WO2001082167A1 - Method and device for secure transactions - Google Patents

Method and device for secure transactions Download PDF

Info

Publication number
WO2001082167A1
WO2001082167A1 PCT/SE2001/000563 SE0100563W WO0182167A1 WO 2001082167 A1 WO2001082167 A1 WO 2001082167A1 SE 0100563 W SE0100563 W SE 0100563W WO 0182167 A1 WO0182167 A1 WO 0182167A1
Authority
WO
WIPO (PCT)
Prior art keywords
card
identification data
personal identification
data
terminal
Prior art date
Application number
PCT/SE2001/000563
Other languages
French (fr)
Inventor
Lars Philipson
Original Assignee
Philipson Lars H G
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Philipson Lars H G filed Critical Philipson Lars H G
Priority to AU2001242946A priority Critical patent/AU2001242946A1/en
Publication of WO2001082167A1 publication Critical patent/WO2001082167A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/257Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically

Definitions

  • the field of this invention is authorization and authentication of a user during a transaction involving a stationary terminal or PC and possibly remote servers on a computer network.
  • One of the means to provide security in such a situation is to use cryptography.
  • Symmetric encryption uses a secret key that is used both for encryption end decryption. This key has to be distributed beforehand to both parties and kept secret at all times.
  • Asymmetric, or public key, encryption schemes uses a pair of keys where one can be public and the other must be secret. This makes key distribution much easier since the public key can be published and made available for instance over Internet.
  • Smartcards (sometimes called IC cards) solve the problem of keeping the keys secret even if the card is lost.
  • IC cards By encapsulating memory and processor into one tamper-resistant microchip and using PIN- codes and cryptography to protect access to the keys, a lost or stolen card cannot be used by any unauthorized person.
  • the IC card When used the IC card is inserted into a stationary terminal having input means for entering the PIN code
  • the stationary terminal is a possible security leak.
  • the user carries a set of smartcards and for every transaction inserts one of them in a smartcard reader. The reader could be connected e.g. to a point-of-sales terminal, an ATM machine, or to a personal computer.
  • the user In order to unlock the card the user provides a PIN-code or a biometric sample (e.g. a fingerprint).
  • a biometric sample e.g. a fingerprint
  • the device to do this is part of the card reader or terminal equipment. It is technically possible to manipulate such equipment to break the security. For instance, the PIN-code or biometric sample could be recorded and used later.
  • the system disclosed in US5917913 solves this problem by providing the user with a portable electronic authorization device. All communication with the stationary terminal is encrypted and the user has full control of the reader, keyboard etc. This provides necessary conditions to prevent un- authorized access to information during a transaction. However, in a system according to US5917913 there is a problem of keeping the keys secret if the device is lost or stolen.
  • the invention comprises a mobile terminal with a single built-in smartcard optionally capable of replacing a number of separate smartcards.
  • the terminal contains means for user interaction and for communication with another terminal, that may be stationary or mobile (in the following called the stationary terminal). Communication between the mobile and the stationary terminals can be based on wires or may be wireless, using IR, inductive couplings, radio, or any combination of those.
  • the stationary terminal may be standalone, or connected to a network. In the latter case also one or several network servers could be involved in the transaction. Then the mobile terminal could act as an integral part of a distributed information system.
  • the smartcard is used primarily to store such data that must be protected if the device/card is lost or stolen. In a minimal configuration the following data is sufficient. Card identification (possibly implying also the identity of the user, an account number etc.)
  • Access to the card is possible only by providing a PIN-code or biometric sample matching the stored reference. All communication between the mobile and stationary terminals is encrypted using the secret key or a sepa- rate session key exchanged by using the first key.
  • the terminal contains means for communication with the smartcard, with the stationary terminal and with the user. All of this can be built by using standard technology and the design of the terminal does not have to be kept secret. However, it must be provided by a trusted party in order not to have built-in security leaks.
  • this is accomplished by including a storage facility in the terminal where all relevant information can be recorded during the transaction.
  • the information can later be downloaded to a stationary computer or network for further processing and long time storage. All or part of the information can be protected by encryption using a key stored on the smartcard. Even if the ter- minal is lost together with the smartcard this information is protected.
  • documents can be protected by electronic signatures.
  • Integrating the smartcard into the mobile terminal causes potential problems for the user if he has several cards. Even for a single transaction it may be relevant to use more than one card (e.g. a credit card and a bonus card). In one embodiment of the present invention this is accomplished by storing many virtual cards on one physical one, a multipurpose smartcard.
  • a multipurpose smartcard contains one ID part, common to all applications of the card, with
  • the ID part also may contain information such as
  • This part of the card is written once and then protected so that it can- not be changed during the lifetime of the card.
  • the other main part of the protected memory of the smartcard is used for storing information specific to each individual application.
  • Each entry in this area could optionally contain its own encryption key(s) or access code(s) in order to secure data and communication in addition to what is pro- vided by the key(s) in the ID part.
  • Such an entry constitutes a virtual card.
  • Virtual cards may be added and deleted after the physical card has been issued and distributed. The procedure of adding and deleting virtual cards can preferably be performed with the physical card residing in the terminal. Downloading of data corresponding to a virtual card can be protected by cryptographic protocols using the key(s) on the physical card. In this way a new virtual card can be added using a data communication network with no need for any physical transport of cards.
  • Fig 1 is a schematic functional block diagram showing a prior art system for a digital transaction
  • Fig 2 is a diagram showing an authorizing scheme that can be used in the system in Fig. 1
  • Fig. 3 is a schematic functional block diagram showing a digital transaction system in accordance with the invention
  • Fig. 4 is a schematic block diagram showing communication path in a device in accordance with the invention
  • Fig. 5 is a diagram showing an authorizing scheme that can be used in the system in Fig. 3
  • Fig. 6 is a schematic block diagram showing one embodiment of a device in accordance with the invention
  • Fig. 7 is a schematic block diagram showing one embodiment of a smart- card that can be used with the device in Fig. 5
  • Fig. 8 is a schematic perspective view of a first embodiment of a device in accordance with the invention
  • Fig. 9 is a schematic perspective view of a second embodiment of a device in accordance with the invention.
  • Fig. 1 shows a basic prior art system for digital transactions.
  • a sta- tionary terminal 10 is connected to a remote server 11 through a network 12.
  • a smartcard 13 is inserted into the stationary terminal.
  • the user enters personal identification data into the smartcard through the stationary terminal by using a user interaction means 16.
  • the user interaction means can be a keyboard or a device for the input of a biometric sample, such as a biometric sensor.
  • the identification data unlocks the smartcard and enables authorization of the user and a secure communication between the stationary terminal and the remote terminal.
  • the stationary terminal can be tampered with and the identification data can be obtained.
  • Fig. 2 shows a typical scheme where a user at a stationary terminal wants to be authorized by a remote network server.
  • the scheme can be used in the prior art system shown in Fig. 1 and also in a system according to the present invention.
  • the authentication process of the user (1) is performed first by entering personal identification data into the IC card.
  • the stationary terminal requests to establish contact (2) with the remote server.
  • the request is picked up and accepted (3) by the remote server.
  • the remote server sends a random number, called the challenge (4).
  • the stationary terminal receives this number, encrypts it (6) together with an identification of the user and returns the result, called the response (6).
  • this message is decrypted, and the result compared with the challenge (7).
  • the IC card is authentic, since it uses the right key.
  • the purpose of the random number is to ensure that the user is actually present and that the response is not just a replay of a message that has been recorded during some previous transaction.
  • the steps 1-7 are essential in most communication schemes.
  • Fig. 2 also shows further steps that are taken when a purchase is made.
  • the remote server sends the amount to be paid (8) for the purchase.
  • the amount is received by the stationary terminal (9) and confirmed by send- ing the amount encrypted (10) as described above.
  • the amount is received and decrypted by the remote server (11) and further checked locally (12).
  • a confirmation finally is sent (13) by the remote server and received (14) by the stationary terminal.
  • the steps 8-14 can be replaced by similar or correspond- ing steps for other types of transactions.
  • the electronics of a mobile terminal 14 is designed around a microcontroller 15 to which the smartcard 13 and all other main parts are connected.
  • the user interaction means 16 is included in the mobile terminal 14. All communication between the smartcard 13 and the user is carried out through the mobile terminal 14 (see Fig. 4 also).
  • the user is authenticated by the smartcard through a device that can be protected against unau- thorized operations.
  • the smartcard is then authenticated by the stationary terminal 10 in a protected environment.
  • the stationary terminal 10 can be authenticated by the remote server 11 through the network 12 in a conventional manner.
  • Fig. 4 shows a scheme where a user at a stationary terminal wants to be authorized by a remote network server when using a mobile terminal as shown in Fig. 3. The process is started when the user requests the mobile terminal to establish contact (1 ) with the remote server. The request is picked up and accepted (2) by the remote server. When contact has been estab- lished, the remote server sends a random number, called the challenge (3) back to the mobile terminal.
  • the mobile terminal receives the random number (4). Before or during this session the user should be authenticated by the IC card. This could for instance be done as indicated by step (5). After au- thentication the received random number is encrypted and returned (6) to the remote server. Finally, the encrypted number is decrypted and compared by the remote server (7). Further steps may then follow depending on the actual application.
  • Fig. 6 the main units of a mobile terminal 14 are shown.
  • the smartcard is mounted in a smartcard holder 18. In a preferred embodiment the smartcard holder is formed to allow a simple exchange of the smartcard. All main units of the mobile terminal 14 are controlled by the micro controller 15.
  • the micro controller can be a conventional microprocessor or an applica- tion specific circuit.
  • a program memory 19 holds the control program used by the micro controller and may be formed as a ROM.
  • the software in the program memory controls all functions of the terminal. Data altering during execution is stored in a temporary scratchpad memory 20, such as a RAM.
  • the mobile terminal is also provided with means for user interaction. Data is presented to the user by an output unit 21 , such as a LCD. Other types of displays and sound output means can also be used.
  • a unit 23 for wireless communication with a stationary terminal is in- eluded and may include an IR or radio unit. There is also included means for communication with a stationary terminal via a physical connector 24.
  • a flash disk 25 or similar device is provided for storing electronic documents produced during transactions and other larger data sets.
  • the terminal For communication the terminal must be capable of using protocols suitable for the different channels that are available, such as radio and IR. Even in the case a physical, electrical connection is used for communication a protocol must be used.
  • the smartcard contains a secure microprocessor with the following main parts as shown in Fig. 7.
  • An interface 26 is provided for controlling the communication between the card and the terminal.
  • the interface is connected to a processor 27 capable of performing all the necessary functions of the card, including protected access to memory and encryption/decryption of data.
  • a ROM or flash memory 28 is used for storing programs, and a RAM 29 is used for storing temporary data.
  • a permanent ID section of the card and optionally virtual cards is stored in an EEPROM 30.
  • the electronic parts of the mobile terminal as shown in Fig. 8 are contained in a cover 31 designed to be conveniently carried in a pocket, at- tached to a belt or similar arrangement. Power is provided by an internal battery (not shown). This and the smartcard can be replaced by the user.
  • the smartcard has the size of a Plug-in SIM card (ETSI Standard GSM 11.11 , Annex A).
  • the output unit comprises a LCD 32
  • the input unit comprises a keyboard 33, preferably including digit keys and a Yes and a No button.
  • the input unit also comprises a biometric sensor 36 that identifies the fingerprint of the user.
  • the wireless communication unit includes an IR window 34.
  • the cover 31 Further means related to the wireless communication unit, such as an antenna or a coil, are covered by the cover 31. Since smartcard readers are often available at transaction terminals it could be convenient to use these also to connect mobile terminals.
  • the mobile terminal as shown in Fig. 9 one part of the terminal could be shaped as half a smartcard and have a set of smart- card connector pads 35 placed according to standard. This part of the termi- nal could then be inserted into a smartcard reader to provide an electrical connection between the terminals for communication.
  • the terminal includes a LCD 32, a keyboard 33 and an IR window in conformity with the embodiment shown in Fig. 8.
  • a simple next step would be that the stationary terminal or a remote server registers the user and then allow access to data or to a closed and security protected area.
  • a key stored in the smartcard is used for the encryption of data to be sent from the stationary terminal to the remote server.
  • an electronic purchase is requested and confirmed by the user. The purchase can then be recorded and executed by the remote server.

Abstract

Method for secure digital data transactions, including the steps of: a) storing personal identification data, card identification data and a transaction program in a protected IC card, b) receiving personal identification data in said IC card, c) comparing said received personal identification data with said stored personal identification data and d) executing said transaction program when said personal identification data correspond to said stored personal identification data to establish contact between said IC card and a stationary terminal, e) mounting said IC card in a mobile unit, f) transferring said personal identification data to said IC card through said mobile unit, and g) further executing said transaction program to perform secure digital data transactions between said IC card and a stationary terminal through said mobile unit. The invention also comprises a device for secure digital transactions including an IC card (13) containing protected personal identification data, card identification data and a transaction program. The device includes a mobile terminal (14) comprising: a) receiving means (18) for receiving said IC card (13), b) input means (22) for entering personal identification data, c) communication means (23; 24) for performing secure digital data transactions between said IC card and a stationary terminal (10).

Description

METHOD AND DEVICE FOR SECURE TRANSACTIONS
BACKGROUND OF THE INVENTION
The field of this invention is authorization and authentication of a user during a transaction involving a stationary terminal or PC and possibly remote servers on a computer network. One of the means to provide security in such a situation is to use cryptography.
There are two main classes of encryption methods, symmetric and asymmetric. Symmetric encryption uses a secret key that is used both for encryption end decryption. This key has to be distributed beforehand to both parties and kept secret at all times. Asymmetric, or public key, encryption schemes uses a pair of keys where one can be public and the other must be secret. This makes key distribution much easier since the public key can be published and made available for instance over Internet.
PRIOR ART
Independent of which encryption scheme that is used authentication requires a secret key. Smartcards (sometimes called IC cards) solve the problem of keeping the keys secret even if the card is lost. By encapsulating memory and processor into one tamper-resistant microchip and using PIN- codes and cryptography to protect access to the keys, a lost or stolen card cannot be used by any unauthorized person. When used the IC card is inserted into a stationary terminal having input means for entering the PIN code However, the stationary terminal is a possible security leak. In a typical setting the user carries a set of smartcards and for every transaction inserts one of them in a smartcard reader. The reader could be connected e.g. to a point-of-sales terminal, an ATM machine, or to a personal computer. In order to unlock the card the user provides a PIN-code or a biometric sample (e.g. a fingerprint). The device to do this is part of the card reader or terminal equipment. It is technically possible to manipulate such equipment to break the security. For instance, the PIN-code or biometric sample could be recorded and used later. The system disclosed in US5917913 solves this problem by providing the user with a portable electronic authorization device. All communication with the stationary terminal is encrypted and the user has full control of the reader, keyboard etc. This provides necessary conditions to prevent un- authorized access to information during a transaction. However, in a system according to US5917913 there is a problem of keeping the keys secret if the device is lost or stolen.
In summary, the following two security problems are associated with the use of cryptographic keys for authorization and authentication of a user during an electronic transaction.
Keep the key secret even when the physical storage device is lost or stolen and prevent unauthorized manipulation of the equipment in order to get access to secret information during a transaction.
SUMMARY OF THE INVENTION
An object of the present invention is to overcome both of the above mentioned problems. The invention comprises a mobile terminal with a single built-in smartcard optionally capable of replacing a number of separate smartcards. The terminal contains means for user interaction and for communication with another terminal, that may be stationary or mobile (in the following called the stationary terminal). Communication between the mobile and the stationary terminals can be based on wires or may be wireless, using IR, inductive couplings, radio, or any combination of those. The stationary terminal may be standalone, or connected to a network. In the latter case also one or several network servers could be involved in the transaction. Then the mobile terminal could act as an integral part of a distributed information system.
The smartcard is used primarily to store such data that must be protected if the device/card is lost or stolen. In a minimal configuration the following data is sufficient. Card identification (possibly implying also the identity of the user, an account number etc.)
Secret cryptographic key (symmetric or asymmetric encryption) • PIN-code or biometric reference
Access to the card is possible only by providing a PIN-code or biometric sample matching the stored reference. All communication between the mobile and stationary terminals is encrypted using the secret key or a sepa- rate session key exchanged by using the first key.
The terminal contains means for communication with the smartcard, with the stationary terminal and with the user. All of this can be built by using standard technology and the design of the terminal does not have to be kept secret. However, it must be provided by a trusted party in order not to have built-in security leaks.
Commercial documents, such as bank statements and receipts, are often produced as part of a transaction. The user may also want to keep other kinds of records, such as a time-stamped log. Using current technology most of this is either provided locally on paper or recorded electronically by the remote party. Both alternatives are inconvenient for the user. Ideally all documents related to a transaction should be stored in electronic form and easily be available to him in the future. Even when a smartcard is used, it has too limited storage space for this.
In one embodiment of the present invention this is accomplished by including a storage facility in the terminal where all relevant information can be recorded during the transaction. When convenient for the user the information can later be downloaded to a stationary computer or network for further processing and long time storage. All or part of the information can be protected by encryption using a key stored on the smartcard. Even if the ter- minal is lost together with the smartcard this information is protected. Optionally, documents can be protected by electronic signatures.
Integrating the smartcard into the mobile terminal causes potential problems for the user if he has several cards. Even for a single transaction it may be relevant to use more than one card (e.g. a credit card and a bonus card). In one embodiment of the present invention this is accomplished by storing many virtual cards on one physical one, a multipurpose smartcard. A multipurpose smartcard contains one ID part, common to all applications of the card, with
Individual identification of the card At least one certificate of a cryptographic public key The corresponding private key(s) • At least one PIN-code or biometric reference
Optionally the ID part also may contain information such as
Name, photograph and other information about the card holder • Expiration date and other restrictions that may apply to the card
Information about the issuer of the card and its security references
This part of the card is written once and then protected so that it can- not be changed during the lifetime of the card.
The other main part of the protected memory of the smartcard is used for storing information specific to each individual application. Each entry in this area could optionally contain its own encryption key(s) or access code(s) in order to secure data and communication in addition to what is pro- vided by the key(s) in the ID part. Such an entry constitutes a virtual card. Virtual cards may be added and deleted after the physical card has been issued and distributed. The procedure of adding and deleting virtual cards can preferably be performed with the physical card residing in the terminal. Downloading of data corresponding to a virtual card can be protected by cryptographic protocols using the key(s) on the physical card. In this way a new virtual card can be added using a data communication network with no need for any physical transport of cards. Other features and advantages of the invention appear from the description and claims below and from the accompanying drawings.
BRIEF DESCRIPTION OF THE DRAWINGS The invention will now be described in more detail with reference to specific embodiments thereof shown on the accompanying drawings.
Fig 1 is a schematic functional block diagram showing a prior art system for a digital transaction, Fig 2 is a diagram showing an authorizing scheme that can be used in the system in Fig. 1 , Fig. 3 is a schematic functional block diagram showing a digital transaction system in accordance with the invention, Fig. 4 is a schematic block diagram showing communication path in a device in accordance with the invention,
Fig. 5 is a diagram showing an authorizing scheme that can be used in the system in Fig. 3, Fig. 6 is a schematic block diagram showing one embodiment of a device in accordance with the invention, Fig. 7 is a schematic block diagram showing one embodiment of a smart- card that can be used with the device in Fig. 5, Fig. 8 is a schematic perspective view of a first embodiment of a device in accordance with the invention and Fig. 9 is a schematic perspective view of a second embodiment of a device in accordance with the invention.
DETAILED DESCRIPTION
Fig. 1 shows a basic prior art system for digital transactions. A sta- tionary terminal 10 is connected to a remote server 11 through a network 12. To provide an authorization of a user of the stationary terminal a smartcard 13 is inserted into the stationary terminal. The user enters personal identification data into the smartcard through the stationary terminal by using a user interaction means 16. The user interaction means can be a keyboard or a device for the input of a biometric sample, such as a biometric sensor. The identification data unlocks the smartcard and enables authorization of the user and a secure communication between the stationary terminal and the remote terminal. However, the stationary terminal can be tampered with and the identification data can be obtained.
Fig. 2 shows a typical scheme where a user at a stationary terminal wants to be authorized by a remote network server. The scheme can be used in the prior art system shown in Fig. 1 and also in a system according to the present invention. The authentication process of the user (1) is performed first by entering personal identification data into the IC card. Then the stationary terminal requests to establish contact (2) with the remote server. The request is picked up and accepted (3) by the remote server. When contact has been established, the remote server sends a random number, called the challenge (4). The stationary terminal receives this number, encrypts it (6) together with an identification of the user and returns the result, called the response (6). At the remote server this message is decrypted, and the result compared with the challenge (7). If they are identical, it means that the IC card is authentic, since it uses the right key. The purpose of the random number is to ensure that the user is actually present and that the response is not just a replay of a message that has been recorded during some previous transaction. The steps 1-7 are essential in most communication schemes.
Every time a new number is sent as challenge. If the same encryption key is used, the encrypted messages will be different. Even if somebody is picking up the communication he cannot give the correct response to the next challenge trying to imitate the legitimate user.
Following this authentication of the user at the remote terminal there could for instance be a commercial transaction such as a credit card payment. The figure shows an example where the same cryptographic scheme is used as for the authentication.
Fig. 2 also shows further steps that are taken when a purchase is made. The remote server sends the amount to be paid (8) for the purchase. The amount is received by the stationary terminal (9) and confirmed by send- ing the amount encrypted (10) as described above. The amount is received and decrypted by the remote server (11) and further checked locally (12). A confirmation finally is sent (13) by the remote server and received (14) by the stationary terminal. The steps 8-14 can be replaced by similar or correspond- ing steps for other types of transactions.
PREFERRED EMBODIMENT
In a preferred embodiment as shown in Fig. 3 the electronics of a mobile terminal 14 is designed around a microcontroller 15 to which the smartcard 13 and all other main parts are connected. As a main feature of the invention the user interaction means 16 is included in the mobile terminal 14. All communication between the smartcard 13 and the user is carried out through the mobile terminal 14 (see Fig. 4 also). Thus, the user is authenticated by the smartcard through a device that can be protected against unau- thorized operations. The smartcard is then authenticated by the stationary terminal 10 in a protected environment. The stationary terminal 10 can be authenticated by the remote server 11 through the network 12 in a conventional manner.
The protecting property of the mobile terminal 14 is apparent from Fig. 4. No transactions with the smartcard 13 can occur other than through the mobile terminal. This applies to the user 17 and to external devices such as the stationary terminal 10. All further transactions with the remote server and all transactions through an external network involving the smartcard will also be handled through the mobile terminal 14. Fig. 5 shows a scheme where a user at a stationary terminal wants to be authorized by a remote network server when using a mobile terminal as shown in Fig. 3. The process is started when the user requests the mobile terminal to establish contact (1 ) with the remote server. The request is picked up and accepted (2) by the remote server. When contact has been estab- lished, the remote server sends a random number, called the challenge (3) back to the mobile terminal. The mobile terminal receives the random number (4). Before or during this session the user should be authenticated by the IC card. This could for instance be done as indicated by step (5). After au- thentication the received random number is encrypted and returned (6) to the remote server. Finally, the encrypted number is decrypted and compared by the remote server (7). Further steps may then follow depending on the actual application. In Fig. 6 the main units of a mobile terminal 14 are shown. The smartcard is mounted in a smartcard holder 18. In a preferred embodiment the smartcard holder is formed to allow a simple exchange of the smartcard. All main units of the mobile terminal 14 are controlled by the micro controller 15. The micro controller can be a conventional microprocessor or an applica- tion specific circuit. A program memory 19 holds the control program used by the micro controller and may be formed as a ROM. The software in the program memory controls all functions of the terminal. Data altering during execution is stored in a temporary scratchpad memory 20, such as a RAM.
The mobile terminal is also provided with means for user interaction. Data is presented to the user by an output unit 21 , such as a LCD. Other types of displays and sound output means can also be used. An input unit 22, such as a keyboard or a device for input of biometric data, is also provided in the terminal.
A unit 23 for wireless communication with a stationary terminal is in- eluded and may include an IR or radio unit. There is also included means for communication with a stationary terminal via a physical connector 24. A flash disk 25 or similar device is provided for storing electronic documents produced during transactions and other larger data sets.
For communication the terminal must be capable of using protocols suitable for the different channels that are available, such as radio and IR. Even in the case a physical, electrical connection is used for communication a protocol must be used.
The smartcard contains a secure microprocessor with the following main parts as shown in Fig. 7. An interface 26 is provided for controlling the communication between the card and the terminal. The interface is connected to a processor 27 capable of performing all the necessary functions of the card, including protected access to memory and encryption/decryption of data. A ROM or flash memory 28 is used for storing programs, and a RAM 29 is used for storing temporary data. A permanent ID section of the card and optionally virtual cards is stored in an EEPROM 30.
The electronic parts of the mobile terminal as shown in Fig. 8 are contained in a cover 31 designed to be conveniently carried in a pocket, at- tached to a belt or similar arrangement. Power is provided by an internal battery (not shown). This and the smartcard can be replaced by the user. The smartcard has the size of a Plug-in SIM card (ETSI Standard GSM 11.11 , Annex A). The output unit comprises a LCD 32, and the input unit comprises a keyboard 33, preferably including digit keys and a Yes and a No button. In the embodiment shown in Fig. 8 the input unit also comprises a biometric sensor 36 that identifies the fingerprint of the user. The wireless communication unit includes an IR window 34. Further means related to the wireless communication unit, such as an antenna or a coil, are covered by the cover 31. Since smartcard readers are often available at transaction terminals it could be convenient to use these also to connect mobile terminals. In an alternative embodiment of the mobile terminal as shown in Fig. 9 one part of the terminal could be shaped as half a smartcard and have a set of smart- card connector pads 35 placed according to standard. This part of the termi- nal could then be inserted into a smartcard reader to provide an electrical connection between the terminals for communication. The terminal includes a LCD 32, a keyboard 33 and an IR window in conformity with the embodiment shown in Fig. 8.
After authentication of the user different further steps may be taken. A simple next step would be that the stationary terminal or a remote server registers the user and then allow access to data or to a closed and security protected area. In another application a key stored in the smartcard is used for the encryption of data to be sent from the stationary terminal to the remote server. In a third application an electronic purchase is requested and confirmed by the user. The purchase can then be recorded and executed by the remote server.

Claims

1. Method for secure digital data transactions, including the steps of: a) storing personal identification data, card identification data and a transaction program in a protected IC card, b) receiving personal identification data in said IC card, c) comparing said received personal identification data with said stored personal identification data and d) executing said transaction program when said personal identification data correspond to said stored personal identification data to establish contact between said IC card and a stationary terminal, characterized by e) mounting said IC card in a mobile unit, f) transferring said personal identification data to said IC card through said mobile unit, and g) further executing said transaction program to perform secure digital data transactions between said IC card and a stationary terminal through said mobile unit.
2. Method as claimed in claim 1 , further including the steps of storing an encryption key in said protected IC card, executing said transaction program to transfer digital data from the stationary terminal to a remote server and applying said encryption key for encrypting digital data to be transferred.
3. Method as claimed in claim 1 , further including the steps of connecting the mobile unit to the stationary terminal with a conductive coupling.
4. Method as claimed in claim 3, further including the steps of connecting the mobile unit to the stationary terminal through IC card connector pads ar- ranged on the mobile terminal.
5. Method as claimed in claim 3, further including the steps of transferring digital data between the mobile unit and the stationary terminal through a wireless connection.
6. Method as claimed in claim 1 , further including the steps of storing in said IC card a plurality of application specific card identification data sets, each set defining a virtual IC card.
7. A device for secure digital transactions including an IC card (13) containing protected personal identification data, card identification data and a transaction program, characterized by a mobile terminal (14) comprising: a) receiving means (18) for receiving said IC card (13), b) input means (22) for entering personal identification data, c) communication means (23; 24) for performing secure digital data transactions between said IC card and a stationary terminal (10).
8. A device as claimed in claim 7, wherein said input means (22) comprises a biometric sensor (36).
9. A device as claimed in claim 7, wherein said communication means (23; 24) comprises IC card connector pads (35).
10. A device as claimed in claim 7, wherein said mobile terminal (14) is pro- vided with display means (32).
11. A device as claimed in claim 7, wherein said receiving means (18) is operatively connected to a microcontroller (15) and said microcontroller (15) is operatively connected to said input means (22) for directing input data to an IC card received in said receiving means (18).
12. A device as claimed in claim 11 , wherein said microcontroller (15) is operatively connected to storing means (25) for storing transaction history data.
PCT/SE2001/000563 2000-04-20 2001-03-19 Method and device for secure transactions WO2001082167A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001242946A AU2001242946A1 (en) 2000-04-20 2001-03-19 Method and device for secure transactions

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SE0001467A SE0001467L (en) 2000-04-20 2000-04-20 Method and arrangement for secure transactions
SE0001467-0 2000-04-20

Publications (1)

Publication Number Publication Date
WO2001082167A1 true WO2001082167A1 (en) 2001-11-01

Family

ID=20279389

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2001/000563 WO2001082167A1 (en) 2000-04-20 2001-03-19 Method and device for secure transactions

Country Status (3)

Country Link
AU (1) AU2001242946A1 (en)
SE (1) SE0001467L (en)
WO (1) WO2001082167A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004010372A1 (en) * 2002-07-24 2004-01-29 Banque-Tec International Pty Ltd Biometric smartcard system and method of secure transmission
GB2394326A (en) * 2002-10-17 2004-04-21 Vodafone Plc Authenticating a transaction using predetermined information held on a storage device
GB2394327B (en) * 2002-10-17 2006-08-02 Vodafone Plc Device for facilitating and authenticating transactions
DE10262183B4 (en) * 2002-04-03 2011-06-09 Sagem Orga Gmbh Mobile telecommunication device and smart card system
DE102008010788B4 (en) * 2008-02-22 2013-08-22 Fachhochschule Schmalkalden Method for authentication and authentication of persons and units
US8825928B2 (en) 2002-10-17 2014-09-02 Vodafone Group Plc Facilitating and authenticating transactions through the use of a dongle interfacing a security card and a data processing apparatus
DE10242673B4 (en) * 2002-09-13 2020-10-15 Bundesdruckerei Gmbh Procedure for identifying a user

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5748737A (en) * 1994-11-14 1998-05-05 Daggar; Robert N. Multimedia electronic wallet with generic card
US5796832A (en) * 1995-11-13 1998-08-18 Transaction Technology, Inc. Wireless transaction and information system
US6016476A (en) * 1997-08-11 2000-01-18 International Business Machines Corporation Portable information and transaction processing system and method utilizing biometric authorization and digital certificate security
WO2000011624A1 (en) * 1998-08-25 2000-03-02 Telefonaktiebolaget Lm Ericsson (Publ) Smart card wallet
US6098055A (en) * 1996-02-07 2000-08-01 Nec Corporation Banking system equipped with a radio linked portable terminal
US6142369A (en) * 1995-04-11 2000-11-07 Au-System Electronic transaction terminal for conducting electronic financial transactions using a smart card

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5748737A (en) * 1994-11-14 1998-05-05 Daggar; Robert N. Multimedia electronic wallet with generic card
US6142369A (en) * 1995-04-11 2000-11-07 Au-System Electronic transaction terminal for conducting electronic financial transactions using a smart card
US5796832A (en) * 1995-11-13 1998-08-18 Transaction Technology, Inc. Wireless transaction and information system
US6098055A (en) * 1996-02-07 2000-08-01 Nec Corporation Banking system equipped with a radio linked portable terminal
US6016476A (en) * 1997-08-11 2000-01-18 International Business Machines Corporation Portable information and transaction processing system and method utilizing biometric authorization and digital certificate security
WO2000011624A1 (en) * 1998-08-25 2000-03-02 Telefonaktiebolaget Lm Ericsson (Publ) Smart card wallet

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10262183B4 (en) * 2002-04-03 2011-06-09 Sagem Orga Gmbh Mobile telecommunication device and smart card system
WO2004010372A1 (en) * 2002-07-24 2004-01-29 Banque-Tec International Pty Ltd Biometric smartcard system and method of secure transmission
DE10242673B4 (en) * 2002-09-13 2020-10-15 Bundesdruckerei Gmbh Procedure for identifying a user
GB2394326A (en) * 2002-10-17 2004-04-21 Vodafone Plc Authenticating a transaction using predetermined information held on a storage device
GB2396707A (en) * 2002-10-17 2004-06-30 Vodafone Plc Authenticating transactions over a telecommunications network
GB2396707B (en) * 2002-10-17 2004-11-24 Vodafone Plc Facilitating and authenticating transactions
GB2394326B (en) * 2002-10-17 2006-08-02 Vodafone Plc Facilitating and authenticating transactions
GB2394327B (en) * 2002-10-17 2006-08-02 Vodafone Plc Device for facilitating and authenticating transactions
US8825928B2 (en) 2002-10-17 2014-09-02 Vodafone Group Plc Facilitating and authenticating transactions through the use of a dongle interfacing a security card and a data processing apparatus
DE102008010788B4 (en) * 2008-02-22 2013-08-22 Fachhochschule Schmalkalden Method for authentication and authentication of persons and units

Also Published As

Publication number Publication date
AU2001242946A1 (en) 2001-11-07
SE0001467D0 (en) 2000-04-20
SE0001467L (en) 2001-10-21

Similar Documents

Publication Publication Date Title
US8799670B2 (en) Biometric authentication method, computer program, authentication server, corresponding terminal and portable object
JP5050066B2 (en) Portable electronic billing / authentication device and method
US5721781A (en) Authentication system and method for smart card transactions
CN101336436B (en) Security token and method for authentication of a user with the security token
US7357309B2 (en) EMV transactions in mobile terminals
JP4127862B2 (en) IC card delivery key set
CN100495430C (en) Biometric authentication apparatus, terminal device and automatic transaction machine
WO2003081377A2 (en) Methods of exchanging secure messages
EP1369829A2 (en) Electronic value data communication method and system between IC cards
KR20010022588A (en) Method for the safe handling of electronic means of payment and for safely carrying out business transactions, and device for carrying out said method
WO2005117527A2 (en) An electronic device to secure authentication to the owner and methods of implementing a global system for highly secured authentication
KR20140061474A (en) Improved device and method for smart card assisted digital content purchase and storage
GB2394326A (en) Authenticating a transaction using predetermined information held on a storage device
WO2000074007A1 (en) Network authentication with smart chip and magnetic stripe
WO2001082167A1 (en) Method and device for secure transactions
WO2008154872A1 (en) A mobile terminal, a method and a system for downloading bank card information or payment application information
EP1239629B1 (en) Method for the safe use and transmission of biometric data for authentication purposes
JP4760124B2 (en) Authentication device, registration device, registration method, and authentication method
KR20170124504A (en) Method for Providing Non-Faced Transaction by using Appointed Terminal
KR20160057362A (en) Method for Providing Non-Faced Transaction by using Appointed Terminal
GB2368948A (en) Smart card authentication
KR20100053229A (en) Method and system for issuing cash receipt by using cash receipt box and program recording medium

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP