WO2000030049A1 - Procede de controle d'utilisation d'une carte a puce - Google Patents
Procede de controle d'utilisation d'une carte a puce Download PDFInfo
- Publication number
- WO2000030049A1 WO2000030049A1 PCT/FR1999/002782 FR9902782W WO0030049A1 WO 2000030049 A1 WO2000030049 A1 WO 2000030049A1 FR 9902782 W FR9902782 W FR 9902782W WO 0030049 A1 WO0030049 A1 WO 0030049A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- card
- counter
- key
- transaction
- authentication
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/409—Device specific authentication in transaction processing
- G06Q20/4097—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
- G06Q20/40975—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1025—Identification of user by a PIN code
- G07F7/1083—Counting of PIN attempts
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2207/00—Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F2207/72—Indexing scheme relating to groups G06F7/72 - G06F7/729
- G06F2207/7219—Countermeasures against side channel or fault attacks
Definitions
- the present invention relates to a method for controlling a smart card. It applies more particularly to cards implementing cryptography algorithms using keys or key pairs in authentication sessions, during transactions between the card and a terminal.
- Terminal means both the terminal into which the card is inserted, such as a payment terminal at a merchant, as well as a server of a bank to which this payment terminal can be connected during a so-called transaction. by direct link, according to a transaction mode called "online" in Anglo-Saxon literature. This is particularly the case for bank cards (debit / credit card), for transactions involving an amount that exceeds a certain threshold and in which the terminal automatically connects to the server for additional checks before accepting the transaction .
- terminal means any external system to which the card is connected during a transaction.
- the invention applies in particular, but not exclusively, to smart cards of the electronic purse type, which are disposable or rechargeable means of payment.
- cryptographic algorithms are used, which use keys.
- authentication session is meant all of the operations aimed at having the card and the terminal calculate a signature (or a certificate) corresponding to the application of a cryptography algorithm on a piece of data which may be imposed by either or a mixture of card and terminal data, and comparing the two signatures. If this comparison is made by the card, it is authentication by the card, which receives the signature calculated by the terminal. If it is an authentication by the terminal, it is the opposite.
- DPA attack for differential power analysis
- DPA attack is based on the fact that we have current consumption signatures from which, if we know at least the data applied as input or the data obtained as output, we is able, by making assumptions on the keys, to find the value or a part of the value of a key which was used in the cryptographic calculation considered.
- the card calculates a signature SI and / or a signature S2, by applying the cryptography algorithm to a datum, generally imposed by the card, and with the session key SKX.
- the terminal calculates corresponding signatures, and depending on the type of transaction, either the terminal is authenticated by the card, or the card is authenticated by the terminal. There is therefore transmission of data and associated signatures during authentication sessions.
- Knowing a session key allows you to replay a transaction, using a fake card (a clone) or a simulator.
- the object of the invention is to prevent this type of fraud.
- An object of the invention is thus to prevent the collection of current consumption measurements.
- a solution to the technical problem of the invention consists in using a control counter in the card, to count (or count) these failures, and to prohibit the use of the card when a certain number of failures are recorded.
- the invention therefore relates to a control method according to claim 1.
- the control counter is decremented by one. It is only incremented with this unit if the authentication is successful.
- the check counter is incremented by one and is only then decremented by this unit if the authentication session is successful.
- a check counter is used per key and / or per pair of encryption keys used in the card.
- the control counter according to the invention can count down from, or count up to a blocking value N representative of the number of authorized failures.
- This blocking value N depends on the type of transactions in which the key or the associated key pair is used. This value corresponds to a authorized number of failed or aborted transactions. In particular, it takes into account the level of security to be associated with the transaction, ie the risk incurred by fraud on this key or this pair of keys.
- a transaction for updating card parameters these parameters possibly being the expiration date, the very values of the keys, a maximum amount for a transaction ..., a fairly low value of N is expected, since a very high degree of security must be associated with such a transaction and few usage errors can occur for this type of transaction.
- purchase operations or cancellation of purchases for which a certain number of incidents during the "normal" use of the card may occur, due in particular to errors of use by the holder , a higher value is expected.
- FIG. 2 is a general diagram of the resources of a card of this type, comprising control counters according to the invention.
- FIGS. 3 to 5 are flowcharts of typical transactions in an electronic purse application implementing the method of controlling use according to the invention.
- the general principle of the invention is to use at least one control counter which will be decremented, or incremented by one at the start of the transaction between a terminal and a card, and which will not increment, or decrement only after an authentication session by the card, if this session is successful.
- the counter is systematically decremented at the start of each transaction and re-incremented under conditions.
- the counter is initialized to a blocking value N, representative of the number of authorized failures which is in particular a function of the application. If many transactions are started without allowing successful authentication by the card, either the transaction has been interrupted (case of pull out), or that the data sent to the card to allow authentication by the card are false (case of '' a simulator used in place of a real terminal), the counter which is decremented with each new transaction, but which is not re-incremented in all cases of authentication authentication failures by the card, ends up reaching zero. The use of the card is then blocked.
- FIG. 2 schematically represents the resources of a smart card of the electronic purse type, to which the control method of the invention can be applied.
- this memory mainly contains a microprocessor ⁇ p, and memory resources including a ROM read-only memory, containing in practice the program code, a dynamic memory RAM as working memory and a non-volatile memory of EEPROM type for example, which contains in practice sensitive parameters. (in the security sense) of the card, including counters.
- this memory notably contains three secret keys denoted KDP, KDL and KDU, three associated session counters, denoted NTP, NTL and NTU, and three associated control counters according to the invention, denoted C KDp , C, C KD ( ,.
- This memory contains other parameters. Some can be updated by an external system, by an update transaction, according to a secure procedure. Recall that in an electronic purse card, three types of transactions are possible and each type of transaction corresponds to an associated secret key. We thus have the following types of transaction: - Purchase or purchase cancellation with the associated secret key, noted KDP;
- a purchase transaction includes a first initialization phase which is normally limited to sending an order by the terminal to the card, to specify the type of transaction. This command is usually worded as follows, in Anglo-Saxon literature: INIT FOR PURCHASE.
- the microprocessor then connects to the address of the program code corresponding to this type of transaction.
- the card compares the two signatures. If they are comparable, the authentication is successful, the control counter according to the invention is then incremented by the value u. Otherwise, it is unchanged. The transaction can then continue.
- control counter will make it possible to block any use of the card for a purchase type transaction.
- FIG. 4 shows a flowchart of operation of the card for the transaction of type cancellation of purchase, which therefore uses the same secret key KDP.
- the initialization phase initiated by a terminal initialization command includes, in addition to the decrementation of a unit u of the counter of control
- the card transmits to the terminal, this data and the signature SI, to allow the terminal to authenticate the card.
- This authentication by the terminal is not the subject of any response from the terminal.
- the card goes to the processing phase in which it in turn authenticates the terminal, as before.
- the signature S2 is generally calculated on zero.
- the card therefore calculates the corresponding signature S2 with the session key KDP. It receives the signature S2 calculated by the terminal and performs the comparison of the two signatures. If they are comparable, the authentication session is successful.
- the control counter according to the invention is re-incremented by the unit u. Otherwise, the check counter is unchanged. The transaction continues.
- the card performs two cryptographic calculations up to and including that of the authentication session with the card, the calculation of the signature SI and the calculation of the signature S2.
- This decrementation can be done at once, by a unit u representative of this number of calculations performed for this transaction.
- the value taken by u for this transaction could be initialized in the initialization phase, following the command of the "INIT FOR" type.
- This decrementation in several times, by decrementing the counter by one unit before each calculation, in the example, before the calculation of the signature SI and before the calculation of the signature S2. In this case, provision will be made to test the limit value on the counter after each decrementation.
- a time counter associated with the control counter is then provided, initialized to zero at the start of the transaction and which, for example, is incremented at each time the control counter is decremented.
- D KDp a time counter associated with the control counter
- FIG. 5 represents an operating flow diagram for another type of transaction, that of updating. It is relatively similar to the previous ones, but the authentication by the card is done here on the signature noted SI.
- the check counter is decremented at the start of the transaction. It is only re-incremented, if it can be, after a card authentication session.
- the flowcharts in Figures 3 to 5 show only some of the operations performed during the transaction, for the explanation of the method according to the invention. In practice, other operations are carried out.
- the current session key or the previous session key is used to calculate the signatures. After calculating the session key, the session counter must be incremented ... All these aspects are specific to the application itself and have no interest in the implementation of the control process according to the invention.
- the different control counters must be initialized to a blocking value N that is well chosen. This value must take into account the type of associated transactions, the corresponding security level to be implemented but also possible errors in progress "normal" use by the card holder: it is not a question of blocking the use of the card when the holder has not sought to fraud.
- N a blocking value
- a variant of the control method according to the invention consists in incrementing the counter at each session and in decrementing it only under condition (authentication by the card successful).
- the counter is initialized to zero, and the limit value, to which the content of the counter is compared, is equal to the blocking value N. All that has been described previously applies to this variant of the invention.
- the control method according to the invention applies to any type of smart card as soon as it performs an authentication session.
- This authentication session can be based on a secret key cryptography algorithm, for example of the DES type, as explained in the case of the electronic wallet card, but also algorithms of other types, such as the type algorithms.
- RSA using a couple of keys (private key, public key) for example.
- the term “smart card” means both well-known format cards and portable media.
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Accounting & Taxation (AREA)
- Theoretical Computer Science (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Computer Networks & Wireless Communication (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP99972341A EP1131800A1 (fr) | 1998-11-18 | 1999-11-12 | Procede de controle d'utilisation d'une carte a puce |
AU11672/00A AU1167200A (en) | 1998-11-18 | 1999-11-12 | Method for controlling the use of a smart card |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR9814497A FR2786007B1 (fr) | 1998-11-18 | 1998-11-18 | Procede de controle d'utilisation d'une carte a puce |
FR98/14497 | 1998-11-18 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2000030049A1 true WO2000030049A1 (fr) | 2000-05-25 |
Family
ID=9532876
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/FR1999/002782 WO2000030049A1 (fr) | 1998-11-18 | 1999-11-12 | Procede de controle d'utilisation d'une carte a puce |
Country Status (5)
Country | Link |
---|---|
EP (1) | EP1131800A1 (fr) |
CN (1) | CN1333904A (fr) |
AU (1) | AU1167200A (fr) |
FR (1) | FR2786007B1 (fr) |
WO (1) | WO2000030049A1 (fr) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004046897A1 (fr) * | 2002-11-04 | 2004-06-03 | Giesecke & Devrient Gmbh | Procede pour proteger un support de donnees portable |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2853785B1 (fr) * | 2003-04-09 | 2006-02-17 | Oberthur Card Syst Sa | Entite electronique securisee avec compteur modifiable d'utilisations d'une donnee secrete |
DE10360998B4 (de) * | 2003-12-23 | 2008-09-04 | Infineon Technologies Ag | Schutz von Chips gegen Attacken |
JP4616611B2 (ja) | 2004-10-08 | 2011-01-19 | 富士通株式会社 | 生体認証装置 |
US7630924B1 (en) * | 2005-04-20 | 2009-12-08 | Authorize.Net Llc | Transaction velocity counting for fraud detection |
FR3030826B1 (fr) * | 2014-12-18 | 2018-01-19 | Idemia France | Procede de securisation d'un dispositif electronique, et ledit dispositif electronique |
FR3061586A1 (fr) * | 2016-12-30 | 2018-07-06 | Idemia France | Procede de controle d'habitudes d'utilisation et dispositif electronique apte a mettre en œuvre un tel procede |
CN111292089A (zh) * | 2020-02-12 | 2020-06-16 | 北京智慧云测科技有限公司 | 一种psam卡防护管理方法和psam卡 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0157303A2 (fr) * | 1984-03-31 | 1985-10-09 | Kabushiki Kaisha Toshiba | Dispositif de traitement de données |
GB2188762A (en) * | 1986-04-04 | 1987-10-07 | Philip Hall Bertenshaw | Secure data communication system |
EP0481882A1 (fr) * | 1990-10-19 | 1992-04-22 | Gemplus Card International | Procédé pour la ratification de codes secrets pour cartes à mémoire |
EP0626662A1 (fr) * | 1993-05-26 | 1994-11-30 | Gemplus Card International | Puce de carte à puce munie d'un moyen de limitation du nombre d'authentifications |
EP0789335A2 (fr) * | 1996-02-07 | 1997-08-13 | Deutsche Telekom AG | Méthode de décompte pour systèmes à porte-monnaie électroniques avec des cartes à puce |
-
1998
- 1998-11-18 FR FR9814497A patent/FR2786007B1/fr not_active Expired - Fee Related
-
1999
- 1999-11-12 EP EP99972341A patent/EP1131800A1/fr not_active Withdrawn
- 1999-11-12 AU AU11672/00A patent/AU1167200A/en not_active Abandoned
- 1999-11-12 CN CN 99815625 patent/CN1333904A/zh active Pending
- 1999-11-12 WO PCT/FR1999/002782 patent/WO2000030049A1/fr not_active Application Discontinuation
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0157303A2 (fr) * | 1984-03-31 | 1985-10-09 | Kabushiki Kaisha Toshiba | Dispositif de traitement de données |
GB2188762A (en) * | 1986-04-04 | 1987-10-07 | Philip Hall Bertenshaw | Secure data communication system |
EP0481882A1 (fr) * | 1990-10-19 | 1992-04-22 | Gemplus Card International | Procédé pour la ratification de codes secrets pour cartes à mémoire |
EP0626662A1 (fr) * | 1993-05-26 | 1994-11-30 | Gemplus Card International | Puce de carte à puce munie d'un moyen de limitation du nombre d'authentifications |
EP0789335A2 (fr) * | 1996-02-07 | 1997-08-13 | Deutsche Telekom AG | Méthode de décompte pour systèmes à porte-monnaie électroniques avec des cartes à puce |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004046897A1 (fr) * | 2002-11-04 | 2004-06-03 | Giesecke & Devrient Gmbh | Procede pour proteger un support de donnees portable |
Also Published As
Publication number | Publication date |
---|---|
FR2786007A1 (fr) | 2000-05-19 |
CN1333904A (zh) | 2002-01-30 |
EP1131800A1 (fr) | 2001-09-12 |
FR2786007B1 (fr) | 2001-10-12 |
AU1167200A (en) | 2000-06-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP0496656B1 (fr) | Procédé d'échange de droits entre cartes à microprocesseur | |
EP0414314B1 (fr) | Procédé de génération de nombre unique pour carte à micro-circuit et application à la coopération de la carte avec un système hÔte | |
EP0252849B1 (fr) | Procédé pour authentifier une donnée d'habilitation externe par un objet portatif tel qu'une carte à mémoire | |
EP1290647B1 (fr) | Procede de cryptographie et microcircuit pour carte a puce | |
WO2001095274A1 (fr) | Procede de securisation de la phase de pre-initialisation d'un systeme embarque a puce electronique, notamment d'une carte a puce, et systeme embarque mettant en oeuvre le procede | |
EP1807967B1 (fr) | Procede de delegation securisee de calcul d'une application bilineaire | |
FR2893797A1 (fr) | Personnalisation d'une carte bancaire pour d'autres applications | |
CA2296009A1 (fr) | Procede de gestion d'un terminal securise | |
WO2000030049A1 (fr) | Procede de controle d'utilisation d'une carte a puce | |
FR3098947A1 (fr) | Procédé de traitement d’une transaction émise depuis une entité de preuve | |
EP1399896B1 (fr) | Procede cryptographique pour la protection d'une puce electronique contre la fraude | |
EP2614491A1 (fr) | Procede simplifie de personnalisation de carte a puce et dispositif associe | |
FR3030825A1 (fr) | Procede d'envoi d'une information de securite et dispositif electronique apte a mettre en oeuvre un tel procede | |
EP0829831B1 (fr) | Méthode d'authentification de cartes | |
EP3340098B1 (fr) | Procédé pour la sécurité d'une opération électronique avec une carte à puce | |
WO2010106042A1 (fr) | Procédé de production de données de sécurisation, dispositif et programme d'ordinateur correspondant | |
WO2023099496A1 (fr) | Procédé de traitement de preuve numérique, système et programme correspondant | |
EP3825882A1 (fr) | Procede et systeme pour le provisionnement ou remplacement securise d'un secret dans au moins un dispositif de communication portable | |
WO1998044464A1 (fr) | Procede de certification d'un cumul dans un lecteur | |
FR2749413A1 (fr) | Procede de stockage des unites de valeur dans une carte a puce de facon securisee et systeme de transaction monetaire avec de telles cartes | |
WO2017077210A1 (fr) | Procédé de verification d'identité lors d'une virtualisation | |
FR2834842A1 (fr) | Procede d'authentification d'un objet portable informatise par un terminal, systeme mettant en oeuvre le procede, terminal utilise dans le procede et objet portable utilise dans le procede | |
FR3025341A1 (fr) | Securisation de cles de cryptage pour transaction sur un dispositif depourvu de module securise | |
FR2897705A1 (fr) | Mise a jour d'une carte a puce |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 99815625.6 Country of ref document: CN |
|
ENP | Entry into the national phase |
Ref document number: 2000 11672 Country of ref document: AU Kind code of ref document: A |
|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH GM HU ID IL IN IS JP KE KG KP LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 1999972341 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 09856269 Country of ref document: US |
|
WWP | Wipo information: published in national office |
Ref document number: 1999972341 Country of ref document: EP |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 1999972341 Country of ref document: EP |