GB2397678A - A secure terminal for use with a smart card based loyalty scheme - Google Patents

A secure terminal for use with a smart card based loyalty scheme Download PDF

Info

Publication number
GB2397678A
GB2397678A GB0301558A GB0301558A GB2397678A GB 2397678 A GB2397678 A GB 2397678A GB 0301558 A GB0301558 A GB 0301558A GB 0301558 A GB0301558 A GB 0301558A GB 2397678 A GB2397678 A GB 2397678A
Authority
GB
United Kingdom
Prior art keywords
message
requesting entity
terminal
challenge
card
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0301558A
Other versions
GB0301558D0 (en
Inventor
Martin Koistinen
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SEMA UK Ltd
Atos Origin IT Services UK Ltd
Original Assignee
SEMA UK Ltd
Atos Origin IT Services UK Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SEMA UK Ltd, Atos Origin IT Services UK Ltd filed Critical SEMA UK Ltd
Priority to GB0301558A priority Critical patent/GB2397678A/en
Publication of GB0301558D0 publication Critical patent/GB0301558D0/en
Priority to PCT/EP2004/050040 priority patent/WO2004066227A1/en
Publication of GB2397678A publication Critical patent/GB2397678A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Accounting & Taxation (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Strategic Management (AREA)
  • Computing Systems (AREA)
  • General Business, Economics & Management (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Storage Device Security (AREA)

Abstract

When a card is presented to a terminal device (card reader), the card is read and a challenge is sent to the terminal from card, if the terminal has the correct certificates it will be able to decrypt the challenge and for example display corresponding information a screen. The cardholder will then now that the terminal has the correct certificate and is thus verified.

Description

1 2397678
PRIVACY ENHANCED CARD METHOD AND SYSTEM COMPRISING
CARD AND TERMINAL FOR READING THE CARD
The present invention is related to a privacy enhanced system and method comprising card and terminal for reading the card.
Nowadays there is a constant development of transactions between organization and customer where customers are obliged to identify themselves and where personal data are collected. This can be the subject of considerable abuse.
For example, a customer who opens his purse or wallet, will find, somewhere in there, several forms of identification cards. Some of these were probably issued by some forms of authority such as government, employer or perhaps school. Àe e À e Àe
. It is likely that he also carries other Identification cards" from see.
retailers in his area. These cards are often described as Loyalty cards" and he carries them because his retailer provides him with additional savings or points towards other benefits if he presents it every time he makes a purchase. Àeee À. e e À e.
Some of the more successful loyalty card programs involve more than one retailer. For example, the card would be accepted, and earn benefits for him, at; his grocer, his favorite gasoline station, his favorite airline and perhaps a few of the specialty retailers that he frequents. For a consumer, this provides ample opportunity to amass greater savings or points towards the benefits the card offers.
However, loyalty card programs have really only one purpose - to collect and correlate information about customers; their spending habits, their brand preferences, their reaction to promotions, etc. This provides valuable marketing information for the retailers involved and, to a great extent; it helps them tailor their products and services to serve customers better.
Unfortunately, while the collection and analysis of such personal data by an organization (private or public) can be of great public benefit, it can also present some drawbacks in particular when secret information could be accessed by third party, such as PIN code.
There is therefore a need to use secure card terminals. These terminals would have one or more card-readers, one or more PIN entry pads and one or more biometric readers. À. e. À À À
. Whatever the capabilities of the terminal, it must be trusted. Both I. the organization and the cardholder will need to know that the device À:''.: has not been tampered with. For the consumer, they must have the confidence that their PIN or biometric will not be intercepted or stored by any third parties. À.e À. À À
À Àe Further, today's cryptographic technology offers a lot of benefits for an identification card system. However, in most cases using the technology can leave behind traces of uniqueness. This is unfortunate, because retailers and other organizations could collect these unique values as a new unique-key for marrying databases together.
The problem of unique values comes in when information is cryptographically packaged. In order to maintain a high degree of confidence in the system, data is often electronically sealed so that it cannot be tampered with. Once the data is packaged, it cannot be changed or refuted - not even by its owner. It is the cryptographic packaging that provides the trust in the system - it is essential but its very nature ensures that it uniquely identifies its owner.
Therefore, when a card terminal is to be used in an identification card scheme, there is a need to: - Protect the cardholders from modified counterfeit devices that can capture their PINs or biometric patterns; Perform online CRL checks and other data integrity checks of the cardholder's card, this would involve electronically communicating directly with the registration authority or their agent in a A cryptographically secure manner. À. À -e
The present invention clearly answers these needs by proposing a À:: secure card terminal.
This card-terminal act as an information broker. It accepts a package from one party, verifies the contents, and then reseals the information ÀÀ À À' into a new package before passing it onto the other party. In this way, the benefits of the cryptographic technology can be maintained while protecting the identity of the various parties. Additionally, the cardterminal can provide electronic, or even paper receipts of each transaction.
The invention will be further understood in connection with a detailed description of a practical example. Such an example is not limitative of the invention, which should have other forms of implementation.
Following the embodiment further described, each customers is provided with an identification card which allows him to access various organization (either public or private).
Such an identification card is equipped with an embedded cryptographic processor- a smart card. The cryptographic smart chip was built from the ground up to securely hold information. It also provides a sufficient amount of computer processing and memory for the proposed innovations.
The identification card stores, among other things, public- and private
. keys. The cardholder will find these keys very useful in electronic . transactions where he must prove his or her identity or electronically Àe sign documents. I. À..DTD: The card should be protected by the cardholder's personal identification number (PIN). This will allow a positive and culturally À# accepted means of approving operations on the card. À Àe
Some of the algorithms used to facilitate the functionality are already known. In particular, the application would use a cryptographic hash function at least in part.
Such an identification card store personal information on the customer such as his name, address and age. This card is to be presented for accessing various organizations (private or public), which need to access all or part of this personal information.
Such a card is therefore to read by a card terminal according the present invention, which equipped the organizations.
The concept of a card terminal, even one that is shared amongst those involved in a single transaction is assumed to be common knowledge.
In fact, the concept of a tamper-resistant device which facilitates the trusted exchange between parties is also known in the form of a vehicle tachometer. Especially those devices that are being built to support the new EU digital tachometer scheme.
Since the device itself is tamper-resistant and itself contains electronic credentials that could be revoked in case of suspicion, it ., becomes an active part of the trust hierarchy and can be trusted by À . the parties it interacts with. The cardholder can check that it is À.
unlikely to have been tampered with when inserting their card and À: .. .' before unlocking their own credentials.
In general the device would be tamper-resistant and contain a number of interfaces: À À. À 2 or more smart card readers À 1 or more PIN entry keypads À l or more biometric capture devices (e.g. fingerprint and rls) À A display for conveying messages À A network connection for communication with the trust network The device itself should have a number of automatic mechanisms for testing its own physical and logical integrity. It should also have a relatively short period of validity in the field, after which, it must be
inspected and re-authorized for field use.
It should have distinct and protected visual elements that readily identify itself to potential card holders.
It should have the ability to interact with a network, whether wired or wirelessly, to establish a secure connection to the trust authority. It will use this connection for performing Certificate Revocation List checks, posting electronic receipts, updating its own soft/frmware and other purposes.
. . Therefore, when the cardholder presents its card to the terminal, the A. card is read and a challenge is sent to the terminal, if the terminal as -e the correct certificates, he will be therefore able to decrypt the À :.' .: challenge and for example he will display the corresponding information on its screen. Then the cardholder will be able to verify that the terminal possesses the right certificates and therefore that he À.
is an authentic terminal.
The advantages of such a device is that it can facilitate authenticity checks on an individual's identification card, check that it has not been revoked and allow a highly-secure means of interacting with card applications (see other patent memos).
Further one of the key capabilities of this device is that it can act as a trusted information/transaction broker.
Typical electronic transactions that are in use today that must be confident will use PKI to raise the confidence levels of an exchange.
By digitally signing and encrypting the transaction, the system can provide CONFIDENTIALITY, INTEGRITY, AUTHENTICATION, AUTHORIZATION and NONREPUDIATION. Whilst these benefits are great for the transaction where the participants are already familiar with one another, it is not so good for people who wish to remain anonymous. This is because when electronically signing a document, some form of unique identifier is attached to the signature. This is usually the signer's certificate, but could simply be his/her public key as well. It could simply be an identifier to indicate to the recipient IS where to get the public- key/certificate. At the end of the day, the :^,.. recipient must have access to the public-key in order to verify the . A signature.
À This device could act as a trusted transaction broker in that it could receive the signer's signed message and extract the message, verify that the signature is valid, then verify that the certificate is still valid, Àe etc. It would then assert in a new message that the original message À (attached) was indeed signed by the signer and that some number of steps were taken to verify the signature and the credentials used.
This new message and the original would then be again signed by the trusted device and issued to the recipient.
I
In this way, the confidence of the original message would be maintained (to the level of trust of the device) but eliminate the unique IDs of the signer.
Today, a suitable alternative could be assembled with a trusted webserver over the internet. However, this may not be appropriate where all parties are physically in the same location in an environment not suitable for conventional computing equipment. Also, this setup would not convey the amount of trust to the cardholder that is I O required. À. Àe À À À À.. À À.e A:.

Claims (5)

1. Privacy enhanced method for a customer to communicate personal data to an organization he has access to, the method comprising the steps of: receiving a request for personal information from a requesting entity belonging to said organization; - sending an enciphered challenge to the requesting entity; - receiving from said requesting entity the response of the challenge; and - if such a response is correct then, transferring the personal information to the requesting entity.
2. The method of claim 1, wherein the requesting entity needs to use certificates from a certification authority to operate the challenge received from the customer. À À À À
À
3. The method of claim 1, wherein the requesting entity act as a trusted transaction broker in that it could receive the customer's Àee...
À 20 signed message and extract the message, verify that the signature is valid, then verify that the certificate is still valid, it would then assert À: À in a new message that the original message was indeed signed by the À...
. customer and that some number of steps were taken to verify the À À signature and the credentials used, this new message and the original would then be again signed by the requesting entity and issued to the recipient.
4. A system to implement the method of above claims 1 to 3, wherein said customer has a smart card to communicate with a terminal belonging to the requesting entity, said smart card storing personal data and an algorithm to operate the challenge query transmitted to the terminal, said terminal storing an algorithm and PKI certificate to display the response of said challenge.
5. The system of claim 4, wherein the terminal acts as a trusted transaction broker in that it comprises means for receiving the cardholder's signed message, means for extracting the message, means for verifying that the signature is valid, means for verifying that the certificate is still valid, and means to assert in a new message that the original message (attached) was indeed signed by the signer and that some number of steps were taken to verify the signature and the credentials used. Àe.. À À À À.- À
- Àee.e À À: À e.. À. À À À.
GB0301558A 2003-01-23 2003-01-23 A secure terminal for use with a smart card based loyalty scheme Withdrawn GB2397678A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB0301558A GB2397678A (en) 2003-01-23 2003-01-23 A secure terminal for use with a smart card based loyalty scheme
PCT/EP2004/050040 WO2004066227A1 (en) 2003-01-23 2004-01-23 Privacy enhanced card method and system comprising card and terminal for reading the card

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0301558A GB2397678A (en) 2003-01-23 2003-01-23 A secure terminal for use with a smart card based loyalty scheme

Publications (2)

Publication Number Publication Date
GB0301558D0 GB0301558D0 (en) 2003-02-26
GB2397678A true GB2397678A (en) 2004-07-28

Family

ID=9951668

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0301558A Withdrawn GB2397678A (en) 2003-01-23 2003-01-23 A secure terminal for use with a smart card based loyalty scheme

Country Status (2)

Country Link
GB (1) GB2397678A (en)
WO (1) WO2004066227A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1560173A1 (en) * 2004-01-30 2005-08-03 Giesecke & Devrient GmbH System with a terminal and a portable data carrier
WO2006092539A2 (en) 2005-03-03 2006-09-08 France Telecom Making secure data for customer loyalty programmes
WO2010065374A1 (en) * 2008-12-02 2010-06-10 Symbol Technologies, Inc. System and method for a secure transaction
US7787662B2 (en) 2005-07-04 2010-08-31 Sony Corporation Information processing system, information processing apparatus and method, and program

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0807911A2 (en) * 1996-05-15 1997-11-19 RSA Data Security, Inc. Client/server protocol for proving authenticity
US5721781A (en) * 1995-09-13 1998-02-24 Microsoft Corporation Authentication system and method for smart card transactions
US5955717A (en) * 1996-01-31 1999-09-21 Certicom Corp. Transaction verification protocol for Smart Cards
EP1208543A1 (en) * 1999-07-30 2002-05-29 Giesecke & Devrient GmbH Method, data carrier and system for authentication of a user and a terminal

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5241599A (en) * 1991-10-02 1993-08-31 At&T Bell Laboratories Cryptographic protocol for secure communications
EP0798673A1 (en) * 1996-03-29 1997-10-01 Koninklijke KPN N.V. Method of securely loading commands in a smart card
US6263436B1 (en) * 1996-12-17 2001-07-17 At&T Corp. Method and apparatus for simultaneous electronic exchange using a semi-trusted third party
FR2780177B1 (en) * 1998-06-17 2001-10-05 Schlumberger Ind Sa SOFTWARE PROTECTION SYSTEM
US20030005317A1 (en) * 2001-06-28 2003-01-02 Audebert Yves Louis Gabriel Method and system for generating and verifying a key protection certificate

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5721781A (en) * 1995-09-13 1998-02-24 Microsoft Corporation Authentication system and method for smart card transactions
US5955717A (en) * 1996-01-31 1999-09-21 Certicom Corp. Transaction verification protocol for Smart Cards
EP0807911A2 (en) * 1996-05-15 1997-11-19 RSA Data Security, Inc. Client/server protocol for proving authenticity
US6189098B1 (en) * 1996-05-15 2001-02-13 Rsa Security Inc. Client/server protocol for proving authenticity
EP1208543A1 (en) * 1999-07-30 2002-05-29 Giesecke & Devrient GmbH Method, data carrier and system for authentication of a user and a terminal

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1560173A1 (en) * 2004-01-30 2005-08-03 Giesecke & Devrient GmbH System with a terminal and a portable data carrier
WO2006092539A2 (en) 2005-03-03 2006-09-08 France Telecom Making secure data for customer loyalty programmes
US7787662B2 (en) 2005-07-04 2010-08-31 Sony Corporation Information processing system, information processing apparatus and method, and program
CN1897045B (en) * 2005-07-04 2010-12-22 索尼株式会社 Information processing system, information processing device and method
WO2010065374A1 (en) * 2008-12-02 2010-06-10 Symbol Technologies, Inc. System and method for a secure transaction

Also Published As

Publication number Publication date
WO2004066227A8 (en) 2005-06-16
GB0301558D0 (en) 2003-02-26
WO2004066227A1 (en) 2004-08-05

Similar Documents

Publication Publication Date Title
US5721781A (en) Authentication system and method for smart card transactions
US8340296B2 (en) Method and system for registering and verifying smart card certificate for users moving between public key infrastructure domains
CA2417770C (en) Trusted authentication digital signature (tads) system
US7925878B2 (en) System and method for creating a trusted network capable of facilitating secure open network transactions using batch credentials
US7552333B2 (en) Trusted authentication digital signature (tads) system
Taherdoost et al. Smart card security; Technology and adoption
US6711263B1 (en) Secure distribution and protection of encryption key information
US7165718B2 (en) Identification of an individual using a multiple purpose card
CN112106324A (en) Methods, computer program products and devices for creating, registering and verifying digitally stamped assets
US20020026578A1 (en) Secure usage of digital certificates and related keys on a security token
US20080250246A1 (en) Method for Controlling Secure Transactions Using a Single Multiple Dual-Key Device, Corresponding Physical Deivce, System and Computer Program
CN101022339A (en) Electronic sign stamp identifying method combined with digital centifi cate and stamp
TW200402224A (en) Biometric private key infrastructure
KR20080112395A (en) Privacy enhanced identity scheme using an un-linkable identifier
EP3350956B1 (en) Electronic voting using secure electronic identity device
EP3387783B1 (en) Secure electronic device with mechanism to provide unlinkable attribute assertion verifiable by a service provider
TWI666565B (en) Identity authentication system and method thereof
Shakiba et al. ESIV: an end-to-end secure internet voting system
GB2397678A (en) A secure terminal for use with a smart card based loyalty scheme
Bosworth et al. Entities, identities, identifiers and credentials—what does it all mean?
Nithyanand Securing personal RFID tags and infrastructures
Pohlmann Smart cards: The Authenticated Solution For E-business User
Zipfel et al. Secure E-Business applications based on the European Citizen Card
Kadambi CIS 6930 Cryptographic Protocols Notes on Digital Signatures and Applications October 7 2003 R Aditya Kadambi (rak@ cise. ufl. edu) 1. Digital Signatures
Laidi Using smart card in e-business applications: an e-business model

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)