RU2636694C2 - Method of message secure exchange organization - Google Patents

Abstract

FIELD: radio engineering, communication.SUBSTANCE: there is proposed a method of message secure exchange organization to perform a transaction between the terminal and a microprocessor card with a payment application stored in its memory in which the chain of certificates from the noted terminal is checked by the noted payment application; with a positive result of the verification of the noted chain of certificates, dynamic mutual authentication of the noted terminal and card is performed; with a positive result of the noted dynamic authentication secure message exchange keys are calculated in the noted payment application.EFFECT: increased security of the message exchange channel between the microprocessor card and the payment application and the terminal.4 cl, 5 dwg

Description

FIELD OF THE INVENTION

This invention relates generally to transaction methods, and in particular, to a method for organizing secure messaging during a transaction between a terminal and a microprocessor card.

State of the art

The implementation of transactions on a secure channel between the terminal and the microprocessor card is described in various documents.

So, in the patent of the Russian Federation 2404520 (publ. 20.11.2010) describes the transfer of a signing key to complete a transaction through a secure communication channel. In the patent of the Russian Federation 2546549 (publ. 10.04.2015) discloses the transaction through a secure communication channel between the protective element of the card, which contains the payment application of the client, and the protective element of the mobile communication terminal.

US Pat. No. 7693797 (published April 6, 2010) describes a method in which a provider uses shared secrets and seed numbers in a hashed machine address code with secret keys to generate a list of authentication tokens containing a username and password for sales. Shared secrets and seed numbers are also shared on local devices to generate the same list. The user receives an authentication token from the local device and presents it to the remote provider.

US patent 8601266 (publ. 03.12.2013) (see also patent application RF 2012139270, publ. 03.20.2014) discloses a method in which a user's payment device sends a communication request, and the mobile gateway sends a call message in response. The response of the user device is sent to the key management center, which verifies the call response message and allows the transaction to be carried out through a secure channel.

Chinese application 102457842 (published May 16, 2012) describes a method in which an international mobile subscriber identifier is associated with a mobile phone number of a terminal and authentication information is generated. The transaction message received from the terminal is encrypted with authentication information using pre-generated dynamic encryption keys and sent to the bank side, where the message is decrypted and authenticated.

The disadvantage of all these and many other analogs is their complexity, as well as the insufficient security of the resulting channel, since the organization of a secure channel between the terminal and the microprocessor card is implemented with the participation of a third party (server).

Disclosure of invention

The problem to which the present invention is directed is to simplify the implementation and increase the security of the messaging channel between the microprocessor card with the payment application and the terminal.

To solve this problem and achieve the technical result, the present invention provides a method for organizing secure messaging for transactions between a terminal and a microprocessor card with a payment application recorded in its memory, in which, after passing through the mutual authentication procedure of the terminal and the microprocessor card, it is verified by the payment application on a microprocessor card, a chain of certificates from the terminal; with a positive result of the certificate chain verification, they perform dynamic mutual authentication of the terminal and the payment application on the card; if the result of dynamic authentication is positive, secure messaging keys are calculated in the payment application on the microprocessor card.

A feature of the method of the present invention is that when checking the chain of certificates, the public key P _{TERM-ISS of the} issuer of this terminal and the private key S _{TERM of} this terminal are written to the terminal in advance; the public key P _{TERM-CA of} the terminal issuer certification center is recorded in advance in the memory of the card; they transfer from the terminal to the card payment application a certificate of the terminal issuer signed on the private key S _{TERM-CA of} the certification center of terminal issuers and containing the public key P _{TERM-ISS of the} issuer of this terminal; verify by the payment application of the card the correct signature of the transferred certificate of the terminal issuer using the public key P _{TERM-CA of} the certification center of terminal issuers and, if this test is successful, store the public key P _{TERM-ISS of the} issuer of this terminal in the memory of the card; send from the terminal to the card payment application the certificate of this terminal, signed on the private key S _{TERM-ISS of the} issuer of this terminal and containing the public key P _{TERM of} this terminal; verify by the payment application of the card that the signed certificate of the terminal is signed correctly using the stored public key P _{TERM-ISS of the} issuer of this terminal and, if this test is successful, store the public key P _{TERM of} this terminal in the memory of the card.

Another feature of the method of the present invention is that with mutual dynamic authentication: if the terminal issuer certificate and the terminal certificate are verified positively, the terminal reads the public key P _{ICC of the} payment application written to the card’s memory when the payment application was installed in it; requesting a random UN _ICC number from the card payment application from the terminal; calculating a digital signature value for a random UN _ICC number in the terminal using the S _TERM private key of the terminal and sending the calculated digital signature value to the card payment application; create the SV _TERM secret in the terminal and send its value ESV _TERM , encrypted on the public key P _ICC , to the card payment application; in the payment application of the card, verify the digital signature received from the terminal using the public key P _TERM stored in the memory of the card; if the digital signature verification result is positive, the secret of SV _{TERM is} decrypted in the payment application from the obtained ESV _TERM value using the private key S _{ICC of} this payment application, which is recorded in the card’s memory when the payment application is installed in it; create the SV _ICC secret in the payment application and send the ESV _ICC value encrypted on the public key P _TERM to the terminal; The secure messaging session key is calculated in the payment application using the secrets of SV _ICC and SV _TERM .

Finally, another feature of the method of the present invention is that for any result of any verification carried out by the payment application, a notification signal is sent to the terminal about this result.

Brief Description of the Drawings

The present invention is illustrated by the attached drawings.

In FIG. 1 shows a general block diagram of an algorithm according to which the present invention is implemented.

In FIG. 2 shows a diagram of an application public key infrastructure.

In FIG. 3 shows a diagram of a public key infrastructure of a terminal.

In FIG. 4 is a flowchart of a terminal certificate chain verification algorithm.

In FIG. 5 is a flowchart of a terminal dynamic authentication algorithm.

Detailed Description of Embodiments

The present invention relates to methods for performing non-cash transactions using payment microprocessor cards. It can be either cards of the National Payment Card System (NSPK), or any other card that contains a microcircuit (“chip”), which includes a processor (microprocessor), memory and input-output devices (contact or non-contact) as it is known to specialists. Transactions are carried out using such payment microprocessor cards that interact with any type of terminal, in particular with a terminal that is equipped with at least interconnected processor, memory and input-output means, including a payment card reader, which is also known to specialists , or with a virtual terminal representing an external Internet gateway, for example, a server of a supplier of goods (services), a server of an issuer of payment cards, a virtual POS terminal, etc.

In some cases, the transaction requires the establishment of a secure communication channel between the interacting terminal and the payment card for secure messaging (AIA). It is the method of organizing such a communication channel that is the subject of the present invention.

A method of organizing secure messaging for a transaction between a terminal and a microprocessor card with the payment application of the present invention recorded in its memory includes the following steps (Fig. 1).

When initializing a payment application recorded in the memory of the microprocessor card, this payment application starts the process of mutual authentication of the terminal and the microprocessor card interacting in this transaction with the payment application recorded in its memory, for which the payment application in the card notifies the terminal of the need for mutual authentication (step 101) . In response to this, the terminal sends a certificate chain to the card payment application, and the payment application in the card checks this certificate chain (step 103). If the result of this check is positive, dynamic mutual authentication of the terminal and the payment application on the card is performed (step 105). If the result of this check is positive, the secrets of the card and the terminal are exchanged and the session key of the secure messaging is generated (step 107). Using this key enables the installation of secure messaging between the payment application on the microprocessor card and the terminal.

Before proceeding to the possible options for the implementation of these operations, you should dwell on the use of the mentioned keys and certificates. For this, we turn to the diagrams in FIG. 2 and 3.

Both of these drawings illustrate the public key infrastructure of the payment application and terminal. In the present invention, encryption and decryption are performed using symmetric cryptographic algorithms known to those skilled in the art. As shown in FIG. 2, the Card Certification Authority (for example, the NSPK Card Certification Authority) generates PICC-CA public keys for the payment application, which are stored in the terminal's memory when it is personalized, and SICC-CA private keys for the payment application, on which C _ICC certificates allowing exchange are signed _-ISS for the payment application. These C _ICC-ISS certificates are transferred to the card issuer and entered into the payment application when it is personalized in the card. In addition, the card issuer generates the public key P _ICC-ISS and the private key S _ICC-ISS , on which the C _ICC certificate is signed, which is entered into the payment application when it is personalized in the card. The C _ICC certificate _is verified using the _ICC-ISS C certificate. The public key P _ISS and the private key S _ICE are also recorded in the memory of the card, the purpose of which is explained below.

Similarly (Fig. 3), the Terminal Issuers Certification _Authority (for example, the NSPK certification center) generates public keys _{T TERM-CA of} the certification center for issuers of terminals that are stored in the memory of the microprocessor card when it is personalized, and private keys S _TERM-CA , on which exchange permissions C _TERM-ISS for the terminal are signed. These C _TERM-ISS certificates are transferred to the terminal issuer and are entered into the terminal memory when it is personalized. In addition, the terminal issuer generates the public key P _TERM-ISS and the private key S _TERM-ISS , on which the C _TERM certificate is signed, which is entered into the payment application when it is personalized in the card. The C _TERM certificate is verified using the C _TERM-ISS certificate. The memory card also contains the public key P _TERM and the private key S _TERM , the purpose of which is explained below.

Let us now return to the flowchart of FIG. 1 and consider in more detail the steps 103 and 107 illustrated respectively in FIG. 4 and FIG. 5. In both flowcharts of FIG. 4 and FIG. 5 in the upper part, separated by a dash-dot horizontal line, the sides of the transaction are marked in the form of rectangles “Card with payment application” and “Terminal” and under each of these rectangles the actions performed on the corresponding side are shown.

In FIG. 4 dotted rectangles indicate actions performed in advance before any transactions begin. This is action 401, in which the public key P _TERM-CA (at least) is written to the memory of the card, and action 403, in which the public keys P _TERM-ISS and P _{TERM are} written to the terminal memory.

Act 405 to notify the terminal about the need for mutual authentication is actually carried out at step 101 (Fig. 1), when the mutual authentication of the terminal and the microprocessor card is started. Upon receipt of this notification, the terminal signs on a private key S _{TERM-CA of} the terminal certification center a terminal issuer certificate containing the public key P _{TERM-ISS of} the terminal, and this terminal issuer certificate is sent to the microprocessor card payment application (step 407).

Upon receipt of this certificate, the payment application verifies the signature of the forwarded terminal issuer certificate using the public key P _{TERM-CA of} the terminal issuer certification center stored in the memory of this card (step 409). If the result of this check is positive (step 410), the payment application saves the public key P _TERM-ISS (step 411) in the memory of this card and notifies the terminal about this (message “OK”). Those skilled in the art will understand that if the result of this check is negative, the transaction is rejected (step 430).

Upon receipt of a notification from the card about the positive result of the verification of the first certificate in the chain, the terminal signs on a private key S _{TERM-ISS of} this terminal a certificate of this terminal containing the public key P _{TERM of} this terminal and sends this terminal certificate to the card (step 413).

After receiving the second certificate in the chain, the payment application verifies the signature of the transferred terminal certificate using the public key P _TERM-ISS stored in the memory of the card at step 411 (step 415) and, if this test is successful (step 416), the public key P is stored in the memory of the card _TERM (step 417). In addition, the terminal is notified of the positive result of this check (“OK” message). As understood by those skilled in the art, if the result of this check is negative, the transaction is rejected (step 430).

Of course, experts understand that certificate chain validation can be done differently. For example, there can be more than two certificates, and they can be sent from the terminal to the card without receiving an OK message. It is important here that certificate chain validation improves the reliability of terminal authentication.

In FIG. 5 dotted rectangles indicate actions performed in advance before any transactions begin. This is step 501, in which the public key P _ICC and the private key S _{ICC are} recorded in the memory of the card, and step 503, in which the public key P _TERM and the private key S _{TERM are} written into the memory of the terminal.

Act 505 to notify the terminal about the success of the verification of the certificate chain is actually carried out at step 105 (Fig. 1), when the dynamic authentication of the terminal and card is started. After receiving this message from the card about the positive result of the verification of the certificate chain, the public key P _{ICC of the} payment application is written to the terminal, recorded in the memory of the card when the payment application was installed in it (step 507). After that, the terminal asks the payment application for a random UN _ICC number (step 509). This random number is forwarded from the card payment application to the terminal (step 511).

In the terminal, for the mentioned random number UN _ICC , the digital signature value is calculated using the private key S _{TERM of} this terminal (step 513) and the calculated digital signature value is sent to the payment application. In addition, an SV _TERM secret is created in the terminal and encrypted with the public key P _ICC (step 515), after which the encrypted ESV _TERM value is sent to the payment application.

In the payment application, the digital signature received from the terminal is verified using the public key P _TERM stored in the card's memory (step 517). If the digital signature verification result is positive (step 518), the value of the SV _TERM secret is decrypted in the payment application using the private key S _{ICC of} this payment application, which is recorded in the card’s memory when the payment application is installed in it (step 519). Then, in the payment application, they create their SV _ICC secret and encrypt it on the public key P _TERM (step 521), after which their ESV _ICC value is sent to the terminal.

At step 523, secure messaging session keys (SIAs) are calculated in the payment application using the secrets SV _ICC and SV _TERM . Reference numeral 525 denotes a step in which the secrets SV _ICC and SV _TERM are used to compute the AIA keys in the terminal.

Those skilled in the art will understand that dynamic mutual authentication of a terminal and a payment application can be performed differently than described here. For example, a random number can also be requested by a payment application, then verification of the digital signature will be carried out in the terminal. However, these details should not obscure the main thing: although the use of dynamic authentication is known (see, for example, application for US patent 2011/0270757, publ. 11/03/2011; see also patent application RF 2012139268, publ. 05.20.2014), application This mechanism in this method, together with checking the chain of certificates, gives a significant increase in security when exchanging messages between the terminal and the payment card.

The examples given in the present description of the possible implementation of certain actions and the whole method as a whole are purely illustrative and do not limit the scope of the invention defined only by the attached claims taking into account equivalents.

Claims (4)

1. A method of organizing secure messaging for a transaction between a terminal and a microprocessor card with a payment application recorded in its memory, in which the said certificate is verified by the payment application from the terminal; if the verification result of the said certificate chain is positive, dynamic mutual authentication of the mentioned terminal and card is carried out; with a positive result of said dynamic authentication, secure messaging keys are calculated in said payment application. 2. The method according to claim 1, wherein during said verification of the certificate chain, the public key P _{TERM-ISS of the} issuer of this terminal and the secret key S _{TERM of} this terminal are stored in advance in the memory of said terminal; the public key P _{TERM-CA of} the certification center of terminal issuers is written to the memory card in advance; a terminal issuer certificate is sent from said terminal to said card, signed on the private key S _{TERM-CA of} the certification center of terminal issuers and containing the public key P _{TERM-ISS of the} issuer of this terminal; verify by the said payment application the signature of the forwarded terminal issuer certificate using the mentioned public key P _{TERM-CA of} the terminal issuers certification authority and, if this test is successful, store the mentioned public key P _TERM-ISS in the memory of the card; send from the terminal to the mentioned card a certificate of this terminal, signed on the private key S _{TERM-ISS of} this terminal and containing the public key P _{TERM of} this terminal; verify by the said payment application the signature of the forwarded terminal certificate using the stored public key P _TERM-ISS and, if this test is successful, store the mentioned public key P _TERM in the memory of the card. 3. The method according to claim 1, wherein with said mutual dynamic authentication, if the verification of said terminal issuer certificate and said terminal certificate is positive, the said terminal reads the public key P _{ICC of the} said payment application recorded in the memory of the card when the said payment application is installed into it ; requesting from said terminal from said payment application a random UN _ICC number; calculating, in said terminal, a digital signature value for said random UN _ICC number using the private key S _{TERM of} that terminal and sending the calculated digital signature value to said payment application; create an SV _TERM secret in said terminal and encrypt this secret on said public key P _ICC , receiving an ESV _TERM value, and sending said ESV _TERM value to said payment application; in the payment application, verify the digital signature received from the terminal using the public key P _TERM stored in the memory of the card; if the said digital signature verification result is positive, the said secret SV _{TERM is} decrypted in the said payment application from the received ESV _TERM value using the private key S _{ICC of} this payment application, which is recorded in the memory of the card when the said payment application is installed in it; create SVicc secret in said payment application and encrypt this secret on said public key P _TERM , receiving ESV _ICC value, and sending said ESV _ICC value to said terminal; said secure messaging keys are calculated in said payment application using said secrets SV _ICC and SV _TERM . 4. The method according to claim 2 or 3, in which for any result of any verification carried out by said payment application, a notification signal is sent to said terminal about this result.

Images