COMMUNICATION METHOD AND DEVICE
TECHNICAL FIELD
The present invention relates to methods and arrangements for secure communication between digital devices. In particular, the invention relates to user authentication in digital communication systems.
BACKGROUND
The need for secure electronic transactions involving a user and a transaction system such as an Internet based shopping site or an automatic teller machine (ATM) at a bank, has increased dramatically during recent years. A major question relating to secure transactions is that of authentication of the user to the system. That is, how to identify a user as being the owner of, e.g., a bank account from which the user is to withdraw money from when using an ATM.
A well-established method of authenticating users in such systems is that of providing the user with an electronically readable device containing information about the user and his account. Such cards are common and contain magnetically stored information. In order to allow the user to use his card in an ATM, the issuer (e.g. the bank) has provided the user with a secret code to be supplied to the ATM when using the card. The code is used "unlock" the card for use by the user every time the user makes use of his card.
A drawback of such a method is that . one and the same code is used every time a user authenticates with a system.
This increases the risk of unauthorized use of the card if the user loses the card. An obvious way of avoiding this is to provide systems in which a secret code is used only once, that is for every
transaction the user makes use of a new code. However, this leads to a problem of providing the user with a long list of one-time-codes as well as storing the same list of codes in the system with which the user is to authenticate. Needless to say, such solutions are far from simple to administrate due to the fact that it calls for large storage areas in the authentication system, as well as being insecure due to the fact that the user holds a list of codes to be used in the future. A problem to solve, in the field of user authentication, is hence how to provide users and authentication- and transaction managers with a more flexible solution which also increases security when making transactions in digital communication networks.
SUMMARY OF THE INVENTION
An object of the present invention is to solve the problem as stated above. To that end, methods and arrangements are provided as stated in the appended claims . In short, an authentication arrangement, such as a personal smart card or IC-card comprising processing means, memory means and communication means, is used together with a reader capable of reading out information from the authentication arrangement. The authentication arrangement generates, e.g. as a response to a signal from the reader, a one-time identification code that is used by the user to authenticate himself when making transactions via a digital network. A typical example of such a transaction is the use of an ATM when withdrawing money from a bank account.
In some more detail, the invention can be seen in different aspects. A first aspect as seen from the point- of-view of the user possessing a smart card. In a second aspect from the point-of-view of a transaction manager or authentication manager, in the form of one or more
computers in a system or network, at a bank for example, communicating with the user when he/she is performing the transactions. Both of these aspects of the invention will be summarized below. A method and a system for user authentication in a digital communication system are provided. The communication system comprises a transaction manager and an authentication manager, both of which- may be separate functional units in one computer or functional units in different computers.
The user possesses an . authentication arrangement, such as a smart card, which is identified by an authentication arrangement identification number. Personalizing information is supplied to the authentication arrangement, preferably by a supplier who is closely related to the authentication manager and/or the transaction manager. The personalizing information associates the authentication arrangement held by the user with the transaction manager. Advantageously, there may be a number of different sets of personalizing information, supplied by a number of different authentication or transaction managers. Such a case enables a user to use one and the same authentication arrangement when making transactions' with different transaction managers.
For each transaction the user performs which requires authentication, the system in the form of an authentication manager receives at least one substantially non-recurring identification code. The identification code has been generated by the user authentication arrangement and is dependent on the personalizing information. Hence the identification code is acting as a unique, one-time, signature that identifies the user as being the authorized one. The reception of the code may take place by means of a , direct communication channel between the authentication
manager and the authentication arrangement. A typical example of such a case is when the authentication arrangement, e.g. a smart card, is used in connection with an ATM where a smart card is inserted by the user whereupon the smart card calculates and submits the identification code to, e.g., the bank. The reception of the identification code may also take place in connection with a transaction where the user himself submits the identification code when communicating with, e.g., a web- based shop. A transaction taking place in such a case may involve the user using a separate portable card reader comprising a display on which the identification code is displayed after having been calculated by the smart card hardware. When receiving the identification code from the user, the authentication manager also computes a substantially nonrecurring code. This code is a verification code, which also is dependent on the personalizing information previously supplied to the authentication arrangement. The authentication manager then performs a process of verifying that the received identification code is equal to the calculated verification code. This may simply be performed as a comparison between the two codes. In the case the codes match the user is authenticated and should be allowed to perform the transaction with the system.
Preferably, during a transaction between the user authentication arrangement and the authentication system, the authentication system obtains information regarding the identity of the authentication arrangement, i.e. the identification number, together with a transaction sequence number. The identification number may be transmitted from the user authentication arrangement during the transaction. However, the sequence number need not be transmitted during the transaction. Preferably, a current sequence number which is associated with the particular user authentication arrangement making the
transaction, may be kept at the authentication system and need not be transmitted from the user authentication arrangement .
These two numbers are encrypted by the smart card using two encryption keys contained in the personalizing information previously supplied by the authentication arrangement, e.g. when the user registers himself as a customer and obtains his smart card from a party who controls the authentication- or transaction system. Thus generating a substantially non-recurring identification code.
Since the transaction sequence number is calculated independently by the user authentication arrangement and the authentication system, these two numbers may get unsynchronized. In such a case the authentication system may calculate a value for the verification code which is erroneous. In stead of concluding that the user is unauthorized, the authentication system may attempt to adjust the transaction sequence number and calculate a new verification code to be compared with the received identification code. This adjustment may take place an arbitrary number of times.
A preferred embodiment of the invention is in the form of a personal smart card, as claimed below. The smart card may be used together with a portable card reader as will be discussed below.
With respect to all aspects of the invention, computer software implementation is obviously preferred. The software of the authentication- and transaction managers may be present in more or less traditional computers, and the software of the user authentication arrangement may be within smart cards or other portable units having processing- and storage means. To that end, inventive subjects in the form of computer programs are also to be found among the claims.
There are a number of advantages of the present invention, including the fact that there are the secret keys are kept inside the authentication arrangement, thus increasing the security. Another advantage is that it is possible for a user to use different readers with his/her smart card, thus making it flexible in terms of use in different locations. Conversely, several users can use one and the same reader, each user having his/her own personal smart card. Also, a user may have multiple sets of personalizing information all of which are associated with, and preferably also obtained from, different transaction- or authentication managers belonging to, e.g., different banks. Yet another advantage is that the minimum amount of data which has to be kept at the authentication manager computer site. For example, no large table of sequences of identification codes, that may occupy large storage areas, is needed.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 illustrates schematically a system according to the present invention.
Figure 2 illustrates schematically a personalizing procedure according to the present invention. Figure 3 illustrates schematically a procedure for identification code generation according to the present invention.
Figure 4 illustrates schematically a verification procedure according to the present invention.
PREFERRED EMBODIMENTS
In figure 1 a user authentication arrangement in the form of a smart card 103, or integrated circuit card (ICC) , and portable card reader 104 acts together to provide a
user with a one-time identification code. The card 103 comprises smart card hardware 105 as known in the art, which connects electrically via a slot 108 in the reader 104. A push button 109 on the reader 104 initiates software in the card 103 to calculate the identification code and transfer it to the reader 104, which in turn displays the code in the form of a four-digit number 100 on a display 107. Obviously, any number of digits or other character may be generated. That is, the invention is not restricted to "traditional" four-digit identification codes.
A system 102 with which the user or the smart card communicates comprises a computer 114 and an automatic teller machine 113 (ATM) . These two units are connected " ■ via a computer network 112 to a transaction manager 110 and an authentication manager 111, both of which may be physically separated or, as indicated by a dashed line 115, joined in one and the same physical unit, as the skilled person realizes. With reference to the system 102 in figure 1 and schematic flow diagrams in figures 2 to 4 a preferred embodiment of the invention will now be described.
The user holding the card, or rather the smart card itself, is in figure 2 associated with a transaction manager or authentication manager. The association may simply mean establishing a business relation such as the user obtaining a banking card from a bank. Figure 2 specifically illustrates the steps of personalizing the card before it is to be used to authenticate the user in a transaction. A unique identification number 201, e.g. a card number comprising a number of digits, is subject to encryption algorithms 204 and 206 using derivation keys 203 and 205 respectively. Two different encrypting keys 207 and 209 are generated. These encryption keys are in turn encrypted in steps 212 and 214 using keys 211 and 213 respectively for the purpose of enabling a secure
transport to a functional unit 215 (personalizing unit 215) , which may be located at a site different from where the above steps are performed. The personalizing unit 215 decrypts in steps 218 and 219 the transported encryption keys 207 and 209, by using transport decryption keys 216 and 217 respectively, and stores them in the smart card 200 by way of a writing step (not shown) . The card 200 is by this process personalized. That is, an association is made between the user and the transaction- or authenti- cation manager which performed the personalizing process.
When the user is to perform a transaction with a transaction manager, he must supply an identification code together with, as is known in the art, other information relating to the transaction. Referring to figure 3, the identification number 301 of the smart card and a transaction sequence number 303 are encrypted in steps 306 and 308. An XOR operation between the sequence number and the identification number 301 is performed in order to introduce a non-static dynamic property of the encryption step 308. The encryption 306,308 is performed using the encryption keys 305 and 307 stored in the card by the personalizing process described above in connection with figure 2. The output of the encrypting steps 306,308 are combined in a logical XOR-step 311 in order to ensure that the generated identification code is made dependent on both encryption steps 306 and 308. A resulting bit sequence is converted into a decimal number, such as a four digit number, in step 313 and supplied in step 315. The supplying of the identification may be either by way of presenting it on the display 107 of the card reader 104. The identification code may also be directly supplied via, e.g., the ATM to the transaction manager. The sequence number is incremented and stored for use in further transactions, Referring now to figure 4, from the point of view of the authentication manager, the received identification code
401 is compared in a comparison step 411 with a calculated verification code generated in a verification code generation step 409. The verification code is calculated in steps 403 and 409 using derivation keys 402 and the identification number 404 of the smart card, in the same way as the identification code was calculated in the processing means of the smart card, as described above in connection with figure 3. The identification number of the smart card is preferably also received together with the identification code. However, the number of the card may be "indirectly" received by means of a pointer to a database of card numbers at the authentication manager. The verification code and the received identification code are compared in step 411. If they are equal, the user is considered authenticated and allowed to proceed with the transaction as indicated by step 414. If the verification code and the received identification code differ, the situation may be that an identification code has been supplied which has not been generated by a personalized smart card, in which case the transaction is not to be allowed. However, the comparison may also result in an inequality if the transaction sequence numbers that have been used to generate the identification code and the verification code, in the smart card and the authentication manager respectively, are different. This may occur if there have been interrupted transactions where the sequence number of the smart card has been incremented without the identification code being received by the authentication manager. In such a situation, the sequence number may be adjusted in an adjustment step 417 and a new verification code may be calculated. This adjustment and recalculation may be performed an arbitrary number of times as indicated by a decision step 413 where it is decided whether or not a re-calculation based on a different sequence number should be allowed. Final step 415 then
indicates that the user is not authenticated to the system.