.
- the data carrier encrypts a random number or a character string, which the terminal transmits to it as plain text for this purpose, and outputs the result of the encryption to the terminal.
- a potential attacker could have this command executed on the data carrier and thereby determine the encrypted text associated with a given plain text.
- the determined encrypted text may draw conclusions about the encryption method and the key used. The chances of success of such an attack depend, among other things, on the strength of the encryption method, the key length used and the number of calls to the command. With the procedure explained below, the number of calls to the command can be limited to a few, so that the described attack is almost hopeless even with a relatively weak encryption method and a short key.
- step S1 The flow of the flow chart begins with a step S1, which is executed first when the INTERNAL AUTHENTICATE command is called and in which a query is made as to whether the operator error number FBZ is less than a predeterminable threshold value MAX. If this condition is not met, the flow of the flow chart is finished, i. H. neither the encryption provided by the INTERNAL AUTHENTICATE command nor any other flowchart commands are executed. If the query in step S1 is fulfilled, i. H. if the operator error counter FBZ is less than the threshold MAX, step S1 is followed by a step S2 in which the operator error number FBZ is incremented. Then comes one
- Step S3 in which the actual processing of the INTERNAL AUTHENTICATE command is carried out, d. H. encryption takes place in particular.
- the affiliation of steps S1, S2 and S3 to the command INTERNAL AUTHENTICATE is illustrated by a dashed frame.
- Step S3 is followed by step S4, in which a command labeled INITIALIZE is executed.
- This command performs initializations, the details of which are for the invention are not relevant.
- Step S4 is followed by step S5 with the execution of a PURCHASE command, in which a payment transaction is carried out with the data carrier within an exchange application.
- the execution of the PURCHASE command also includes a step S6 and a step S7.
- step S6 which immediately follows step S5
- a query is made as to whether the execution of the PURCHASE command in step S5 was successful. If this is the case, step S7 is carried out next, in which the operator error counter FBZ is reset.
- the execution of the flowchart ends with the execution of step S7. If the query of step S6 is not fulfilled, the flowchart is ended without resetting the operator error counter FBZ.
- FIG. 2 shows a flow diagram for a further command sequence, in which the command INTERNAL AUTHENTICATE is again secured.
- This command sequence is characterized in that the reset of the operator error operator FBZ is carried out as part of a PIN check, in which it is determined whether a secret number has been entered correctly.
- the statements relating to FIG. 1 apply correspondingly to this command sequence and the process sequence is also designed analogously.
- Steps S8, S9 and S10 follow one another in this order and are identical to steps S1, S2 and S3 in FIG. 1.
- Step S10 is followed by a step S11 in which the PIN check is carried out.
- a query is made as to whether the PIN check was successful.
- the operating error counter FBZ is then reset in a step S13 and the flow of the flow chart is ended. Otherwise, the flow of the flow chart is ended without resetting the error condition counter FBZ.
- the affiliation of steps S8, S9 and S10 to the INTERNAL AUTHENTICATE command and steps S11, S12 and S13 for PIN checking are each represented by a dashed frame.
- step S14 shows a flowchart for yet another command sequence, a GET CHALLENGE command being saved.
- a random number of data carriers is generated, for example, using a cryptographic algorithm.
- the generation procedure is to be protected against any number of calls.
- the statements relating to FIG. 1 also apply in a corresponding manner to the command sequence of FIG. 3.
- step S16 represents the actual execution of the GET CHALLENGE command, ie the generation of the random number.
- Step S16 is followed by a step S17 in which a command is executed for which it can be checked by the data carrier whether the execution was authorized. Which command it is in detail is of secondary importance.
- step S18 it is checked whether the command has been executed successfully, ie whether the required authorization was present. The authorization is generally checked on the basis of information transmitted to the data carrier. If the check is positive, step S19 follows in which the operator error counter FBZ is reset. This completes the flow chart. If the check in step S18 shows that the command was not successfully carried out, the flow of the flow chart is ended without resetting the error counter FBZ.
- commands can be secured against being called up, but also, for example, a CALCULATE MAC command, in which a checksum is calculated or a SIGN command, in which a digital signature is created, etc.
- the checking and incrementing the operator error counter FBZ preferably takes place before the actual execution of the command, in order to make possible manipulations as difficult as possible.
Abstract
Description
Claims
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE10251265 | 2002-11-04 | ||
DE2002151265 DE10251265A1 (de) | 2002-11-04 | 2002-11-04 | Verfahren zum Schutz eines tragbaren Datenträgers |
PCT/EP2003/012249 WO2004046897A1 (de) | 2002-11-04 | 2003-11-03 | Verfahren zum schutz eines tragbaren datenträgers |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1563360A1 true EP1563360A1 (de) | 2005-08-17 |
Family
ID=32103299
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP03773695A Ceased EP1563360A1 (de) | 2002-11-04 | 2003-11-03 | Verfahren zum schutz eines tragbaren datentr gers |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP1563360A1 (de) |
AU (1) | AU2003282079A1 (de) |
DE (1) | DE10251265A1 (de) |
WO (1) | WO2004046897A1 (de) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102006061338A1 (de) * | 2006-12-22 | 2008-06-26 | Giesecke & Devrient Gmbh | Authentisierung portabler Datenträger |
DE102008027456A1 (de) | 2008-06-09 | 2009-12-10 | Giesecke & Devrient Gmbh | Verfahren zum Schutz eines tragbaren Datenträgers |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0570924A3 (en) * | 1992-05-20 | 1994-08-17 | Siemens Ag | Authentication method of one system-participant by another system-participant in an information transfer system composed of a terminal and of a portable data carrier |
DE4339460C1 (de) * | 1993-11-19 | 1995-04-06 | Siemens Ag | Verfahren zur Authentifizierung eines Systemteils durch ein anderes Systemteil eines Informationsübertragungssystems nach dem Challenge-and Response-Prinzip |
DE19831884C2 (de) * | 1998-07-17 | 2001-09-20 | Ibm | System und Verfahren zum Schutz gegen analytisches Ausspähen von geheimen Informationen |
FR2786007B1 (fr) * | 1998-11-18 | 2001-10-12 | Gemplus Card Int | Procede de controle d'utilisation d'une carte a puce |
-
2002
- 2002-11-04 DE DE2002151265 patent/DE10251265A1/de not_active Ceased
-
2003
- 2003-11-03 EP EP03773695A patent/EP1563360A1/de not_active Ceased
- 2003-11-03 AU AU2003282079A patent/AU2003282079A1/en not_active Abandoned
- 2003-11-03 WO PCT/EP2003/012249 patent/WO2004046897A1/de not_active Application Discontinuation
Non-Patent Citations (1)
Title |
---|
See references of WO2004046897A1 * |
Also Published As
Publication number | Publication date |
---|---|
AU2003282079A1 (en) | 2004-06-15 |
DE10251265A1 (de) | 2004-05-13 |
WO2004046897A1 (de) | 2004-06-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2215609B1 (de) | Verfahren zum freischalten einer chipkartenfunktion mittels fernüberprüfung | |
EP1326469B1 (de) | Verfahren und Anordnung zur Überprüfung der Authentizität eines Dienstanbieters in einem Kommunikationsnetz | |
DE102012110499B4 (de) | Sicherheitszugangsverfahren für elektronische Automobil-Steuergeräte | |
EP0654919A2 (de) | Verfahren zur Authentifizierung eines Systemteils durch ein anderes Systemteil eines Informationsübertragungssystems nach dem Challenge-and-Response-Prinzip | |
EP1076887A1 (de) | Verfahren zur authentisierung einer chipkarte innerhalb eines nachrichtenübertragungs-netzwerks | |
WO2011054462A1 (de) | Verfahren zur sicheren interaktion mit einem sicherheitselement | |
EP2126858B1 (de) | Chipkarte und verfahren zur freischaltung einer chipkarten-funktion | |
DE102007041370B4 (de) | Chipkarte, elektronisches Gerät, Verfahren zur Herstellung einer Chipkarte und Verfahren zur Inbenutzungnahme einer Chipkarte | |
EP2080144B1 (de) | Verfahren zum freischalten einer chipkarte | |
WO2004046897A1 (de) | Verfahren zum schutz eines tragbaren datenträgers | |
EP1912184A2 (de) | Vorrichtung und Verfahren zur Erzeugung von Daten | |
DE19818998B4 (de) | Verfahren zum Schutz vor Angriffen auf den Authentifizierungsalgorithmus bzw. den Geheimschlüssel einer Chipkarte | |
EP1116358A1 (de) | Verfahren zur authentifikation zumindest eines teilnehmers bei einem datenaustausch | |
WO2020057938A1 (de) | Verfahren für eine sichere kommunikation in einem kommunikationsnetzwerk mit einer vielzahl von einheiten mit unterschiedlichen sicherheitsniveaus | |
DE102009014919A1 (de) | Verfahren und Vorrichtung zum Authentifizieren eines Benutzers | |
EP1054364A2 (de) | Verfahren zur Erhöhung der Sicherheit bei digitalen Unterschriften | |
WO2023072423A1 (de) | Autorisieren einer anwendung auf einem sicherheitselement | |
EP2230648A1 (de) | Einmalkennwortmaske zum Ableiten eines Einmalkennworts | |
EP2834767B1 (de) | Computersystem sowie verfahren zum sicheren booten eines computersystems | |
WO2005073826A1 (de) | System mit wenigstens einem computer und wenigstens einem tragbaren datenträger | |
EP2734984B1 (de) | Verfahren zum schutz eines chipkarten-terminals gegen unberechtigte benutzung | |
EP3697020A1 (de) | Verfahren zum betreiben von im zähler-modus betriebenen schlüsselstromgeneratoren zur sicheren datenübertragung, schlüsselstromgenerator mit zähler-modus-betrieb zur sicheren datenübertragung und computer-programm-produkt zur schlüsselstromerzeugung | |
EP3552189A1 (de) | Chipimplantat mit zweifaktorauthentifizierung | |
EP1715617A2 (de) | Verfahren zum Betreiben eines Systems mit einem tragbaren Datenträger und einem Endgerät | |
WO2002089393A2 (de) | Verfahren zum sichern einer datenübertragung zwischen mehreren datenübertragungseinheiten sowie zugehörige komponenten |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20050606 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PT RO SE SI SK TR |
|
AX | Request for extension of the european patent |
Extension state: AL LT LV MK |
|
DAX | Request for extension of the european patent (deleted) | ||
RIN1 | Information on inventor provided before grant (corrected) |
Inventor name: JOHNSON, ERIC Inventor name: WEIKMANN, FRANZ |
|
17Q | First examination report despatched |
Effective date: 20120808 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R003 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED |
|
18R | Application refused |
Effective date: 20140410 |