GB2397678A - A secure terminal for use with a smart card based loyalty scheme - Google Patents
A secure terminal for use with a smart card based loyalty scheme Download PDFInfo
- Publication number
- GB2397678A GB2397678A GB0301558A GB0301558A GB2397678A GB 2397678 A GB2397678 A GB 2397678A GB 0301558 A GB0301558 A GB 0301558A GB 0301558 A GB0301558 A GB 0301558A GB 2397678 A GB2397678 A GB 2397678A
- Authority
- GB
- United Kingdom
- Prior art keywords
- message
- requesting entity
- terminal
- challenge
- card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/409—Device specific authentication in transaction processing
- G06Q20/4097—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Accounting & Taxation (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Strategic Management (AREA)
- Computing Systems (AREA)
- General Business, Economics & Management (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Finance (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Storage Device Security (AREA)
Abstract
When a card is presented to a terminal device (card reader), the card is read and a challenge is sent to the terminal from card, if the terminal has the correct certificates it will be able to decrypt the challenge and for example display corresponding information a screen. The cardholder will then now that the terminal has the correct certificate and is thus verified.
Description
1 2397678
PRIVACY ENHANCED CARD METHOD AND SYSTEM COMPRISING
CARD AND TERMINAL FOR READING THE CARD
The present invention is related to a privacy enhanced system and method comprising card and terminal for reading the card.
Nowadays there is a constant development of transactions between organization and customer where customers are obliged to identify themselves and where personal data are collected. This can be the subject of considerable abuse.
For example, a customer who opens his purse or wallet, will find, somewhere in there, several forms of identification cards. Some of these were probably issued by some forms of authority such as government, employer or perhaps school. Àe e À e Àe
. It is likely that he also carries other Identification cards" from see.
retailers in his area. These cards are often described as Loyalty cards" and he carries them because his retailer provides him with additional savings or points towards other benefits if he presents it every time he makes a purchase. Àeee À. e e À e.
Some of the more successful loyalty card programs involve more than one retailer. For example, the card would be accepted, and earn benefits for him, at; his grocer, his favorite gasoline station, his favorite airline and perhaps a few of the specialty retailers that he frequents. For a consumer, this provides ample opportunity to amass greater savings or points towards the benefits the card offers.
However, loyalty card programs have really only one purpose - to collect and correlate information about customers; their spending habits, their brand preferences, their reaction to promotions, etc. This provides valuable marketing information for the retailers involved and, to a great extent; it helps them tailor their products and services to serve customers better.
Unfortunately, while the collection and analysis of such personal data by an organization (private or public) can be of great public benefit, it can also present some drawbacks in particular when secret information could be accessed by third party, such as PIN code.
There is therefore a need to use secure card terminals. These terminals would have one or more card-readers, one or more PIN entry pads and one or more biometric readers. À. e. À À À
. Whatever the capabilities of the terminal, it must be trusted. Both I. the organization and the cardholder will need to know that the device À:''.: has not been tampered with. For the consumer, they must have the confidence that their PIN or biometric will not be intercepted or stored by any third parties. À.e À. À À
À Àe Further, today's cryptographic technology offers a lot of benefits for an identification card system. However, in most cases using the technology can leave behind traces of uniqueness. This is unfortunate, because retailers and other organizations could collect these unique values as a new unique-key for marrying databases together.
The problem of unique values comes in when information is cryptographically packaged. In order to maintain a high degree of confidence in the system, data is often electronically sealed so that it cannot be tampered with. Once the data is packaged, it cannot be changed or refuted - not even by its owner. It is the cryptographic packaging that provides the trust in the system - it is essential but its very nature ensures that it uniquely identifies its owner.
Therefore, when a card terminal is to be used in an identification card scheme, there is a need to: - Protect the cardholders from modified counterfeit devices that can capture their PINs or biometric patterns; Perform online CRL checks and other data integrity checks of the cardholder's card, this would involve electronically communicating directly with the registration authority or their agent in a A cryptographically secure manner. À. À -e
The present invention clearly answers these needs by proposing a À:: secure card terminal.
This card-terminal act as an information broker. It accepts a package from one party, verifies the contents, and then reseals the information ÀÀ À À' into a new package before passing it onto the other party. In this way, the benefits of the cryptographic technology can be maintained while protecting the identity of the various parties. Additionally, the cardterminal can provide electronic, or even paper receipts of each transaction.
The invention will be further understood in connection with a detailed description of a practical example. Such an example is not limitative of the invention, which should have other forms of implementation.
Following the embodiment further described, each customers is provided with an identification card which allows him to access various organization (either public or private).
Such an identification card is equipped with an embedded cryptographic processor- a smart card. The cryptographic smart chip was built from the ground up to securely hold information. It also provides a sufficient amount of computer processing and memory for the proposed innovations.
The identification card stores, among other things, public- and private
. keys. The cardholder will find these keys very useful in electronic . transactions where he must prove his or her identity or electronically Àe sign documents. I. À..DTD: The card should be protected by the cardholder's personal identification number (PIN). This will allow a positive and culturally À# accepted means of approving operations on the card. À Àe
Some of the algorithms used to facilitate the functionality are already known. In particular, the application would use a cryptographic hash function at least in part.
Such an identification card store personal information on the customer such as his name, address and age. This card is to be presented for accessing various organizations (private or public), which need to access all or part of this personal information.
Such a card is therefore to read by a card terminal according the present invention, which equipped the organizations.
The concept of a card terminal, even one that is shared amongst those involved in a single transaction is assumed to be common knowledge.
In fact, the concept of a tamper-resistant device which facilitates the trusted exchange between parties is also known in the form of a vehicle tachometer. Especially those devices that are being built to support the new EU digital tachometer scheme.
Since the device itself is tamper-resistant and itself contains electronic credentials that could be revoked in case of suspicion, it ., becomes an active part of the trust hierarchy and can be trusted by À . the parties it interacts with. The cardholder can check that it is À.
unlikely to have been tampered with when inserting their card and À: .. .' before unlocking their own credentials.
In general the device would be tamper-resistant and contain a number of interfaces: À À. À 2 or more smart card readers À 1 or more PIN entry keypads À l or more biometric capture devices (e.g. fingerprint and rls) À A display for conveying messages À A network connection for communication with the trust network The device itself should have a number of automatic mechanisms for testing its own physical and logical integrity. It should also have a relatively short period of validity in the field, after which, it must be
inspected and re-authorized for field use.
It should have distinct and protected visual elements that readily identify itself to potential card holders.
It should have the ability to interact with a network, whether wired or wirelessly, to establish a secure connection to the trust authority. It will use this connection for performing Certificate Revocation List checks, posting electronic receipts, updating its own soft/frmware and other purposes.
. . Therefore, when the cardholder presents its card to the terminal, the A. card is read and a challenge is sent to the terminal, if the terminal as -e the correct certificates, he will be therefore able to decrypt the À :.' .: challenge and for example he will display the corresponding information on its screen. Then the cardholder will be able to verify that the terminal possesses the right certificates and therefore that he À.
is an authentic terminal.
The advantages of such a device is that it can facilitate authenticity checks on an individual's identification card, check that it has not been revoked and allow a highly-secure means of interacting with card applications (see other patent memos).
Further one of the key capabilities of this device is that it can act as a trusted information/transaction broker.
Typical electronic transactions that are in use today that must be confident will use PKI to raise the confidence levels of an exchange.
By digitally signing and encrypting the transaction, the system can provide CONFIDENTIALITY, INTEGRITY, AUTHENTICATION, AUTHORIZATION and NONREPUDIATION. Whilst these benefits are great for the transaction where the participants are already familiar with one another, it is not so good for people who wish to remain anonymous. This is because when electronically signing a document, some form of unique identifier is attached to the signature. This is usually the signer's certificate, but could simply be his/her public key as well. It could simply be an identifier to indicate to the recipient IS where to get the public- key/certificate. At the end of the day, the :^,.. recipient must have access to the public-key in order to verify the . A signature.
À This device could act as a trusted transaction broker in that it could receive the signer's signed message and extract the message, verify that the signature is valid, then verify that the certificate is still valid, Àe etc. It would then assert in a new message that the original message À (attached) was indeed signed by the signer and that some number of steps were taken to verify the signature and the credentials used.
This new message and the original would then be again signed by the trusted device and issued to the recipient.
I
In this way, the confidence of the original message would be maintained (to the level of trust of the device) but eliminate the unique IDs of the signer.
Today, a suitable alternative could be assembled with a trusted webserver over the internet. However, this may not be appropriate where all parties are physically in the same location in an environment not suitable for conventional computing equipment. Also, this setup would not convey the amount of trust to the cardholder that is I O required. À. Àe À À À À.. À À.e A:.
Claims (5)
1. Privacy enhanced method for a customer to communicate personal data to an organization he has access to, the method comprising the steps of: receiving a request for personal information from a requesting entity belonging to said organization; - sending an enciphered challenge to the requesting entity; - receiving from said requesting entity the response of the challenge; and - if such a response is correct then, transferring the personal information to the requesting entity.
2. The method of claim 1, wherein the requesting entity needs to use certificates from a certification authority to operate the challenge received from the customer. À À À À
À
3. The method of claim 1, wherein the requesting entity act as a trusted transaction broker in that it could receive the customer's Àee...
À 20 signed message and extract the message, verify that the signature is valid, then verify that the certificate is still valid, it would then assert À: À in a new message that the original message was indeed signed by the À...
. customer and that some number of steps were taken to verify the À À signature and the credentials used, this new message and the original would then be again signed by the requesting entity and issued to the recipient.
4. A system to implement the method of above claims 1 to 3, wherein said customer has a smart card to communicate with a terminal belonging to the requesting entity, said smart card storing personal data and an algorithm to operate the challenge query transmitted to the terminal, said terminal storing an algorithm and PKI certificate to display the response of said challenge.
5. The system of claim 4, wherein the terminal acts as a trusted transaction broker in that it comprises means for receiving the cardholder's signed message, means for extracting the message, means for verifying that the signature is valid, means for verifying that the certificate is still valid, and means to assert in a new message that the original message (attached) was indeed signed by the signer and that some number of steps were taken to verify the signature and the credentials used. Àe.. À À À À.- À
- Àee.e À À: À e.. À. À À À.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0301558A GB2397678A (en) | 2003-01-23 | 2003-01-23 | A secure terminal for use with a smart card based loyalty scheme |
PCT/EP2004/050040 WO2004066227A1 (en) | 2003-01-23 | 2004-01-23 | Privacy enhanced card method and system comprising card and terminal for reading the card |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0301558A GB2397678A (en) | 2003-01-23 | 2003-01-23 | A secure terminal for use with a smart card based loyalty scheme |
Publications (2)
Publication Number | Publication Date |
---|---|
GB0301558D0 GB0301558D0 (en) | 2003-02-26 |
GB2397678A true GB2397678A (en) | 2004-07-28 |
Family
ID=9951668
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB0301558A Withdrawn GB2397678A (en) | 2003-01-23 | 2003-01-23 | A secure terminal for use with a smart card based loyalty scheme |
Country Status (2)
Country | Link |
---|---|
GB (1) | GB2397678A (en) |
WO (1) | WO2004066227A1 (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1560173A1 (en) * | 2004-01-30 | 2005-08-03 | Giesecke & Devrient GmbH | System with a terminal and a portable data carrier |
WO2006092539A2 (en) | 2005-03-03 | 2006-09-08 | France Telecom | Making secure data for customer loyalty programmes |
WO2010065374A1 (en) * | 2008-12-02 | 2010-06-10 | Symbol Technologies, Inc. | System and method for a secure transaction |
US7787662B2 (en) | 2005-07-04 | 2010-08-31 | Sony Corporation | Information processing system, information processing apparatus and method, and program |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0807911A2 (en) * | 1996-05-15 | 1997-11-19 | RSA Data Security, Inc. | Client/server protocol for proving authenticity |
US5721781A (en) * | 1995-09-13 | 1998-02-24 | Microsoft Corporation | Authentication system and method for smart card transactions |
US5955717A (en) * | 1996-01-31 | 1999-09-21 | Certicom Corp. | Transaction verification protocol for Smart Cards |
EP1208543A1 (en) * | 1999-07-30 | 2002-05-29 | Giesecke & Devrient GmbH | Method, data carrier and system for authentication of a user and a terminal |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5241599A (en) * | 1991-10-02 | 1993-08-31 | At&T Bell Laboratories | Cryptographic protocol for secure communications |
EP0798673A1 (en) * | 1996-03-29 | 1997-10-01 | Koninklijke KPN N.V. | Method of securely loading commands in a smart card |
US6263436B1 (en) * | 1996-12-17 | 2001-07-17 | At&T Corp. | Method and apparatus for simultaneous electronic exchange using a semi-trusted third party |
FR2780177B1 (en) * | 1998-06-17 | 2001-10-05 | Schlumberger Ind Sa | SOFTWARE PROTECTION SYSTEM |
US20030005317A1 (en) * | 2001-06-28 | 2003-01-02 | Audebert Yves Louis Gabriel | Method and system for generating and verifying a key protection certificate |
-
2003
- 2003-01-23 GB GB0301558A patent/GB2397678A/en not_active Withdrawn
-
2004
- 2004-01-23 WO PCT/EP2004/050040 patent/WO2004066227A1/en active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5721781A (en) * | 1995-09-13 | 1998-02-24 | Microsoft Corporation | Authentication system and method for smart card transactions |
US5955717A (en) * | 1996-01-31 | 1999-09-21 | Certicom Corp. | Transaction verification protocol for Smart Cards |
EP0807911A2 (en) * | 1996-05-15 | 1997-11-19 | RSA Data Security, Inc. | Client/server protocol for proving authenticity |
US6189098B1 (en) * | 1996-05-15 | 2001-02-13 | Rsa Security Inc. | Client/server protocol for proving authenticity |
EP1208543A1 (en) * | 1999-07-30 | 2002-05-29 | Giesecke & Devrient GmbH | Method, data carrier and system for authentication of a user and a terminal |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1560173A1 (en) * | 2004-01-30 | 2005-08-03 | Giesecke & Devrient GmbH | System with a terminal and a portable data carrier |
WO2006092539A2 (en) | 2005-03-03 | 2006-09-08 | France Telecom | Making secure data for customer loyalty programmes |
US7787662B2 (en) | 2005-07-04 | 2010-08-31 | Sony Corporation | Information processing system, information processing apparatus and method, and program |
CN1897045B (en) * | 2005-07-04 | 2010-12-22 | 索尼株式会社 | Information processing system, information processing device and method |
WO2010065374A1 (en) * | 2008-12-02 | 2010-06-10 | Symbol Technologies, Inc. | System and method for a secure transaction |
Also Published As
Publication number | Publication date |
---|---|
WO2004066227A8 (en) | 2005-06-16 |
GB0301558D0 (en) | 2003-02-26 |
WO2004066227A1 (en) | 2004-08-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US5721781A (en) | Authentication system and method for smart card transactions | |
US8340296B2 (en) | Method and system for registering and verifying smart card certificate for users moving between public key infrastructure domains | |
CA2417770C (en) | Trusted authentication digital signature (tads) system | |
US7925878B2 (en) | System and method for creating a trusted network capable of facilitating secure open network transactions using batch credentials | |
US7552333B2 (en) | Trusted authentication digital signature (tads) system | |
Taherdoost et al. | Smart card security; Technology and adoption | |
US6711263B1 (en) | Secure distribution and protection of encryption key information | |
US7165718B2 (en) | Identification of an individual using a multiple purpose card | |
CN112106324A (en) | Methods, computer program products and devices for creating, registering and verifying digitally stamped assets | |
US20020026578A1 (en) | Secure usage of digital certificates and related keys on a security token | |
US20080250246A1 (en) | Method for Controlling Secure Transactions Using a Single Multiple Dual-Key Device, Corresponding Physical Deivce, System and Computer Program | |
CN101022339A (en) | Electronic sign stamp identifying method combined with digital centifi cate and stamp | |
TW200402224A (en) | Biometric private key infrastructure | |
KR20080112395A (en) | Privacy enhanced identity scheme using an un-linkable identifier | |
EP3350956B1 (en) | Electronic voting using secure electronic identity device | |
EP3387783B1 (en) | Secure electronic device with mechanism to provide unlinkable attribute assertion verifiable by a service provider | |
TWI666565B (en) | Identity authentication system and method thereof | |
Shakiba et al. | ESIV: an end-to-end secure internet voting system | |
GB2397678A (en) | A secure terminal for use with a smart card based loyalty scheme | |
Bosworth et al. | Entities, identities, identifiers and credentials—what does it all mean? | |
Nithyanand | Securing personal RFID tags and infrastructures | |
Pohlmann | Smart cards: The Authenticated Solution For E-business User | |
Zipfel et al. | Secure E-Business applications based on the European Citizen Card | |
Kadambi | CIS 6930 Cryptographic Protocols Notes on Digital Signatures and Applications October 7 2003 R Aditya Kadambi (rak@ cise. ufl. edu) 1. Digital Signatures | |
Laidi | Using smart card in e-business applications: an e-business model |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WAP | Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1) |