GB2368948A - Smart card authentication - Google Patents

Smart card authentication Download PDF

Info

Publication number
GB2368948A
GB2368948A GB0014843A GB0014843A GB2368948A GB 2368948 A GB2368948 A GB 2368948A GB 0014843 A GB0014843 A GB 0014843A GB 0014843 A GB0014843 A GB 0014843A GB 2368948 A GB2368948 A GB 2368948A
Authority
GB
United Kingdom
Prior art keywords
smart card
algorithm
interrogator
signal
result
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0014843A
Other versions
GB0014843D0 (en
Inventor
Simon Meldrum
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Canon Inc
Original Assignee
Canon Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Canon Inc filed Critical Canon Inc
Priority to GB0014843A priority Critical patent/GB2368948A/en
Publication of GB0014843D0 publication Critical patent/GB0014843D0/en
Publication of GB2368948A publication Critical patent/GB2368948A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/357Cards having a plurality of specified features
    • G06Q20/3576Multiple memory zones on card
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor

Abstract

An interrogator sends an algorithm identifier and an associated to a smart card, the smart card storing a plurality of algorithms and associated algorithm identifiers. Verification is obtained by comparing the results of processing of interrogation data 575 by both the interrogator 581 and the smart card 583 using the algorithm associated with the algorithm identifier sent by the interrogator.

Description

Smart Card
The present invention relates to a system in which a Smart Card is used for authentication purposes.
A Smart Card is a card which incorporates a processor and some form of memory for storing data. Typically, but not exclusively, Smart Cards are the size of a credit card.
In known techniques which use a Smart Card for authentication purposes, data is stored in the memory of the Smart Card and is then subsequently read and tested by a device into which the Smart Card is inserted to verify the authenticity of the data and hence the Smart Card on which the data is stored.
For example, US 5,721, 781 (Deo et al) describes an authentication system and method for Smart Card transactions, in which a single Smart Card can be used for many different applications, such as, to store financial data for banking purposes, maintain medical information for use by health care providers, track frequent flyer mileage for the cardholder or airline, permit selective entrance into secure facilities, manage electronic benefits or organise account information for
routinely paid services such as cable TV.
In the system described in the US 5, 721, 781, a Smart Card stores a digital certificate to verify the authenticity of the Smart Card, and a digital certificate for each respective application stored on the Smart Card to verify the authenticity of the application. Each digital certificate contains identification information and is encrypted using the private key of a trusted certifying authority. The RSA encryption algorithm is used, which is a schematic algorithm having the property that a message encrypted with a first key can only be decrypted using a second key different from the first key, and a message encrypted with the second key can only be decrypted using the first key. One of the first and second keys is published, which is known as the public key, while the other is kept secret by the certifying authority, which is known as the private key. The public key of the trusted certifying authority is stored in each device which is to be used for authenticating the Smart Card.
To carry out authentication in the system described in US 5,721, 781, the Smart Card is inserted in an authentication device and the digital certificate to authenticate the Smart Card itself is sent from the Smart Card to the authentication device. The authentication device then decrypts the digital certificate using the public key from the certifying authority. If the
certificate deciphers into intelligible information, then it is determined that the Smart Card is legitimate (because it is practically impossible for the Smart Card to construct a fraudulent certificate because it does not know the private key of the certifying authority). Each application on the Smart Card is also verified in a similar way by sending the digital certificate for the application to the authentication device for decryption.
The system in US 5,721, 781 contains two further levels of authentication. In one of these levels, the authentication device is authenticated to the Smart Card in the same way that the Smart Card is authenticated to the authentication device. That is, digital certificates are stored in the authentication device and transferred to the Smart Card, where they are decrypted. In another level, a personal identification number is input by a user of the Smart Card and tested on the Smart Card to verify the identity of the user.
The system described in US 5,721, 781 suffers from a number of problems.
For example, the RSA encryption algorithm requires a high level of computing power to carry out encryption and decryption.
The system described in US 5, 721, 781 is secure unless the private encryption key of the trusted certifying authority becomes known. If this happens, then unscrupulous people can make their own certificates and therefore there is a possibility of fraud. Further, the security of the RSA algorithm used in the system described in US 5,721, 781 relies on the difficulty of factoring products of high numbers. If, however, an improved technique for factoring high numbers was developed then the security of the RSA algorithm could be compromised.
Another problem associated with the system described in US 5,721, 781 is that each time a new application is added to the applications stored in the Smart Card, a new certificate has to be obtained from the trusted certifying authority.
An object of the present invention is to provide a Smart Card authentication system which addresses one or more of the above-described problems.
According to the present invention there is provided a system or method for verifying authority to utilise an application in which an interrogator sends an algorithm identifier associated with an algorithm stored in the interrogator to a smart card, the smart card storing a
plurality of algorithms and for each stored algorithm an associated algorithm identifier, and verification is obtained by comparing the results of the processing of interrogation data by both the interrogator and the smart card using the algorithm associated with the algorithm identifier sent by the interrogator. By utilising different algorithms for different applications the security of the overall system is improved because if one of the algorithms is discovered only the security of applications using the discovered algorithm is compromised while the security of the remaining algorithms is maintained. No longer is the security of an entire system based on the strength of a single encryption algorithm.
Preferably the Smart Card is programmed or otherwise configured such that data stored in the Smart Card is never directly read by a device into which the Smart Card has been inserted, thereby preventing authorisation algorithms being read directly from the memory of a Smart Card.
The system also has the advantage that new authentication procedures can be added onto the Smart Card for new applications. An embodiment of the present invention thus provides a system in which a user has a single Smart Card to carry out all present and future Smart Card
authentication procedures removing the need to carry a number of Smart Cards and having to obtain new smart cards for new applications.
Exemplary embodiments of the present invention will now be described with reference to the accompanying drawings in which: Figure 1 is a schematic diagram illustrating some of the uses of a Smart Card in a first embodiment of the present invention; Figure 2 is a block diagram showing the components of a Smart Card in the first embodiment; Figure 3 is a block diagram illustrating the contents of the read only memory of a Smart Card in the first embodiment; Figure 4 is a block diagram illustrating the contents of the EEPROM of a Smart Card in the first embodiment; Figure 5 is a block diagram showing the components of an apparatus for transferring data onto a Smart Card in the first embodiment; Figure 6 is a block diagram showing the components of an
apparatus for verifying the identification of a Smart Card in the first embodiment ; Figures 7a and 7b show the steps used in the first embodiment to transfer data onto a Smart Card; and Figures 8a and 8b show the steps used in the first embodiment to verify the identification of a Smart Card.
As illustrated schematically in Figure 1, in an embodiment of the present invention, a user 1 uses a single Smart Card 3 in many applications. In all these applications, the Smart Card 3 provides a means for verifying that the user 1 is authorised to carry out the application. In order to carry out this verification, an authentication procedure for the application is written onto the Smart Card 3 by a writer 13, and subsequently the Smart Card 3 is inserted in an interrogator 7 which utilises the authentication procedure to verify the authority of the user 1 to carry out the application.
Referring to Figure 1, in a first example application, the Smart Card 3 is utilised to provide protection against unauthorised use of a computer 5. The computer 5 is programmed not to carry out certain functions unless the authority of the user 1 to carry out those functions has been verified by an interrogator 7. As an example,
the computer 5 will not allow certain files to be altered or deleted unless the identity of the user 1 has been authenticated by the insertion of the Smart Card 3 into the interrogator 7.
A writer 13 is used to transfer authentication procedures used to verify the authority of the user 1 to carry out the computer functions. The writer 13 has a slot 15 into which the Smart Card 3 is inserted, an input unit 17 for entering details of those computer functions that the user 1 is authorised to use, and a display unit 19 for indicating that data has been successfully written onto the Smart Card 3 to enable the user 1 to carry out those functions.
The interrogator 7 has a slot 9 into which the Smart Card 3 is inserted and a display 11 indicating whether or not the identification of the user 1 has been verified.
Another application for the Smart Card 3 is to enable entry into the workplace 21 of the user 1. In this case an interrogator 7 is located at the door 23 of the workplace 21 and the user 1 inserts the Smart Card 3 into the interrogator 7 to obtain entry. A writer 13 is located within the workplace 21 so that authentication data can be stored on the Smart Card, and also on the
Smart Cards of other members of staff.
The writer 13 located within the workplace 21 is able to write authentication data onto the Smart Card 3 for further applications within the workplace 21. For example, the writer 13 may write authentication data to enable the user 1 to gain entry into his internal office in the workplace 21, to use various functions of a computer 25 in the office, and to open a secure locker 27 in the office.
In another application, the user 1 also uses the Smart Card 3 to charge the cost of purchases in a shop 29 to an account held by the user 1. A writer 13 is located in a customer service area 31 of the shop 29 and account authorisation data for the user 1 can be written onto the Smart Card 3. When the user 1 brings any subsequent purchase to the cash till 33, the Smart Card 3 is inserted into an interrogator 7, which authorises that the costs of the purchases should be charged to the user's account. To confirm that the user 1 is the correct owner of the Smart Card 3, the Smart Card 3 may be signed by the user when it is first issued (in the same way that a credit card is signed) and the signature on the Smart Card checked against a signature signed by the user at the cash till 33.
It is not necessary for the writer 13 to be in close proximity with the interrogator 7. For example, Figure 1 also shows an application where the Smart Card 3 is used as a telephone card for paying for calls at a public telephone booth 35. The writer 13 is located in an office 37 of the telephone company and authorisation data is written onto the Smart Card 3 upon payment of a fee.
The office 37 of the telephone company does not have to be within close proximity of the public telephone booth 35. When making a telephone call, the user 1 inserts the Smart Card 3 into an interrogator 7 located at the telephone booth 35 which authorises the telephone call.
In a further example application shown in Figure 1, the Smart Card 3 is used by the user 1 to authorise transactions using an Automated Teller Machine (ATM) 39 at a bank. In this case, the Smart Card 3 is inserted into an interrogator 7 located at the ATM 39 to authorise the transactions. The writer 13 can be located in a bank 41 (or other building) which does not have to be close to the ATM 39. For this application, an identification number would be stored on the Smart Card 3 and tested against a number input by the user 1 when authorisation for the banking application is required, to verify that the user 1 is the correct owner of the Smart Card 3.
The format and operation of a Smart Card 3, a writer 13
and an interrogator 7 will now be described.
THE SMART CARD In this embodiment, a Smart Card 3 is physically constructed in accordance with International Standard ISO-7816.
As shown schematically in Figure 2, a Smart Card 3 (indicated by broken lines) includes a microprocessor 51 to which are connected a Read Only Memory (ROM) 53, an Electrically Erasable Programable Read Only Memory (EEPROM) 55, a Random Access Memory (RAM) 57 and five terminals 59,61, 63,65, 67.
The five terminals 59,61, 63,65, 67 are arranged to connect with corresponding terminals of an external interrogator 7 and writer 13. A power terminal 59 and a ground terminal 61 enable the external device to provide power for the Smart Card 3. A clock terminal 63 is connected to the microprocessor 51 and enables an external device to provide a clock signal for the microprocessor 51. A reset terminal 65 is connected to the microprocessor 51 and enables the external device to send a reset signal to the microprocessor 51. A serial input/output (I/O) terminal 67, also connected to the microprocessor 51, enables communication between the
microprocessor 51 and the external device. Referring to Figure 3, a number of instructions are stored in the ROM 53. In particular, the ROM 53 stores initialisation instructions 71 for initialising the Smart Card 3 when power is first supplied to the Smart Card 3 via the power terminal 59 and the ground terminal 61 after insertion in the external device, writing instructions 73 to enable the Smart Card 3 to receive data from a writer 13, and authentication instructions 75 to enable the Smart Card 3 to authenticate itself in response to a query by an interrogator 7. These instructions will be described in greater detail hereinafter.
Referring to Figure 4, the EEPROM 55 of Smart Card 3 is used to store the algorithms used for authentication in the multiplicity of applications that the Smart Card 3 is used for. As shown in Figure 4, the EEPROM 55 includes an index 81 which keeps a register of the memory location in the EEPROM 55 of the algorithm for a particular application and an area of memory 83 which stores a number"N"of algorithms, each algorithm being for a respective application.
THE WRITER The writer 13, which is schematically indicated by the dotted lines in Figure 5, includes a Central Processing Unit (CPU) 91. Attached to the CPU 91 is a clock 93 for providing a clock signal, a ROM 95 for storing procedures used during operation of the writer 13, and a RAM 97 to provide working space for running the procedures stored in the ROM 95.
Also connected to the CPU 91 is an algorithm memory 99 which stores a plurality of authorisation algorithms to be transferred to Smart Cards. Each of the authorisation algorithms generates a result whose value is dependent upon initial parameters. In other words, if the initial parameter is defined by a binary number having n bits and the result is given as a binary number having n bits, the authorisation algorithm defines a mapping between 2n possible input numbers and 2"possible output numbers.
The algorithm could involve using an input binary number as a seed for linear congruential random number generator. Alternatively the algorithm could execute a combination of bit swaps and exclusive-OR operations. The algorithm could also use exponent modulo and product modulo arithmetic. The algorithm could also mix in familiar techniques such as DES or RSA.
To add an extra element of unpredictability, an input binary number could include random bits whose position in the binary number is known to the authorisation algorithm. The authorisation algorithm can then ignore the random bits when processing the binary number. In this way the same output number could be obtained from two different input numbers thereby increasing the difficulty of cryptoanalysing the algorithm. Random bits could also be added in defined positions of an output binary number.
Depending upon the purpose for which the writer is to be used, a given algorithm may be written to a plurality of Smart Cards to authorise each card to carry out the same application (for example to open a given door), or a different algorithm may be written to each respective Smart Card to authorise each card to carry out the same application. Of course, more than one algorithm may be written to the same Smart Card by a single writer 13 to authorise the user of the card to carry out a plurality of applications (one for each algorithm).
A user interface unit 101 is connected to the CPU 91.
The user interface unit 101 enables an operator of the writer 13 to input data indicating which algorithm stored in the algorithm memory 99 is to be written to a Smart Card 3 inserted in the writer. An algorithm to be
written to a Smart Card 3 may be chosen so that it corresponds to an algorithm already stored in an interrogator 7. Alternatively, an algorithm may be written to a Smart Card 3 and subsequently also input to the interrogator 7.
The procedure for writing an authentication algorithm onto a Smart Card 3 will be described hereinafter.
The power terminal 103, ground terminal 105, clock terminal 107, reset terminal 109 and serial I/O terminal 111 of the writer 13 are designed to contact the power terminal 59, the ground terminal 61, the clock terminal 63, the reset terminal 65 and the serial I/O terminal 67 respectively of a Smart Card 3 when the Smart Card 3 is inserted into the writer 13. As previously mentioned, the power terminal 103 and the ground terminal 105 of the writer 13 provide power for the Smart Card 3, the clock terminal 107 of the writer 13 provides a clock signal to the Smart Card 3, the reset terminal 109 provides a reset signal to the Smart Card 3 and the serial I/O terminal 111 of the writer 13 enables the transfer of data between the writer 13 and the Smart Card 3.
THE INTERROGATOR An interrogator 7, indicated schematically by the dotted
lines in Figure 6, has a Central Processing Unit (CPU) 121. Similarly to the writer 13, a clock 123 is connected to the CPU 121 to provide a clock signal, a ROM 125 is connected to the CPU 121 for storing procedures used during the operation of the interrogator 7, and a RAM 127 is connected to the CPU 121 to provide working space for carrying out the procedures stored in the ROM 125.
For illustrative purposes, the interrogator 7 in this embodiment is designed to carry out authorisation for only one application. The algorithm to enable the interrogator 7 to carry out this authorisation is stored in an algorithm memory 129 which is connected to the CPU 121. As noted previously, the algorithm stored in algorithm memory 129 is the same as an algorithm in the algorithm memory 99 of the writer 13. The procedure for carrying out authorisation using the stored algorithm will be described hereinafter.
The CPU 121 is also connected to an output instruction generator 131. When the identity of a Smart Card 3 has been verified using the algorithm stored in the algorithm memory 129, the CPU 121 informs the output instruction generator 131, which then generates and outputs a control signal to enable the application to be carried out (for example, a signal to release a door lock to enable the
door to be opened). A display 133 is also connected to the CPU 121 so that signals can be conveyed to the user indicating that the Smart Card 3 is not authorised to carry out the application.
The power terminal 135, ground terminal 137, clock terminal 139, reset terminal 141 and serial I/O terminal 143 of the writer 13 are designed to contact the power terminal 59, the ground terminal 61, the clock terminal 63, the reset terminal 65 and the serial I/O terminal 67 respectively of a Smart Card 3 when the Smart Card 3 is inserted into the interrogator 7. As previously mentioned, the power terminal 135 and the ground terminal 137 of the interrogator 7 provide power for the Smart Card 3, the clock terminal 139 of the interrogator 7 provides a clock signal to the Smart Card 3, the reset terminal 141 provides a reset signal to the Smart Card 3 and the serial I/O terminal 143 of the interrogator 7 enables the transfer of data between the interrogator 7 and the Smart Card 3.
WRITING PROCEDURE Figures 7A and 7B show the sequence of steps which occur after a Smart Card 3 has been inserted into a writer 13. In Figure 7A and 7B, the vertical dotted line separates those steps carried out by the writer 13 on the one hand
from those steps carried out by the Smart Card 3 on the other hand. On insertion of the Smart Card 3 into the writer 13, the writer 13 provides power for the Smart Card 3 and a reset signal. Upon receipt of the reset signal from the writer 13, at step S1 the microprocessor 51 of the Smart Card 3 initiates an initialization process. When the Smart Card 3 is initialised, the microprocessor 51 of the Smart Card 3 carries out step S3 in which a request for instructions is sent to the writer 13.
The request for instructions is received by the writer 13 in step S5 and in step S7 the writer 13 instructs the Smart Card 3 that an authorisation algorithm is to be written into the EEPROM 55. This instruction is received by the Smart Card 3 in step S9 after which the Smart Card 3 awaits further data.
When the authorisation algorithm to be written into the EEPROM 55 of the Smart Card 3 has been identified, if necessary using the user interface unit 101 of the writer 13, in step S11 the writer 13 sends an algorithm identifier identifying the algorithm to the Smart Card 3.
The algorithm identifier is received by the Smart Card 3 in step S13 and subsequently in step S15 is registered in the index 81 of the EEPROM 55. The Smart Card 3 then
sends, in step S17, a signal to writer 13 indicating that the algorithm identifier has been written into the index 81.
In step S19 the writer receives confirmation of the registration of the algorithm identifier and subsequently, in step S21, sends the algorithm to the Smart Card 3. The algorithm is received by the Smart Card 3 in step S23 and in step S25 the algorithm is written into the area of memory 83 corresponding to the position of the algorithm identifier in the index 81.
Confirmation that the algorithm has been written into memory 83 is sent by the Smart Card 3 to the writer 13, in step S27. This confirmation is received in step S29 by the writer 13, which, in step S31, then informs the operator of writer 13 that the algorithm has been written in the Smart Card 3 using the user interface unit 101.
The Smart Card 3 then awaits further algorithm identifiers corresponding to authorisation algorithms for further applications. After all the desired authorisation algorithms have been written on the Smart Card 3, the Smart Card 3 is removed from the writer 13, thereby removing power from the Smart Card 3.
INTERROGATION PROCEDURE Figures 8A and 8B illustrate the procedure carried out when the user 1 inserts the Smart Card 3 into an interrogator 7. The vertical dotted line in Figures 8a and 8b separates those steps carried out by the interrogator 7 on the one hand from those steps carried out by the Smart Card 3 on the other hand.
When the Smart Card 3 is inserted into the interrogator 7, the interrogator 7 provides power for the Smart Card 3 and a reset signal. When the Smart Card 3 receives the reset signal from the interrogator 7, the microprocessor 51 initiates an initialisation process which is carried out in step S51. After the Smart Card 3 has been initialised, the Smart Card 3 carries out step S53 in which a request for instructions is sent to the interrogator 7.
Steps S51 and S53 are identical to steps S1 and S3 shown in Figure 7A since the Smart Card does not yet know whether it has been inserted into an interrogator 7 or a writer 13.
The interrogator 7 receives the request for instructions in step S55, in response to which the interrogator 7 instructs the Smart Card 3 in step S57 that an
authorisation test is to be performed. The Smart Card 3 receives the information that an authorisation test is to be performed in step S59 and awaits further data.
In step S61 the interrogator 7 sends an algorithm identifier to the Smart Card 3 identifying the algorithm to be verified (that is, the algorithm corresponding to the application to be performed).
The algorithm identifier is received by the Smart Card 3 in step S63 and subsequently, in step S65, the Smart Card 3 accesses the index 81 in the EEPROM 55 to see whether the appropriate algorithm is stored in the EEPROM 55.
If the appropriate algorithm is not stored in the EEPROM 55, then the Smart Card 3 sends an error signal in step S67 to the interrogator 7. On receipt of the error signal, the interrogator 7 generates a signal via the display 133 in step S69 indicating that authorisation for the application has been denied. On the other hand, if the appropriate algorithm is stored in the EEPROM 55, then, in steps S71 the Smart Card 3 sends an"algorithm found"signal to the interrogator 7.
On receiving the"algorithm found"signal in step S73, the interrogator generates a random number, in step S75,
and sends the random number to the Smart Card 3, in step S77. The Smart Card 3 receives the random number in step S79.
Then the interrogator 7, in step S81, and the Smart Card 3, in step S83, apply the application algorithm to the random number. The interrogator 7 generates result one and the Smart Card 3 generates result two.
The Smart Card 3 sends result two to the interrogator 7 in step S85 and the interrogator 7 receives result two in step 87.
In step S89 the interrogator 7 compares result one and result two. If result one is equal to result two the interrogator 7 generates an output and authentication signal via the display 133 in step S91 and instructs the output instruction generator 131 to carry out the application.
If result one is not equal to result two then, in step S93, the interrogator 7 generates a signal via the display 133 indicating authorisation to perform the application has been denied.
It will be appreciated that the algorithm used in the
above-described embodiment may include various mathematical operations and/or may involve looking up numbers stored in look-up tables.
MODIFICATIONS A number of modifications can be made to the abovedescribed embodiment without departing from the concept of the invention.
It will be appreciated that the examples of applications for the Smart Card 3 described with reference to Figure 1 are not a complete list and that many other applications could be carried out using a single Smart Card 3.
The International Standards Organisation (ISO) has set a number of standards covering Smart Cards and most Smart Cards comply with at least one of these standards.
Currently, the most prevalent ISO standard relating to Smart Cards is ISO 7816 which covers Smart Cards having contacts via which an external apparatus can provide power to the Smart Card and communicate with the Smart Card. Other standards include ISO 10536, which covers close-coupled contactless cards which utilise, for example, magnetic coupling, and ISO 14443 which covers remotely coupled contactless cards which utilise, for example, radio waves.
The above embodiment has been described in relation to a Smart Card having contacts in accordance with ISO 7816.
It will be appreciated, however, that embodiments of the invention may equally well comprise close-coupled contactless Smart Cards and remotely-coupled contactless Smart Cards, for example in accordance with the ISO standards above.
In a preferred embodiment of the present invention, the EEPROM 55 in the Smart Card 3 is a"flash"EEPROM in which it is only possible to erase sectors of, for example, 512 bytes. The advantage of using such"flash" EEPROM is that"flash"EEPROMs allow high density storage and increased re-write.
If the writer 13 is required always to write a single algorithm or set of algorithms to a Smart Card 3, then it is not necessary to select which algorithm (s) to write using the user interface unit 101. A user 1 can simply insert the Smart Card 3 into the writer 13 which would automatically write the algorithms to the Smart Card 3 and then eject the Smart Card 3. Further, the writer 13 may be connected to a conventional computer programmed so that the user 1 can input the algorithms to be written onto the Smart Card 3 via the computer.
In the embodiment described above, an interrogator sends
a random number to a Smart Card and both the interrogator and Smart Card process the random number using an authorisation algorithm. However, as an alternative the Smart Card could include a random number generator for generating a random number which can then be sent to the interrogator.
The embodiment described above allows a single Smart Card to hold a plurality of authentication procedures, to which additional authentication procedures may be added, so that the Smart Card can be used for a plurality of applications. If the security of one of the authentication procedures is compromised, then the remaining authentication procedures are not affected.

Claims (18)

1. A smart card system for verifying the authority of users to utilise a plurality of applications, the system comprising: a plurality of smart cards, each smart card being associated with a respective corresponding user and being arranged to store a plurality of algorithms defining the user's authority to utilise respective applications; at least one writer operable to transfer at least one of a plurality of algorithms to a smart card in communication therewith; and a plurality of interrogators, each interrogator being associated with a corresponding application and being operable to interrogate a smart card in communication therewith to determine from the algorithms stored on the smart card whether the user has authority to utilise the application; wherein: each writer comprises: means for generating and sending a signal conveying at least one of a plurality of algorithms to the smart card; and means for generating and sending a signal to the smart card conveying a respective algorithm identifier for each of the algorithms sent;
each interrogator comprises : storage means storing data defining an application algorithm for the application with which the interrogation is associated and a corresponding application algorithm identifier; means for generating and sending a signal conveying the stored application algorithm identifier to a smart card; means for processing interrogation data using the stored algorithm to obtain a first result; means for receiving an authentication signal from the smart card conveying a second result of processing the interrogation data; and means for determining on the basis of the first and second results whether or not use of the application is authorised; and each smart card comprises: a processor; transmission means via which data transmission can be established between that smart card and an interrogator or a writer; first memory means for storing a plurality of algorithms and for each stored algorithm a respective corresponding algorithm identifier; and second memory means storing process instructions for the processor to enable the smart card to:
(i) register in the first memory means an algorithm identifier and a respective algorithm received from a writer via the transmission means; (ii) select the algorithm corresponding to an application algorithm identifier received from an interrogator via the transmission means; (iii) process the interrogation data using the selected algorithm to generate the second result; and (iv) transmit an authentication signal conveying the second result to the interrogator via the transmission means.
2. A method of verifying the authority of users to use a plurality of applications, the method comprising: storing on a smart card associated with a given user a plurality of respective algorithms and a respective algorithm identifier for each stored algorithm, each algorithm being associated with an application; and to determine whether the given user has access to an application: generating and sending a signal from a smart card interrogator conveying an algorithm identifier to the smart card of the given user; selecting from memory on the smart card the algorithm corresponding to the sent algorithm identifier; processing interrogation data in the interrogator
using an algorithm stored therein to obtain a first result ; processing the said interrogation data in the smart card using the algorithm selected from the memory to generate a second result; transmitting an authentication signal conveying the second result from the smart card to the interrogator; and determining in the interrogator on the basis of the first and second results whether or not the application is authorised.
3. A smart card, comprising: a processor; transmission means via which a signal can be transferred between the smart card and an external device; first memory means for storing a plurality of algorithms and for each stored algorithm a respective algorithm identifier; and second memory means storing process instructions for the processor to enable the smart card to: (i) select the algorithm corresponding to an algorithm identifier received via the transmission means from an external device; (ii) process interrogation data using the selected algorithm to generate an authentication result; and
(iii) generate and send an authentication signal conveying the authentication result to the external device.
4. A smart card according to claim 3, when a plurality of algorithms and corresponding algorithm identifiers are stored in the first memory means.
5. A smart card according to either claim 3 or claim 4, wherein the first memory means and the second memory means are separate areas of a common memory.
6. A smart card according to any of claims 3 to 5, wherein the second memory means further stores instructions for the processor to enable the smart card to register in the first memory means an algorithm identifier and a respective algorithm received from an external device.
7. A smart card according to any of claims 3 to 6, further comprising means for generating the interrogation data and means for sending the interrogation data generated by the generating means to the external device.
8. An apparatus for interrogating a smart card to verify authority to utilise an application, comprising: means for storing data defining an algorithm for the
application and a corresponding algorithm identifier ; means for generating and sending a signal to the smart card conveying the stored algorithm identifier; means for processing interrogation data using the stored algorithm corresponding to the algorithm identifier to obtain a first result; means for receiving an authentication signal from the smart card conveying a second result of processing the interrogation data; and means for determining on the basis of the first and second results whether or not use of the application is authorised.
9. An apparatus according to claim 8, further comprising means for generating said interrogation data and means for sending said interrogation data to the smart card.
10. An apparatus for writing an algorithm for verifying authority to utilise an application to a smart card, said apparatus comprising: means for generating and sending a signal to the smart card conveying the algorithm; and means for generating and sending a signal to the smart card conveying an algorithm identifier associated with the algorithm.
11. An apparatus according to claim 10, wherein the signals conveying the algorithm and the corresponding algorithm identifier are components of a common signal.
12. A method of operation of a smart card storing a plurality of respective algorithms and for each algorithm a respective algorithm identifier to verify authority of a user associated with the smart card to utilise an application, the method comprising the steps of: receiving a signal conveying an algorithm identifier from an external interrogator; selecting the stored algorithm corresponding to the received algorithm identifier; processing interrogation data using the selected algorithm to generate an authentication result; and transmitting an authentication signal conveying the authentication result to the external interrogator.
13. A method of operation of an interrogator for interrogating a smart card to verify authority to utilise an application, the method comprising the steps of: generating and sending a signal conveying an algorithm identifier corresponding to an algorithm to the smart card; processing interrogation data using the algorithm corresponding to the algorithm identifier to generate a first result;
receiving an authentication signal from the smart card conveying a second result of processing the interrogation data; and determining on the basis of a comparison of the first and second result whether or not use of the application is authorised.
14. A method of operation of a writer to write an algorithm for verifying authority to utilise an application to a smart card, the method comprising the steps of: generating and sending a signal conveying an algorithm identifier associated with the algorithm to the smart card; and generating and sending a signal conveying the algorithm to the smart card.
15. A storage device storing instructions for causing a programmable processor on a smart card having transmission means via which a signal can be transferred between the smart card and an external device and memory means for storing a plurality of algorithms and for each algorithm a respective algorithm identifier, to become operable to: (i) select the algorithm corresponding to an algorithm identifier received via the transmission means from an external device;
(ii) process interrogation data using the selected algorithm to generate an authentication result ; and (iii) generate and send an authentication signal conveying the authentication result to the external device.
16. A signal conveying instructions for causing a programmable processor on a smart card having transmission means via which a signal can be transferred between the smart card and an external device and memory means for storing a plurality of algorithms and for each algorithm a respective algorithm identifier, to become operable to: (i) select the algorithm corresponding to an algorithm identifier received via the transmission means from an external device; (ii) process interrogation data using the selected algorithm to generate an authentication result; and (iii) generate and send an authentication signal conveying the authentication result to the external device.
17. A storage device storing instructions for causing a programmable processor in an interrogator having memory means for storing data defining an algorithm and an algorithm identifier and transmission means via which a signal can be transferred between the interrogator and a
smart card, to become operable to : generate and send a signal conveying an algorithm identifier corresponding to a stored algorithm to the smart card; process interrogation data using the algorithm corresponding to the algorithm identifier to generate a first result; receive an authentication signal from the smart card conveying a second result of processing the interrogation data; and determine on the basis of a comparison of the first and second result whether or not use of the application is authorised.
18. A signal conveying instructions for causing a programmable processor in an interrogator having memory means for storing data defining an algorithm and an algorithm identifier and transmission means via which a signal can be transferred between the interrogator and a smart card, to become operable to: generate and send a signal conveying an algorithm identifier corresponding to a stored algorithm to the smart card; process interrogation data using the algorithm corresponding to the algorithm identifier to generate a first result; receive an authentication signal from the smart card conveying a second result of processing the interrogation data; and determine on the basis of a comparison of the first and second result whether or not use of the application is authorised.
GB0014843A 2000-06-16 2000-06-16 Smart card authentication Withdrawn GB2368948A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0014843A GB2368948A (en) 2000-06-16 2000-06-16 Smart card authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0014843A GB2368948A (en) 2000-06-16 2000-06-16 Smart card authentication

Publications (2)

Publication Number Publication Date
GB0014843D0 GB0014843D0 (en) 2000-08-09
GB2368948A true GB2368948A (en) 2002-05-15

Family

ID=9893858

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0014843A Withdrawn GB2368948A (en) 2000-06-16 2000-06-16 Smart card authentication

Country Status (1)

Country Link
GB (1) GB2368948A (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2227111A (en) * 1989-01-17 1990-07-18 Toshiba Kk Certification system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2227111A (en) * 1989-01-17 1990-07-18 Toshiba Kk Certification system

Also Published As

Publication number Publication date
GB0014843D0 (en) 2000-08-09

Similar Documents

Publication Publication Date Title
JP5050066B2 (en) Portable electronic billing / authentication device and method
US5721781A (en) Authentication system and method for smart card transactions
EP0981807B1 (en) Integrated circuit card with application history list
US7089214B2 (en) Method for utilizing a portable electronic authorization device to approve transactions between a user and an electronic transaction system
EP0976114B1 (en) Secure multiple application card system and process
US6659354B2 (en) Secure multi-application IC card system having selective loading and deleting capability
US5036461A (en) Two-way authentication system between user's smart card and issuer-specific plug-in application modules in multi-issued transaction device
US6954855B2 (en) Integrated circuit devices with steganographic authentication, and steganographic authentication methods
KR20090086979A (en) Proxy authentication methods and apparatus
EP1053535A1 (en) Configuration of ic card
CA2286851C (en) System for the secure reading and editing of data on intelligent data carriers
WO1999040549A1 (en) System and method for controlling access to computer code in an ic card
CN113595714A (en) Contactless card with multiple rotating security keys
US20100211488A1 (en) License enforcement
WO2001082167A1 (en) Method and device for secure transactions
JPH09106456A (en) Personal identification method in card utilization, personal identification system using ic card and ic card used for the system
JP2000507380A (en) Safety module
GB2368948A (en) Smart card authentication
JP4729187B2 (en) How to use card management system, card holder, card, card management system
KR200208816Y1 (en) Non-power electronic signature apparatus having card reading function
JP2523197B2 (en) PIN confirmation method
MXPA99011648A (en) Method for managing a secure terminal

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)