WO2010018469A1 - Method and apparatus for access to telematic services in protected mode by means of a single electronic universal key, and corresponding electronic universal key - Google Patents

Method and apparatus for access to telematic services in protected mode by means of a single electronic universal key, and corresponding electronic universal key Download PDF

Info

Publication number
WO2010018469A1
WO2010018469A1 PCT/IB2009/050623 IB2009050623W WO2010018469A1 WO 2010018469 A1 WO2010018469 A1 WO 2010018469A1 IB 2009050623 W IB2009050623 W IB 2009050623W WO 2010018469 A1 WO2010018469 A1 WO 2010018469A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
euk
service
access
ssf
Prior art date
Application number
PCT/IB2009/050623
Other languages
French (fr)
Inventor
Emilio Maria Del Giudice
Sergio Ragni
Andrea Dell'ova
Original Assignee
Eios Ict & Software Solutions S.R.L.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Eios Ict & Software Solutions S.R.L. filed Critical Eios Ict & Software Solutions S.R.L.
Publication of WO2010018469A1 publication Critical patent/WO2010018469A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations

Definitions

  • the present invention relates to a method and apparatus for access to telematic services in protected mode by means of a single electronic universal key, and corresponding electronic universal key.
  • Background of the invention The current methodology of access to any telematic service that requires authentication occurs by means of a series of specific devices that are different from one another, such as for example, hardware or software keys. For instance ( Figure 1), it is possible to use a company badge or else pay with a magnetic credit card combined with a current account.
  • access to the various sites is disciplined by a series of passwords, which are either chosen or imposed, but in any case are frequently forgotten after a short time.
  • US2006/00269051 of Stephen Lucas proposes a device that is able to manage not only the steps of authentication and access but also the possibility of storing within the device confidential information protected by the biometric key. Management of information encrypted outside the device to guarantee protection of the entire chain of communication and access, is not taken into account. Nor does the inventor take into consideration the modalities of integration with existing devices by means of the application on the device of an interface of a smart-card type (integration with POS and ATM), and also in this case methods for handling loss of the device are not dealt with.
  • US2007/133037 of Ba-Do Lee proposes integration of a system for verification of biometric parameters in mobile communication devices, where access to the device and to the information contained therein are protected by the biometric key.
  • the device can be used for managing authentication of the user to other services or access to protected areas, exploiting the wireless communication channels integrated in the communication system.
  • the invention does not take into consideration protection of the communication channel by means of encryption of the information; moreover, it does not envisage the possibility of verifying the reliability of the access keys used.
  • US20030187790 of Amy Swift, Lisa Tidwell, and Cassandra Mollett relates to the adoption of a new architecture for complete management of any electronic economic transaction.
  • the architecture envisages the use of a debit device that the user has to use to make the payment.
  • the dealer adopts a system made up of a server, a database, and a corresponding logic code for management of the user data.
  • the request for the transaction is made to a dedicated system, which, via the server, the database, and the code, forwards the request to the banking or financial institution.
  • the invention concentrates on the architecture for management of the transaction.
  • the architecture and operation of the access device is not illustrated.
  • CoIeIIa 1 relates to an electronic device for authentication by means of a biometric (fingerprint) sensor to use in all the fields in which identification is required in a reliable way (payments made in commercial establishments, petrol stations, supermarkets, check-in desks at airports, etc.).
  • the device is a plastic card (similar to a card of a Bancomat type) with: biometric sensor, wireless transmitter and receiver, magnetic stripe for storage of data, LEDs 1 photograph of the owner.
  • the purpose of the present invention is to overcome all the aforesaid drawbacks and indicate a method and apparatus for access to telematic services in protected mode by means of a single electronic universal key, and corresponding electronic universal key, such as to provide the user with a single, universal, secure, simple, and integrated solution.
  • EUK Electronic Universal Key
  • tel ⁇ matic- authentication systems accesses via the Internet to reserved areas, payments via credit/debit cards, use of POS and ATM systems, on-line transactions, registration of accesses via badges, etc.).
  • a particular subject of the present invention is a method and apparatus for access to telematic services in protected mode by means of a single electronic universal key, and corresponding electronic universal key, as described in greater detail in the claims, which form an integral part of the present description.
  • Figure 1 shows a block diagram of a system of a known type for access to the services in a secure way
  • Figure 2 shows a block diagram of a system in accordance with the present invention
  • Figure 3 shows a functional block diagram of the electronic universal key EUK
  • Figure 4 shows a block diagram of the procedure for manufacturing the EUK and the SIM card
  • Figure 5 shows a block diagram of the procedure of initialization of the EUK
  • Figure 6 shows a block diagram of the procedure of activation of the EUK
  • Figure 7 shows a block diagram of the procedure of subscription to the service
  • Figure 8 shows a block diagram of the procedure of regeneration of the EUK
  • Figure 9 shows an example of production of the EUK with the cover of the display closed
  • Figure 10 shows an example of production of the EUK with the cover of the display open; and Figure 11 shows an example of production of the EUK with the cover of the display removable and equipped with an electronic system for smart-card emulation.
  • the subject of the invention is an architecture for access to telematic services in SSF (Secured Services Framework) protected mode by means of a single electronic universal key (EUK)
  • EUK electronic universal key
  • the architecture comprises:
  • EUK electronic universal key
  • the general architecture of the apparatus comprises:
  • - Key Factory 204 body manufacturing the electronic universal keys
  • - S 1 A, S 2 A- SIB, ... the services accessible by the user
  • - Service Providers 202 providers of the services
  • - Electronic Universal Key EUK portable device equipped with biometric sensor, SIM card SIM 1 microprocessor, and a permanent electronic filing unit. Also present are further auxiliary systems for management and exchange of the data:
  • SSF-US Silicon Services Framework - User Side: software and hardware components for exchange of data between the EUK and the remote Service Provider 202. It manages communication, client side, with the service provider using encryption criteria and sends to the EUK the data destined to the user USER by the service provider. It manages communication with the Key Factory 204 during the step of activation and regeneration of the EUK. Furthermore, it handles the communication for verification of the compliance of the service during the steps of subscription and access.
  • - SSF-SS Silicon Services Framework - Service Side: software and hardware components associated to the Service Provider 202. It is responsible for storage of the subscriptions of the EUKs to the associated service Si A , S 2A , SIB, ... It manages the communication, server side, with the remote interlocutor using encryption criteria and sends to the service provider the data for use of the service by the user USER. The information regarding the subscriptions is stored within a local database 211. Furthermore, it handles the possible communication with the Key Factory 204 for control of validity of the EUKs during subscription and/or access to the service.
  • - SSF-FS Silicon and hardware components associated to the Key Factory 204. It manages the communication with the user USER using encryption criteria and sends to the Key Factory 204 the data necessary for creation and activation of the EUKs. Furthermore, it handles the possible communication with the Service Providers
  • - SSF-SS - SSF-FS Connections 206 encrypted communications between Service Providers 202 and the Key Factory 204, used optionally during the step of subscription of a service for verification of the state of activation of the EUK. Optionally, they can be used during the step of access to a service.
  • - SSF-FS - SSF-US Connections 207 encrypted communications between the Key Factory 204 and the EUK 1 used during the steps of activation and regeneration of the key.
  • - SSF-US - SSF-SS Connections 208 encrypted communications between the EUK and the Service Provider 202, used during the steps of subscription and access to the service Su, S 2 A, S 18 , ... Electronic Universal Key EUK
  • the physical device that enables the user to connect up to all the distributed components of the secure communication system is the Electronic Universal Key (EUK).
  • EUK Electronic Universal Key
  • the device comprises the following functional blocks, which are physically integrated therein, illustrated in Figure 3:
  • VU Fingerprint Verification Unit
  • ESMU Encryption and Subscription Management Unit
  • Mass Storage Memory - a Mass Storage Memory (MSM); - a Communication Interface 503 towards the outside world;
  • SIM SIM card
  • a Keyboard Unit 320 for user input - a Power Distribution Unit (PDU) integrated in the EUK.
  • PDU Power Distribution Unit
  • the unit FVU has a first task, in an initialization step, of managing the steps of acquisition of the fingerprint templates (Templates) and storing them in a nonvolatile memory 403.
  • the fingerprint is acquired by means of a sensor 401, operation of which is managed by a special control unit ( ⁇ Controller) 402.
  • ⁇ Controller special control unit
  • the information destined to the FVU, and handled and produced thereby, is carried on an electrical connection 404, which sets the unit FVU in communication with the ESMU.
  • the FVU is responsible for acquisition of the image of the fingerprint and verification of the correspondences with the Templates.
  • the unit communicates to the ESMU that recognition has occurred; otherwise, the user is not recognized as the original owner of the device, and all the subsequent operating steps are suspended, and the user USER is informed of the negative outcome of the operation through the Display Unit DU.
  • the unit ESMU comprises a microcontroller ( ⁇ Controller) 504 responsible for management of all the processes that involve the EUK. Management of the satellite components to which the ESMU is connected is divided into specialized subcomponents (Interfaces); namely, the FVU Interface 502 manages the FVU since it governs, through the electrical connection 404, the steps of acquisition and storage of data, requests the results of the operations of verification of the identity of an individual, and communicates the results to the Operator 504.
  • ⁇ Controller microcontroller
  • the Display Interface 510 manages the Display Unit through its own connection 511. Access to the non-volatile memory, necessary for the Operator 504 to store all the information regarding the subscription to the services and the device identifiers, occurs instead through a Memory Interface 509 and the corresponding connection 508 to a Mass-Storage Memory MSM. Access to the SIM cards SIM is governed by a SIM-Card Interface 506 and by its own connection 507, given that the Operator 504 requires a SIM connection in the step of initialization or regeneration of an EUK.
  • All the communications are carried to the outside the EUK through a Communication Interface 503 and the corresponding communication channel 505, exploiting one or more of the possible technological solutions listed or possible other forms of electrical connection (for example, RFID, ethemet, etc.), which are equally functional for the purpose and are in themselves known.
  • the Display Unit (DU) has the purpose of providing indications to the user on the operating state of the device and the operations conducted therewith. Said communications can occur by means of light indicators LEDs 312, possibly integrated by an alphanumeric display 311.
  • the Keyboard Unit (KU) 320 manages possible input by the user through an elementary keypad with multifunction cursor keys. Management of the interactions of the user with the KU is handled by a subcomponent of the Keyboard Management Unit (KMU) system 512 present within the ESMU.
  • KMU Keyboard Management Unit
  • the Power-supply-Distribution Unit is responsible for distribution of the current necessary for operation of the electronic components of the system.
  • the primary supply source can be a battery, possibly of the rechargeable type, or a voltage directly carried through the Interface 503 from the outside.
  • the latter can be connected, for example, to devices such as USB 307,
  • BlueTooth 308, ZigBee 309, ISO 7816 310 in themselves known.
  • the EUK can assume the form indicated in Figures 9, 10 and 11.
  • the EUK is equipped with a series of electrical contacts arranged according to what is envisaged by the standard for smart cards ISO 7816-2 ( Figure 10 - 310). Through said contacts it is possible to use the device in all the equipment in which there is envisaged insertion of a smart card.
  • the electrical connectors carry the signals inside the ESMU through the channel 505.
  • Said interface is mounted on the protective cover of the screen of the device. Use of the device by means of said interface is obtained by lifting the cover and inserting it into the purposely provided reading system.
  • the invention envisages the possibility of the cover of the EUK being, in some configurations, completely removable ( Figure 11 - 701).
  • the cover will be in compliance also with the standard ISO 7816-1, which specifies the dimensions and thickness thereof.
  • Present within the removable cover is also a standby battery 703.
  • the standby battery has the purpose of supplying a microprocessor integrated in the card 702 and connected to the ESMU through the channel 505.
  • the microprocessor is also connected to the electrical interface 310 set on the cover once again through the connection 505.
  • the device comprises an Electronic Universal Key EUK and a SlM card SIM.
  • Both of the FactoryJDs [602 and 604] are created by the Key Factory 204, which stores a copy thereof in its own database 211 for subsequent verifications.
  • Initialization step The initialization step, described in Figure 5, is the first operation of use of the
  • the Fingerprint-Template Registration procedure is carried out; otherwise, there is a request for authentication of the fingerprint in order to be able to proceed with use.
  • the next operation is the activation step.
  • Activation of the EUK envisages use of the EUK, of the SIM, and of a computer terminal equipped with the software module SSF-US connected to the Internet. The steps and units involved are described in Figure 6.
  • the Service Provider 202 which provides a service, for example S1 (or else other services S 2 , S 3 S n ); and - the Key Factory 204, which guarantees the validity of the EUK.
  • the software infrastructure that manages the data communication comprises:
  • the procedure starts with the request for use of the service, for example S1.
  • SSF-US requests the user to make his own authentication on the EUK via fingerprint recognition 401.
  • the user puts his finger on the FVU present in the EUK, which has to recognize the fingerprint.
  • SSF-US activates a data communication on a secure channel 208 with SSF- SS of the Service Provider 202 of the service S1.
  • SSF-US sends the FactoryJD of the EUK to SSF-SS.
  • SSF-SS generates a unique identifier Sid associated to the FactoryJD and to the service requested exploiting the Universal Key possessed by the service provider and sends it to SSF-US together with its ServjceJD.
  • SSF-US verifies the presence of this identifier in its own memory.
  • the procedure of verification at the Key Factory 204 of the genuineness of the service is activated; consequently, SSF-US activates a data communication on a secure channel 207 with SSF-FS of the Key Factory 204, and sends the ServiceJD associated to the Sid received; if the ServiceJD is recognized by the Key Factory 204 and its state is active, the procedure continues; otherwise, it is interrupted and the SSF-US warns the user that the service cannot be subscribed tO.
  • SSF-US generates in turn a unique identifier Pid associated to the Sid received and sends it to SSF-SS.
  • SSF-SS can store in its own archives the data regarding the EUK, namely: Pid, Sid and FactoryJD, plus possible further information regarding the EUK, and sends the confirmation of subscription to SSF-US.
  • SSF-US receives the confirmation of subscription and stores in its own memory the data regarding the service subscribed to, namely: Sid and Pid, plus possible further information regarding the service S1 and the Service Provider 202.
  • SSF-US asks the user if he wishes to use the service just subscribed to or else close the procedure. All the identifiers and the encryption keys used in the processes described can be generated with the encryption algorithms known to the state of the art.
  • Service_Type The information linked to the type of service subscribed to remains In clear within the system (Service_Type). Said information is used in the initial step of access to a service as element for selection and as filter for the possible keys to be utilized for use of a service.
  • Service_Label an alphanumeric label that is able to distinguish and describe the service without any ambiguity.
  • the system envisages storage in the EUK of additional information
  • Prime_Data which can be defined on the basis of the operating requirements of the service subscribed to and further identify it, such as, for example, the complete number of a credit card, the residual credit, etc.
  • the information can be displayed within the Display Unit for the EUKs, which envisage also off-line operative functions.
  • the invention envisages the possibility of configuring the EUK in such a way as to be able to access the Private_Data irrespective of connection of the device to a service provider.
  • the user has to activate the EUK through his fingerprint, and then can display the information Private_data directly on the Display Unit by scrolling the list available with cursor keys or similar navigation systems 320.
  • Said modality enables selection of a service that it is intended to use even before having made the connection to the service provider.
  • Use of a service Once subscription to a service has been made, it is possible to use said service, by means of a procedure of authentication similar to the one used for subscription to the service described in Figure 7. Also similar are the elements involved and the software infrastructure.
  • the procedure starts with the user who requests use of the service, for example S1.
  • SSF-US asks the user to carry out authentication on the EUK by fingerprint recognition 401.
  • the user puts his finger on the FVU present in the EUK, which has to recognize the fingerprint.
  • SSF-US opens the communication on a secure channel with SSF-SS 1 and sends his own FactoryJD.
  • SSF-SS verifies the FactoryJD via the connection on a secure channel with the Key Factory.
  • SSF-SS generates the unique identifier Sid with the FactoryJD received and sends it to SSF-US together with its ServiceJD.
  • the procedure for verification at the Key Factory of the genuineness of the service is activated.
  • SSF-SS consequently activates a data communication on a secure channel 207 with SSF-FS of the Key Factory 204, and sends the ServiceJD associated to the Sid received; if the ServiceJD is recognized by the Key Factory 204 and its state is active, the procedure continues; otherwise, it is interrupted, and the SSF-US warns the user that the service is not accessible.
  • SSF-US verifies whether the Sid is present in its own memory and, if it is, it continues; otherwise, it passes on to the SUBSCRIPTION procedure (see the previous section "Subscription to a service").
  • SSF-US generates its own unique identifier Pid with the Sid received and sends it to SSF-SS, which looks for it in its own archive. If it finds it, it verifies whether the data (Pid, Sid and FactoryJD) are congruent and, if they are, enables the EUK to access the service.
  • Sid and Pid are the same ones generated in the step of subscription to the service and are different for each combination of EUK and service subscribed to. At this point, the procedure continues with the modalities envisaged by the specific service.
  • the object of the present invention envisages the possibility of regenerating an EUK in the case where this has been mislaid, stolen or has undergone permanent damage.
  • the operation of regeneration enables initialization of a new electronic key with a procedure similar to the step of normal initialization with the sole variant whereby there is an express indication to the EUK of the intention to generate a replacement key for the EUK that is by now unusable.
  • the operation is performed according to the scheme described in Figure 8.
  • the user will have to make available the SIM with which he had generated the first electronic key, and the SIM will have to be inserted within a virgin EUK, i.e., one that has never been used and is without fingerprint-recognition Templates.
  • the operation of initialization of the EUK starts with the registration of the fingerprint Templates 401 within EUK.
  • the procedure envisages the possibility of indicating also a second code PIN2 corresponding precisely to the initialization step prior to the regeneration step.
  • the codes chosen by the user enable:
  • the information of regeneration of the key is sent to the Key Factory 204.
  • Said operation altogether constitutes a first subscription to a service, is managed as indicated hereinafter and enables verification of the correct procedure of regeneration.
  • Both the new Pid and Sid and the ones associated to the previous activation are exchanged with the Key Factory. If the Key Factory recognizes the combination between FactoryJD and Pid, it updates its own database with the new Pid associated to the new EUK; otherwise, it does not recognize the replacement and does not allow completion of the operation of validation. It might happen that the user does not recall correctly the PIN2 (previous activation) thus causing generation of wrong codes for replacement.
  • the activation step at the Key Factory enables management of said fault by signalling the error to the user and providing the latter with the possibility of repeating the operation a limited number of times. Once said number of attempts has been exceeded, the EUK becomes unusable. First access to a service with regenerated keys
  • the subject of the invention envisages a special procedure for managing accesses of a user carried out using a regenerated EUK to services subscribed to previously with the original EUK.
  • the operating modalities envisaged are basically three: 1. "Transparent" mode - This mode enables an automatic recognition of the new identity of the EUK and a step of updating of the archive at the service provider, as well as an automatic storage of all the data that it is possible to re- transfer onto the portable device (EUK) by the service provider.
  • Replacement Report mode With this mode, which can be selected by the service provider in possible agreement with the user during original subscription, the service provider is informed of the replacement of the key and suspends any future access to the service both for the original key and for the replacement key.
  • the replacement key will have to be enabled again with a procedure purposely envisaged by the service provider (for example, following upon formal communication via fax of the intention of the user to re-activate the service with corresponding photocopy of his identity document)
  • the procedure starts with the request for use of the service, for example S1 -
  • SSF-US asks the user to make his own authentication on the EUK via recognition of his fingerprint. If the recognition is successful, the procedure continues; otherwise, it is interrupted (authorization denied).
  • SSF-US activates a data communication on a secure channel with SSF-SS of the provider of the service S1.
  • SSF-US sends the Fact ⁇ ryJD of the EUK to SSF-SS.
  • SSF-SS can verify the validity of the EUK. It consequently activates a data communication on a secure channel with SSF-FS of the Key Factory and sends the Factory J D received.
  • SSF-SS generates the unique identifier Sid with the FactoryJD received and sends it to SSF-US together with its ServiceJD.
  • the procedure of verification at the Key Factory of the genuineness of the service is activated.
  • SSF-SS consequently activates a data communication on a secure channel 207 with SSF-FS of the Key Factory 204, and sends the ServiceJD associated to the Sid received; if the Servic ⁇ JD is recognized by the Key Factory 204 and its state is active, the procedure continues; otherwise, it is interrupted, and the SSF-US warns the user that the service is not accessible.
  • SSF-US verifies the presence of this identifier in its own memory. Since it is the first access to the service after regeneration of the key, the outcome of the check is certainly negative.
  • SSF-US generates in turn two unique identifiers Pid# and Pid associated to the Sid received and sends them to SSF-SS.
  • the two identifiers are an expression of internal algorithms such as to generate unique codes according to the FactoryJD and the PIN code chosen by the User. In this way, the system generates the identifier code for the original service and a new identifier code associated to the new PIN.
  • SSF-SS has to verify within its own archive the possible existence of a subscription made with the replaced identifier code.
  • the system In the case where the system manages to find said reference, it will have to update the subscription data replacing the components linked to the "old" identifier with those of the "new” one and automatically sends to the EUK ail the data necessary for "synchronisation" of the internal archives of the service provider and of the EUK.
  • the user selects the key to be used for authentication and/or transaction.
  • the key selected is sent to the reading device by means of the interface provided on the cover of the display ( Figure 10 - 310).
  • the user authenticates himself by placing his finger on the sensor; - the display presents the list of the usable subscriptions;
  • the codes and the information to be used are transferred within the microcontroller present inside the removable card into the microprocessor 702; - once the card has been programmed, it is removed from the seat of the EUK and inserted in the reading device (for example, an ATM).
  • the reading device for example, an ATM
  • the battery present inside the card 703 enables use of the smart card just for the transaction for which it has been programmed by the EUK.
  • the first strategy envisages entry by the user of a random PlN, which is then in any case ignored by the card present in the reading device, or else the EUK generates a random PIN during the programming step, and this is then displayed on the screen of the EUK, and then typed on the device, for example, the ATM.
  • the smart card is returned by the reading system so as to enable it to be reconnected to the EUK and again perform function of screen protection. Integrations
  • the architecture proposed is configurable both in a distributed context on
  • the present invention can be advantageously implemented via one or more computer programs, which comprise code means for implementation of one or more steps of the method, when these programs are run on a computer. Consequently, it is understood that the sphere of protection extends to said computer programs and moreover to computer-readable means that comprise a stored message, said computer-readable means comprising program-coding means for implementation of one or more steps of the method, when said program is run on a computer.

Abstract

Described herein is a method and apparatus for access to telematic services in protected mode by means of an electronic universal key (EUK) of a portable type, comprising within it: a fingerprint-verification unit (FVU) with a biometric sensor; an encryption-and-subscription management unit (ESMU); a display unit (DU); a mass-storage memory (MSM); one or more communication interfaces towards the outside world (503); and a housing for SIM cards (SIM), so that an access to telematic services is executed via fingerprint recognition by said fingerprint-verification unit (FVU) and emission by said encryption-and-subscription management unit (ESMU) of a unique identification code that is different for each telematic service, recognized valid for the operations of access. Together with the access code, stored on the device in an encrypted form is also information utilized during use of the services subscribed to. The apparatus and the method described can be used for any type of access, even physical ones (doors, gates, etc.) and not only of a virtual or telematic nature.

Description

METHOD AND APPARATUS FOR ACCESS TO TELEMATIC SERVICES IN
PROTECTED MODE BY MEANS OF A SINGLE ELECTRONIC UNIVERSAL
KEY, AND CORRESPONDING ELECTRONIC UNIVERSAL KEY
DESCRIPTION Field of application of the invention
The present invention relates to a method and apparatus for access to telematic services in protected mode by means of a single electronic universal key, and corresponding electronic universal key. Background of the invention The current methodology of access to any telematic service that requires authentication occurs by means of a series of specific devices that are different from one another, such as for example, hardware or software keys. For instance (Figure 1), it is possible to use a company badge or else pay with a magnetic credit card combined with a current account. On the Internet, access to the various sites is disciplined by a series of passwords, which are either chosen or imposed, but in any case are frequently forgotten after a short time.
The physical, virtual, and mental commitment required for management of the innumerable access keys that the average person is forced to handle increases every day. US2007/0150419 of Kozlay, proposes the development of a system for the authentication and protection of on-line transactions via the recognition of fingerprints on a mobile device. However, the problems regarding loss, theft, or failure of the device are not taken into consideration, and a universal solution that can be integrated with current technologies already in use for authentication and/or electronic payment is not proposed.
US2006/00269051 of Stephen Lucas, proposes a device that is able to manage not only the steps of authentication and access but also the possibility of storing within the device confidential information protected by the biometric key. Management of information encrypted outside the device to guarantee protection of the entire chain of communication and access, is not taken into account. Nor does the inventor take into consideration the modalities of integration with existing devices by means of the application on the device of an interface of a smart-card type (integration with POS and ATM), and also in this case methods for handling loss of the device are not dealt with.
US2005/0066199 of Hui Lin, proposes integration in the portable device of a smart card containing the credentials of access of the user but does not protect the use of the information contained in the device by means of a biometric key. Furthermore, no indication is provided on the modalities of use of the device for different accesses with specific identification keys for each service.
US2007/133037 of Ba-Do Lee, proposes integration of a system for verification of biometric parameters in mobile communication devices, where access to the device and to the information contained therein are protected by the biometric key. The device can be used for managing authentication of the user to other services or access to protected areas, exploiting the wireless communication channels integrated in the communication system. The invention does not take into consideration protection of the communication channel by means of encryption of the information; moreover, it does not envisage the possibility of verifying the reliability of the access keys used.
US27033150 of Kingsley Chukwudum Nwosu, proposes registration of the access keys within a Biometrics Identification Card (BIC). Before being readable and used, all the user data require verification of the biometric key or keys. The biometric template is sent to the service provider for verification of correspondence. It is not possible for a user to access telematic services anonymously or with different profiles in so far as the biometric key remains invariant.
US20030187790 of Amy Swift, Lisa Tidwell, and Cassandra Mollett, relates to the adoption of a new architecture for complete management of any electronic economic transaction. The architecture envisages the use of a debit device that the user has to use to make the payment. The dealer adopts a system made up of a server, a database, and a corresponding logic code for management of the user data. The request for the transaction is made to a dedicated system, which, via the server, the database, and the code, forwards the request to the banking or financial institution. The invention concentrates on the architecture for management of the transaction. The architecture and operation of the access device is not illustrated. The method proposed is strongly linked to the management of the economic transaction and is difficult to adapt to a system for the general management of accesses (including physical ones). The procedures to be adopted when the device gets lost, is stolen or damaged are not indicated. US20070214093A1 of Brian A. CoIeIIa1 relates to an electronic device for authentication by means of a biometric (fingerprint) sensor to use in all the fields in which identification is required in a reliable way (payments made in commercial establishments, petrol stations, supermarkets, check-in desks at airports, etc.). The device is a plastic card (similar to a card of a Bancomat type) with: biometric sensor, wireless transmitter and receiver, magnetic stripe for storage of data, LEDs1 photograph of the owner. In this case, no integration with the direct USB port is provided, not is there envisaged the use of a plurality of access identifiers that are not linked to the effective identity of the user. Object of the Invention Consequently, the purpose of the present invention is to overcome all the aforesaid drawbacks and indicate a method and apparatus for access to telematic services in protected mode by means of a single electronic universal key, and corresponding electronic universal key, such as to provide the user with a single, universal, secure, simple, and integrated solution. The characteristics outlined below form the particular subject of the present invention, in addition to other features, which will also be described hereinafter.
- A portable device referred to as "Electronic Universal Key" (EUK) for ascertainment of the credentials of access of a user to telematic services.
- The possibility of use of a plurality of heterogeneous services by means of the use of a single device (EUK) through a protected and secure infrastructure referred to as "Secured Services Framework". In the present context, the term "telematic services" assumes a wide meaning, comprising an extensive series of usable services, described hereinafter.
- In the case where it is not possible to use the device through the protected infrastructure referred to as "Secured Services Framework", particular procedures are envisaged for storage of access credentials of a classic type (Username/Password, digital IDs) to be used under the control of the user, which are also protected by the biometric key.
- Adoption of a biometric system for reading fingerprints provided inside the EUK device for management of all the steps of verification of the identity and/or credentials of the user. - Guarantee of security of the transactions of the data by means of encryption systems.
- A technological solution that can be integrated in current telβmatic- authentication systems (accesses via the Internet to reserved areas, payments via credit/debit cards, use of POS and ATM systems, on-line transactions, registration of accesses via badges, etc.).
- Development of an EUK based upon physical connections (of a USB, RS232, Ethernet, or ISO 7816 type) or upon wireless-type systems (Bluetooth, ZigBee, RFID1 WiFi).
- A technological solution configurable on distributed or centralized systems. - An architecture and method for management of the steps of subscription and access to the telematic services, with the generation of the access credentials in a secure and protected automatic way.
- A method of certification of the keys and of the service providers that will guarantee the genuineness thereof. - A system of anonymous credentials based upon the genuineness of the components involved in the step of access and communication.
- A method of warning of total or partial automatic blocking of the services subscribed to.
- A technological solution and an application method for regeneration of the electronic universal portable devices (EUKs), irrespective of the creation of backup copies of the devices.
A particular subject of the present invention is a method and apparatus for access to telematic services in protected mode by means of a single electronic universal key, and corresponding electronic universal key, as described in greater detail in the claims, which form an integral part of the present description. Brief description of figures Further purposes and advantages of the present invention will emerge clearly from the ensuing detailed description of an example of embodiment thereof (and of its variants) and from the annexed drawings, which are provided purely by way of explanatory and non-limiting example and in which:
Figure 1 shows a block diagram of a system of a known type for access to the services in a secure way;
Figure 2 shows a block diagram of a system in accordance with the present invention;
Figure 3 shows a functional block diagram of the electronic universal key EUK; Figure 4 shows a block diagram of the procedure for manufacturing the EUK and the SIM card;
Figure 5 shows a block diagram of the procedure of initialization of the EUK; Figure 6 shows a block diagram of the procedure of activation of the EUK; Figure 7 shows a block diagram of the procedure of subscription to the service; Figure 8 shows a block diagram of the procedure of regeneration of the EUK;
Figure 9 shows an example of production of the EUK with the cover of the display closed;
Figure 10 shows an example of production of the EUK with the cover of the display open; and Figure 11 shows an example of production of the EUK with the cover of the display removable and equipped with an electronic system for smart-card emulation.
The same reference numbers and letters as the ones used in the figures identify the same elements or components. Description of the invention
The subject of the invention is an architecture for access to telematic services in SSF (Secured Services Framework) protected mode by means of a single electronic universal key (EUK)
Further subjects of the invention are the electronic universal key (EUK) and the methods of use of the architecture, which are described in greater detail hereinafter.
General architecture of the apparatus The architecture comprises:
- an electronic universal key (EUK) equipped with biometric sensor for unique identification of the user; and
- distributed hardware and software components SSF for management of the communication and use of the services;
With reference to Figure 2, the general architecture of the apparatus comprises:
- Key Factory 204: body manufacturing the electronic universal keys;
- S1A, S2A- SIB, ... : the services accessible by the user; - Service Providers 202: providers of the services;
- USER: the user who owns the electronic key; and
- Electronic Universal Key EUK: portable device equipped with biometric sensor, SIM card SIM1 microprocessor, and a permanent electronic filing unit. Also present are further auxiliary systems for management and exchange of the data:
- SSF-US (Secured Services Framework - User Side): software and hardware components for exchange of data between the EUK and the remote Service Provider 202. It manages communication, client side, with the service provider using encryption criteria and sends to the EUK the data destined to the user USER by the service provider. It manages communication with the Key Factory 204 during the step of activation and regeneration of the EUK. Furthermore, it handles the communication for verification of the compliance of the service during the steps of subscription and access.
- SSF-SS (Secured Services Framework - Service Side): software and hardware components associated to the Service Provider 202. It is responsible for storage of the subscriptions of the EUKs to the associated service SiA, S2A, SIB, ... It manages the communication, server side, with the remote interlocutor using encryption criteria and sends to the service provider the data for use of the service by the user USER. The information regarding the subscriptions is stored within a local database 211. Furthermore, it handles the possible communication with the Key Factory 204 for control of validity of the EUKs during subscription and/or access to the service. - SSF-FS (Secured Services Framework - Factory Side): software and hardware components associated to the Key Factory 204. It manages the communication with the user USER using encryption criteria and sends to the Key Factory 204 the data necessary for creation and activation of the EUKs. Furthermore, it handles the possible communication with the Service Providers
202 and/or with the user USER for verification of the devices in use. The information regarding the subscriptions are stored within a local database 211. The components of the architecture are connected together via electronic communication channels, such as: - SSF-SS - SSF-FS Connections 206: encrypted communications between Service Providers 202 and the Key Factory 204, used optionally during the step of subscription of a service for verification of the state of activation of the EUK. Optionally, they can be used during the step of access to a service. - SSF-FS - SSF-US Connections 207: encrypted communications between the Key Factory 204 and the EUK1 used during the steps of activation and regeneration of the key. Optionally, they can be used during the step of access to a service SiA, SM, SIB, ... for verification of the compliance of the service to the standard defined by the system. - SSF-US - SSF-SS Connections 208: encrypted communications between the EUK and the Service Provider 202, used during the steps of subscription and access to the service Su, S2A, S18, ... Electronic Universal Key EUK
The physical device that enables the user to connect up to all the distributed components of the secure communication system is the Electronic Universal Key (EUK).
The device comprises the following functional blocks, which are physically integrated therein, illustrated in Figure 3:
- a Fingerprint Verification Unit (FVU); - an Encryption and Subscription Management Unit (ESMU);
- a Display Unit (DU);
- a Mass Storage Memory (MSM); - a Communication Interface 503 towards the outside world;
- a housing for SIM card (SIM), wherein at least one SIM card (SIM) can be inserted in a removable way;
- a Keyboard Unit 320 for user input; - a Power Distribution Unit (PDU) integrated in the EUK.
The functional logical scheme illustrated above does not necessarily reflect the physical organization of the electronic components necessary for implementation of the device.
The unit FVU has a first task, in an initialization step, of managing the steps of acquisition of the fingerprint templates (Templates) and storing them in a nonvolatile memory 403. The fingerprint is acquired by means of a sensor 401, operation of which is managed by a special control unit (μController) 402. The information destined to the FVU, and handled and produced thereby, is carried on an electrical connection 404, which sets the unit FVU in communication with the ESMU.
During the operating steps subsequent to initialization, the FVU is responsible for acquisition of the image of the fingerprint and verification of the correspondences with the Templates. In the case where the images acquired were to coincide with the ones stored in the non-volatile memory, the unit communicates to the ESMU that recognition has occurred; otherwise, the user is not recognized as the original owner of the device, and all the subsequent operating steps are suspended, and the user USER is informed of the negative outcome of the operation through the Display Unit DU.
The unit ESMU comprises a microcontroller (μController) 504 responsible for management of all the processes that involve the EUK. Management of the satellite components to which the ESMU is connected is divided into specialized subcomponents (Interfaces); namely, the FVU Interface 502 manages the FVU since it governs, through the electrical connection 404, the steps of acquisition and storage of data, requests the results of the operations of verification of the identity of an individual, and communicates the results to the Operator 504.
The Display Interface 510 manages the Display Unit through its own connection 511. Access to the non-volatile memory, necessary for the Operator 504 to store all the information regarding the subscription to the services and the device identifiers, occurs instead through a Memory Interface 509 and the corresponding connection 508 to a Mass-Storage Memory MSM. Access to the SIM cards SIM is governed by a SIM-Card Interface 506 and by its own connection 507, given that the Operator 504 requires a SIM connection in the step of initialization or regeneration of an EUK.
All the communications are carried to the outside the EUK through a Communication Interface 503 and the corresponding communication channel 505, exploiting one or more of the possible technological solutions listed or possible other forms of electrical connection (for example, RFID, ethemet, etc.), which are equally functional for the purpose and are in themselves known.
The Display Unit (DU) has the purpose of providing indications to the user on the operating state of the device and the operations conducted therewith. Said communications can occur by means of light indicators LEDs 312, possibly integrated by an alphanumeric display 311.
The Keyboard Unit (KU) 320 manages possible input by the user through an elementary keypad with multifunction cursor keys. Management of the interactions of the user with the KU is handled by a subcomponent of the Keyboard Management Unit (KMU) system 512 present within the ESMU.
The Power-supply-Distribution Unit (PDU) is responsible for distribution of the current necessary for operation of the electronic components of the system. The primary supply source can be a battery, possibly of the rechargeable type, or a voltage directly carried through the Interface 503 from the outside. The latter can be connected, for example, to devices such as USB 307,
BlueTooth 308, ZigBee 309, ISO 7816 310 in themselves known.
In a possible configuration, the EUK can assume the form indicated in Figures 9, 10 and 11. In said configurations, the EUK is equipped with a series of electrical contacts arranged according to what is envisaged by the standard for smart cards ISO 7816-2 (Figure 10 - 310). Through said contacts it is possible to use the device in all the equipment in which there is envisaged insertion of a smart card. The electrical connectors carry the signals inside the ESMU through the channel 505. Said interface is mounted on the protective cover of the screen of the device. Use of the device by means of said interface is obtained by lifting the cover and inserting it into the purposely provided reading system.
The invention envisages the possibility of the cover of the EUK being, in some configurations, completely removable (Figure 11 - 701). In this case, the cover will be in compliance also with the standard ISO 7816-1, which specifies the dimensions and thickness thereof. Present within the removable cover is also a standby battery 703. The standby battery has the purpose of supplying a microprocessor integrated in the card 702 and connected to the ESMU through the channel 505. The microprocessor is also connected to the electrical interface 310 set on the cover once again through the connection 505.
Methods of use of the apparatus
Described hereinafter are the various methods of use of the apparatus for access to the telematic services in protected mode, which also form the subject of the invention.
The methods of use regard the following steps:
- Creation of the universal keys (manufacturing step);
- Activation of the universal keys (initialization step);
- Subscription to a service; - Access to the service;
- Regeneration of the universal keys;
- Access to a service with regenerated keys;
- Use of the EUK in the terminals provided for reading of smart cards (POS or the like). Manufacturing Step
In the manufacturing step, the device comprises an Electronic Universal Key EUK and a SlM card SIM.
During manufacture of each EUK and of each SIM, there is generated by the manufacturer a unique identifier (FactoryJD) of that particular device that leaves the factory, and said identifier is stored in the device.
The components involved during this step are illustrated in Figure 4 and are:
- the SlM with a FactoryJDji 602 of its own; - the EUK with a FactoryJD_2 604 of its own.
Both of the FactoryJDs [602 and 604] are created by the Key Factory 204, which stores a copy thereof in its own database 211 for subsequent verifications.
Initialization step The initialization step, described in Figure 5, is the first operation of use of the
EUK by the user and envisages the following operations:
- insertion of the EUK in a computer terminal equipped with the software module SSF-US; and
- check, via the EUK, of the existence of the fingerprint Templates 401 through the ESMU.
If no Template exists within the EUK, the Fingerprint-Template Registration procedure is carried out; otherwise, there is a request for authentication of the fingerprint in order to be able to proceed with use.
After authentication of the fingerprint has gone through successfully, the next operation is the activation step.
Activation step
Activation of the EUK envisages use of the EUK, of the SIM, and of a computer terminal equipped with the software module SSF-US connected to the Internet. The steps and units involved are described in Figure 6.
Through a software for management of the procedure present in SSF-US, the user is guided in the activation steps, which can be schematically summarized as follows:
- insertion of the SIM into the EUK; - entry of the alphanumeric PIN Code chosen by the user to generate a unique identifier of said Universal Key (UK) known only to the device and deriving from a combination between the PIN and the FactoryJD of the SlM;
- removal of the SIM from the EUK;
- connection to the Key Factory 204, through a secure channel 207, to verify the existence of the data involved in the process and validate or otherwise activation of the EUK. Activation that goes through successfully generates an EUK ready for use and subscription to the services. Subscription to a service
When the EUK is used for a service, a user-identification procedure is activated in such a way that the service provider will recognize the user and authorize him to use the service offered.
For this to occur, it is hence necessary for the references to the EUK to be present in the archives of the service provider and for the EUK to be authorized to use the specific service.
Consequently, upon first access to the service, the EUK will have to subscribe thereto following the procedure described with reference to Figure 7. The elements involved are:
- the EUK, through which subscription is made to the service;
- the Service Provider 202, which provides a service, for example S1 (or else other services S2, S3 Sn); and - the Key Factory 204, which guarantees the validity of the EUK.
The software infrastructure that manages the data communication comprises:
- SSF-US: framework for EUK-Service Provider and EUK-Key Factory communication;
- SSF-SS: framework for Service Provider-EUK and Service Provider- Key Factory communication;
- SSF-FS: framework for Key Factory-EUK and Key Factory-Service Provider communication.
The procedure starts with the request for use of the service, for example S1.
SSF-US requests the user to make his own authentication on the EUK via fingerprint recognition 401. In practice, the user puts his finger on the FVU present in the EUK, which has to recognize the fingerprint.
If the recognition is successful, the procedure continues; otherwise, it is interrupted (authorization denied).
SSF-US activates a data communication on a secure channel 208 with SSF- SS of the Service Provider 202 of the service S1.
SSF-US sends the FactoryJD of the EUK to SSF-SS.
SSF-SS has to verify the validity of the EUK: it consequently activates a data communication on a secure channel 206 with SSF-FS of the Key Factory 204, and sends the FactoryJD received: if the FactoryJD is recognized by the Key Factory 204 and its state is active, the procedure continues; otherwise, it is interrupted and the SSF-SS warns the SSF-US (E=UK not valid). SSF-SS generates a unique identifier Sid associated to the FactoryJD and to the service requested exploiting the Universal Key possessed by the service provider and sends it to SSF-US together with its ServjceJD.
SSF-US verifies the presence of this identifier in its own memory. Optionally, the procedure of verification at the Key Factory 204 of the genuineness of the service is activated; consequently, SSF-US activates a data communication on a secure channel 207 with SSF-FS of the Key Factory 204, and sends the ServiceJD associated to the Sid received; if the ServiceJD is recognized by the Key Factory 204 and its state is active, the procedure continues; otherwise, it is interrupted and the SSF-US warns the user that the service cannot be subscribed tO.
If the Sid is present in the memory of the EUK and the possible procedure of verification has been successful, the procedure of use of the service (see the next section "Use of a service") continues; otherwise, the step of subscription proceeds.
SSF-US generates in turn a unique identifier Pid associated to the Sid received and sends it to SSF-SS.
At this point SSF-SS can store in its own archives the data regarding the EUK, namely: Pid, Sid and FactoryJD, plus possible further information regarding the EUK, and sends the confirmation of subscription to SSF-US.
SSF-US receives the confirmation of subscription and stores in its own memory the data regarding the service subscribed to, namely: Sid and Pid, plus possible further information regarding the service S1 and the Service Provider 202.
SSF-US asks the user if he wishes to use the service just subscribed to or else close the procedure. All the identifiers and the encryption keys used in the processes described can be generated with the encryption algorithms known to the state of the art.
The information linked to the type of service subscribed to remains In clear within the system (Service_Type). Said information is used in the initial step of access to a service as element for selection and as filter for the possible keys to be utilized for use of a service.
In addition to the information on the type of service subscribed to, there has to be stored inside the EUK an alphanumeric label (Service_Label) that is able to distinguish and describe the service without any ambiguity.
The usefulness of said information is readily understandable with a practical example. If, for instance, within the EUK there are included the subscriptions to more than one electronic payment service, during the step of purchase in a commercial establishment the user must have the possibility of selecting a specific payment service from among the ones he has subscribed to. The information linked to the type enables the system to select, from amongst all the subscriptions, only the ones compatible with the operation in progress (Servlce_Type). Next, on the alphanumeric display of the EUK 311 or on the display of the payment terminal there may appear the list of the subscriptions of that particular type ready for being selected and used.
Jointly with the information linked to the type of the service and to the identifier labels, the system envisages storage in the EUK of additional information
(Private_Data), which can be defined on the basis of the operating requirements of the service subscribed to and further identify it, such as, for example, the complete number of a credit card, the residual credit, etc.
The information can be displayed within the Display Unit for the EUKs, which envisage also off-line operative functions.
The invention envisages the possibility of configuring the EUK in such a way as to be able to access the Private_Data irrespective of connection of the device to a service provider. In said configuration, the user has to activate the EUK through his fingerprint, and then can display the information Private_data directly on the Display Unit by scrolling the list available with cursor keys or similar navigation systems 320. Said modality enables selection of a service that it is intended to use even before having made the connection to the service provider. Use of a service Once subscription to a service has been made, it is possible to use said service, by means of a procedure of authentication similar to the one used for subscription to the service described in Figure 7. Also similar are the elements involved and the software infrastructure.
The procedure starts with the user who requests use of the service, for example S1.
SSF-US asks the user to carry out authentication on the EUK by fingerprint recognition 401. In practice, the user puts his finger on the FVU present in the EUK, which has to recognize the fingerprint.
If the recognition is successful, SSF-US opens the communication on a secure channel with SSF-SS1 and sends his own FactoryJD.
SSF-SS verifies the FactoryJD via the connection on a secure channel with the Key Factory.
If the FactoryJD belongs effectively to an active EUK the procedure continues; otherwise, SSF-SS warns SSF-US and the procedure is interrupted (EUK not valid).
SSF-SS generates the unique identifier Sid with the FactoryJD received and sends it to SSF-US together with its ServiceJD.
Optionally, the procedure for verification at the Key Factory of the genuineness of the service is activated. SSF-SS consequently activates a data communication on a secure channel 207 with SSF-FS of the Key Factory 204, and sends the ServiceJD associated to the Sid received; if the ServiceJD is recognized by the Key Factory 204 and its state is active, the procedure continues; otherwise, it is interrupted, and the SSF-US warns the user that the service is not accessible.
SSF-US verifies whether the Sid is present in its own memory and, if it is, it continues; otherwise, it passes on to the SUBSCRIPTION procedure (see the previous section "Subscription to a service").
SSF-US generates its own unique identifier Pid with the Sid received and sends it to SSF-SS, which looks for it in its own archive. If it finds it, it verifies whether the data (Pid, Sid and FactoryJD) are congruent and, if they are, enables the EUK to access the service.
Sid and Pid are the same ones generated in the step of subscription to the service and are different for each combination of EUK and service subscribed to. At this point, the procedure continues with the modalities envisaged by the specific service.
Regeneration of an Electronic Universal Key (EUK)
The object of the present invention envisages the possibility of regenerating an EUK in the case where this has been mislaid, stolen or has undergone permanent damage. The operation of regeneration enables initialization of a new electronic key with a procedure similar to the step of normal initialization with the sole variant whereby there is an express indication to the EUK of the intention to generate a replacement key for the EUK that is by now unusable. The operation is performed according to the scheme described in Figure 8.
During the operation of regeneration, the user will have to make available the SIM with which he had generated the first electronic key, and the SIM will have to be inserted within a virgin EUK, i.e., one that has never been used and is without fingerprint-recognition Templates. The operation of initialization of the EUK starts with the registration of the fingerprint Templates 401 within EUK.
Upon entry of a first code PIN1, however, the procedure envisages the possibility of indicating also a second code PIN2 corresponding precisely to the initialization step prior to the regeneration step. The codes chosen by the user enable:
- regeneration of the original unique code that will be stored in a purposely provided area of the device and used whenever it is necessary to indicate the identifier of the device replaced (Universal Key 2);
- generation of a new unique code that will distinguish the new device for all the subsequent operating steps (Universal Key 1 ).
During the initial activation step, the information of regeneration of the key is sent to the Key Factory 204.
Said operation altogether constitutes a first subscription to a service, is managed as indicated hereinafter and enables verification of the correct procedure of regeneration.
Both the new Pid and Sid and the ones associated to the previous activation are exchanged with the Key Factory. If the Key Factory recognizes the combination between FactoryJD and Pid, it updates its own database with the new Pid associated to the new EUK; otherwise, it does not recognize the replacement and does not allow completion of the operation of validation. It might happen that the user does not recall correctly the PIN2 (previous activation) thus causing generation of wrong codes for replacement. The activation step at the Key Factory enables management of said fault by signalling the error to the user and providing the latter with the possibility of repeating the operation a limited number of times. Once said number of attempts has been exceeded, the EUK becomes unusable. First access to a service with regenerated keys
The subject of the invention envisages a special procedure for managing accesses of a user carried out using a regenerated EUK to services subscribed to previously with the original EUK.
The operating modalities envisaged are basically three: 1. "Transparent" mode - This mode enables an automatic recognition of the new identity of the EUK and a step of updating of the archive at the service provider, as well as an automatic storage of all the data that it is possible to re- transfer onto the portable device (EUK) by the service provider.
2. "Replacement Report" mode - With this mode, which can be selected by the service provider in possible agreement with the user during original subscription, the service provider is informed of the replacement of the key and suspends any future access to the service both for the original key and for the replacement key. The replacement key will have to be enabled again with a procedure purposely envisaged by the service provider (for example, following upon formal communication via fax of the intention of the user to re-activate the service with corresponding photocopy of his identity document)
3. "Limited Functionality" mode - The service provider recognizes the replacement of the key but, while waiting for the user to supply an official documentation of replacement, enables access to the service with reduced functionality (for example, in the case of a use similar to the electronic-payment system a limit of security is set agreed upon during subscription to the service). The elements involved and the architecture are similar to the ones described above with reference to Figure 7 regarding use of a service.
The procedure starts with the request for use of the service, for example S1 -
SSF-US asks the user to make his own authentication on the EUK via recognition of his fingerprint. If the recognition is successful, the procedure continues; otherwise, it is interrupted (authorization denied).
SSF-US activates a data communication on a secure channel with SSF-SS of the provider of the service S1.
SSF-US sends the FactσryJD of the EUK to SSF-SS. SSF-SS can verify the validity of the EUK. It consequently activates a data communication on a secure channel with SSF-FS of the Key Factory and sends the Factory J D received.
If the FactoryJD is recognized by the Key Factory and its state is active, the procedure continues; otherwise, it is interrupted and SSF-SS warns SSF-US (EUK not valid).
SSF-SS generates the unique identifier Sid with the FactoryJD received and sends it to SSF-US together with its ServiceJD.
Optionally, the procedure of verification at the Key Factory of the genuineness of the service is activated. SSF-SS consequently activates a data communication on a secure channel 207 with SSF-FS of the Key Factory 204, and sends the ServiceJD associated to the Sid received; if the ServicθJD is recognized by the Key Factory 204 and its state is active, the procedure continues; otherwise, it is interrupted, and the SSF-US warns the user that the service is not accessible.
SSF-US verifies the presence of this identifier in its own memory. Since it is the first access to the service after regeneration of the key, the outcome of the check is certainly negative.
SSF-US generates in turn two unique identifiers Pid# and Pid associated to the Sid received and sends them to SSF-SS. The two identifiers are an expression of internal algorithms such as to generate unique codes according to the FactoryJD and the PIN code chosen by the User. In this way, the system generates the identifier code for the original service and a new identifier code associated to the new PIN. At this point SSF-SS has to verify within its own archive the possible existence of a subscription made with the replaced identifier code. In the case where the system manages to find said reference, it will have to update the subscription data replacing the components linked to the "old" identifier with those of the "new" one and automatically sends to the EUK ail the data necessary for "synchronisation" of the internal archives of the service provider and of the EUK.
In the case where the search for the above identifier in the archives of the service provider were to yield negative outcome, the system proceeds as for a new subscription. Use of the EUK in the terminals pre-arranged for reading smart cards
(POS or the like)
To be able to use the EUK in terminals pre-arranged for reading smart cards there has to be used a configuration of the portable apparatus with characteristics similar to the ones of the apparatus described in Figures 9, 10 and 11 , in which an electrical interface is present in compliance with the standard ISO 7816. In these cases, the use of the device by means of said interface is obtained by lifting the cover and inserting it into the purposely provided reading system. Lifting of the screen-protection cover brings about activation of the device at an electrical level. The user is required to place his finger on the sensor to perform the authentication step. Next, in the case of positive fingerprint recognition, there is presented on the screen a list of possible alternative access keys, appropriately grouped together according to type and differentiated by graphic elements and/or alphanumeric strings. By means of a purposely provided keypad or with touch-screen functions combined with the display, the user selects the key to be used for authentication and/or transaction. The key selected is sent to the reading device by means of the interface provided on the cover of the display (Figure 10 - 310).
In a particular configuration of the EUK in which it is possible to render the cover of the display removable and use it instead of a normal smart card 701 as indicated in Figure 11, the operations of access to a service will be performed in the following way:
- opening of the cover activates the device electronically;
- the user authenticates himself by placing his finger on the sensor; - the display presents the list of the usable subscriptions;
- the user selects the authentication to be used;
- the codes and the information to be used are transferred within the microcontroller present inside the removable card into the microprocessor 702; - once the card has been programmed, it is removed from the seat of the EUK and inserted in the reading device (for example, an ATM).
The battery present inside the card 703 enables use of the smart card just for the transaction for which it has been programmed by the EUK.
In the case where the procedure envisages also insertion of a PIN, two strategies may be adopted according to the operative specifications of the service in use.
The first strategy envisages entry by the user of a random PlN, which is then in any case ignored by the card present in the reading device, or else the EUK generates a random PIN during the programming step, and this is then displayed on the screen of the EUK, and then typed on the device, for example, the ATM.
Once the step of access/transaction has terminated or the electrical charge accumulated inside the card has run down, the smart card is returned by the reading system so as to enable it to be reconnected to the EUK and again perform function of screen protection. Integrations
The architecture proposed is configurable both in a distributed context on
WANs and with centralized solutions. In this case the certifying function of the Key
Factory is guaranteed directly by the service provider in accordance with the Key
Factory during configuration through a step of partial migration of the functions performed by the Key Factory at the service provider.
The present invention can be advantageously implemented via one or more computer programs, which comprise code means for implementation of one or more steps of the method, when these programs are run on a computer. Consequently, it is understood that the sphere of protection extends to said computer programs and moreover to computer-readable means that comprise a stored message, said computer-readable means comprising program-coding means for implementation of one or more steps of the method, when said program is run on a computer.
From the foregoing description, it is evident that the person skilled in the branch will be able to reproduce the object of the invention without introducing any further detail regarding aspects of the method, apparatus, and key. The design of the programs mentioned above can be obtained by applying programming techniques in themselves known.

Claims

1. Apparatus for access to telematic services in protected mode comprising:
- at least one electronic universal key (EUK) of a portable type and comprising within it at least one biometric sensor (401 ) for detecting the fingerprint of a user, a housing for SIM cards (SIM), and a processing unit with a permanent-electronic- storage unit;
- first means for management of the encrypted connection (207) between said electronic universal key (EUK) and a manufacturing body (Key Factory, 204) that manufactures said key, for activation and regeneration of the key, as well as for verification of the compliance to the standard of the services during a step of subscription and access to said services;
- second means for management of the encrypted connection (208) between said electronic universal key (EUK) and one or more service providers (Service Provider, 202), for activation, access, and management of said services (S1A, S2A,
- third means for management of the encrypted connection (206) between said one or more service providers (Service Provider, 202) and said manufacturing body (Key Factory, 204), for verifying activation and validity of the electronic universal key (EUK);
- said electronic universal key (EUK) co-operating with said first, second, and third means for management of the encrypted connection, so that said access to telematic services is executed via fingerprint recognition by said biometric sensor and emission by said electronic universal key (EUK) of a series of unique identification codes for the services subscribed to, acknowledged as valid (FactoryJD, ServiceJD, Sid , Pid).
2. Apparatus for access to telematic services in protected mode as per Claim 1 , further comprising first hardware and software components (SSF-US) for data exchange from and to said electronic universal key (EUK); second hardware and software components (SSF-SS) for data exchange from and to said one or more service providers (Service Provider, 202), and third hardware and software components (SSF-FS) for data exchange from and to said manufacturing body (Key Factory, 204), said first management means making the connection via said first and third components, said second management means making the connection via said first and second components, said third management means making the connection via said second and third components.
3. Apparatus for access to telematic services in protected mode as per
Claim 1 , configurable both in a system of a distributed type on WANs, and in a centralized system, in said centralized system a function for certifying said manufacturing body (Key Factory, 204) being guaranteed directly by said one or more service providers (Service Provider, 202), in accordance with said manufacturing body (Key Factory, 204) during configuration through a step of partial migration of the functions performed by said manufacturing body (Key Factory, 204) at said one or more service providers (Service Provider, 202).
4. Electronic universal key (EUK) of a portable type, designed in particular to be used in the apparatus of Claim 1 or Claim 2 or Claim 3, comprising within it: - a fingerprint-verification unit (FVU) comprising said biometric sensor;
- an encryption-and-subscription management unit (ESMU) comprising said processing unit;
- a display unit (DU);
- a mass-storage memory (MSM); - a communication interface towards the outside (503); and
- a housing for SIM cards (SlM), in which at least one SlM card (SIM) can be inserted in a removable way. so that an access to telematic services is executed via fingerprint recognition by said fingerprint-verification unit (FVU) and emission by said encryption-and- subscription management unit (ESMU) of a unique identification code recognized valid by one of said one or more service providers (Service Provider, 202) to which the subscription or access has been requested.
5. Electronic universal key (EUK) of a portable type as per Claim 4, moreover comprising a keyboard (320) designed to manage inputs of the user through a keypad with multifunction cursor keys, said management of inputs being governed by a subcomponent of said encryption-and-subscription management unit (ESMU).
6. Electronic universal key (EUK) of a portable type as per Claim 5, comprising a possibly removable protective cover, in which a standby battery (703), a microprocessor (702), and an electrical interface (310) for smart-card readers are integrated, said cover being a smart card. s
7. Electronic universal key (EUK) of a portable type as per Claim 6, wherein said battery comprises means for enabling use as smart card just for the transaction for which it has been programmed.
8. Method for access to telematic services in protected mode via the use of an apparatus and at least one electronic universal key (EUK) as per any one of0 Claims 1 to 7, characterized in that it comprises the steps of:
- provision of said electronic universal key (EUK);
- management of a first encrypted connection (207) between said electronic universal key (EUK) and a manufacturing body (Key Factory, 204) that manufactures said key, for activation and regeneration of the key, as well as fors verification of the compliance to the standard of the services during a step of subscription and access to said services;
- management of a second encrypted connection (208) between said electronic universal key (EUK) and one or more service providers (Service Provider, 202), for activation, access, and management of said services (S1A, S2A,0 S1B, . - );
- management of a third encrypted connection (206) between said one or more providers of services (SIA, S2A, SIB, ...) and said manufacturing body (Key Factory, 204), to verify activation and validity of the electronic universal key (EUKj;
- management of said access to telematic services via co-operation between5 said electronic universal key (EUK) and said first, second, and third encrypted connection, so that said access to telematic services is executed via fingerprint recognition by said biometric sensor and emission by said electronic universal key (EUK) of a unique identification code recognized as valid.
9. Method for access to telematic services in protected mode as per0 Claim 8, wherein said step of provision of said electronic universal key (EUK) comprises a step of manufacture in which a unique identifier code (Factory_ID_1 ,
Factory_IDJ2) of the key is generated and stored in the key and in the SIM card (SIM).
10. Method for access to telematic services in protected mode as per Claim 9, wherein said step of provision of said electronic universal key (EUK) comprises a step of initialization of said key via: - insertion of the key in a computer terminal (SSF-US); and
- check by the key of the correctness of said fingerprints and of the correct correspondence with the user.
11. Method for access to telematic services in protected mode as per Claim 10, wherein said step of provision of said electronic universal key (EUK) comprises a step of activation of said key, which comprises:
- insertion of the SIM in the EUK;
- entry of an alphanumeric PIN code by the user to generate said unique identifier code (Universal Key)
- removal of the SlM from the EUK; and - connection with said manufacturing body (Key Factory, 204) to verify the existence of the data involved in the process and validate or otherwise activation thereof.
12. Method for access to telematic services in protected mode as per Claim 11 , wherein a step of subscription to a service upon first access to said service comprises the steps of:
- request for use of the service (S1) by the key made to a service provider (SSF-SS);
- request by the key (EUK) to the user to make his own authentication via the fingerprint recognition (401); if the recognition is successful, the procedure continues; otherwise, it is interrupted;
- activation by the key (EUK) of a data communication on a secure channel (208) with the service provider (SSF-SS);
- sending by the key (EUK) of the unique identifier code (FactoryJD) to the service provider (SSF-SS); - verification by the service provider (SSF-SS) of the validity of the key by activation of a communication with said manufacturing body (SSF-FS), and sending of the unique identifier code (FactoryJD); if the latter is recognized and its
.
26 state is active, the procedure continues; otherwise, it is interrupted;
- generation by the service provider (SSF-SS) of a first unique identifier (Sid) associated to the FactoryJD and to the service requested, exploiting the Universal Key in possession of the service provider, and sending thereof to the key, together with its ServiceJD;
- optional verification by the key (EUK) of the validity of the service provider;
- verification by the key (EUK) of the presence of this identifier in its own memory, and generation thereby of a second unique identifier (Pid) associated to the first (Sid) and sending thereof to the service provider (SSF-SS); - storage by the service provider (SSF-SS) of at least the data regarding the key (Pid, Sid and FactoryJD), and sending of a confirmation of subscription to the key; and
- reception by the key (EUK) of the confirmation of subscription and storage in its own memory of at least the data regarding the service subscribed to (Sid, Pid), after which the service can be used.
13. Method for access to telematic services in protected mode as per Claim 12, moreover comprising the steps of:
- storage in the key (EUK) of an alphanumeric label (ServiceJ-abel) designed to distinguish and describe the service, enabling selection thereof; and
- storage in the key (EUK) of additional information (Private_Data) further identifying the service, which may possibly be displayed;
14. Method for access to telematic services in protected mode as per Claim 12, wherein a step of use of a service comprises the steps of: - request for use of the service (S1) by the key made to the service provider
(SSF-SS);
- request by the key to the user to make his own authentication via fingerprint recognition (401); if the recognition is successful, the procedure continues; otherwise, it is interrupted; - activation by the key (EUK) of a data communication on a secure channel
(208) with the service provider (SSF-SS);
- sending by the key (EUK) of the unique identifier code (FactoryJD) to the service provider (SSF-SS);
- verification by the service provider (SSF-SS) of the validity of the key by activation of a communication with said manufacturing body (SSF-FS), and sending of the unique identifier code (FactoryJD); if the latter is recognized and its state is active, the procedure continues; otherwise, it is interrupted;
- generation by the service provider (SSF-SS) of a first unique identifier (Sid) associated to the FactoryJD and to the service requested, by exploiting the Universal Key in possession of the service provider, and sending thereof to the key, together with its Service J D; - optional verification by the key (EUK) of the validity of the service provider;
- verification by the key (EUK) of the presence of this identifier in its own memory, and generation thereby of a second unique identifier (Pid) associated to the first (Sid), and sending thereof to the service provider (SSF-SS), which verifies whether it is congruent with the data regarding the key (Pid, Sid and FactoryJD), and, if it is, access to the service is allowed and proceeds according to the operating modes envisaged by the service itself.
15. Method for access to telematic services in protected mode as per Claim 14, wherein said step of use of a service comprises:
- use of an electronic universal key (EUK) comprising a removable protective cover, as per Claim 6;
- opening of said cover, which activates the key electronically;
- authentication of the user by means of said fingerprint recognition;
- display on the key of a list of usable subscriptions;
- selection of the authentication to be used; - transfer of codes and information to be used within the removable cover; and
- removal of said removable cover from the key, and insertion thereof in the reading device of the service.
16. Method for access to telematic services in protected mode as per Claim 15, comprising a further step of entry of a PIN code, in which a random PIN code is entered, which is then ignored by the reading device of the service, or else the key (EUK) generates a random PIN code, which is subsequently displayed on the key and then typed on the reading device of the service.
17. Method for access to telematic services in protected mode as per Claim 14, wherein said step of provision of said electronic universal key (EUK) comprises a step of regeneration of said electronic universal key (EUK) via: - insertion of the SIM card (SIM) in the electronic universal key (EUK);
- entry of a first alphanumeric code (PIN1) to generate said unique identifier code for the new key (Universal Key) ;
- entry of a second alphanumeric code (PIN2) identical to the one envisaged previously associated to the key to be replaced; - removal of the SIM card (SIM) from the electronic universal key (EUK); and
- connection with said manufacturing body (Key Factory, 204) to verify the existence of the data involved in the process and validate or otherwise activation thereof, in addition to updating the archives of said unique identifier codes at said body.
18. Method for access to telematic services in protected mode as per Claim
17, comprising a step of access to a service, subsequent to said step of regeneration of said electronic universal key (EUK), configured as said step of subscription to a service upon first access to said service, and comprising the following operating modes: - a first, "Transparent", mode, which enables automatic recognition of the new identity of the electronic universal key and a step of updating of the archive at the service provider, as well as automatic storage of all the data that it is possible to re-transfer onto said key (EUK) from the provider;
- a second, "Replacement Report", mode, which can be selected by the service provider in possible agreement with the user during original subscription, wherein the service provider is informed of the replacement of the key and suspends any future accesses to the service both for the original key and for the replacement one, the replacement key having to be again enabled with a procedure purposely envisaged by the service provider; and - a third, "Limited Functionality", mode, wherein the service provider recognizes the replacement of the key, but enables access to the service with reduced functionality, waiting for the user to provide an official documentation of replacement.
19. Computer program that comprises program-coding means designed to perform the steps of Claims 8 to 18, when said program is run on a computer.
20. Computer-readable means comprising a stored program, said computer- readable means comprising program-coding means designed to perform the steps of Claims 8 to 18, when said program is run on a computer.
PCT/IB2009/050623 2008-08-13 2009-02-16 Method and apparatus for access to telematic services in protected mode by means of a single electronic universal key, and corresponding electronic universal key WO2010018469A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IT001517A ITMI20081517A1 (en) 2008-08-13 2008-08-13 METHOD AND APPARATUS FOR ACCESSING TELEMATIC SERVICES IN PROTECTED MODE BY MEANS OF A SINGLE UNIVERSAL ELECTRONIC KEY, AND RELATED UNIVERSAL ELECTRONIC KEY
ITMI2008A001517 2008-08-13

Publications (1)

Publication Number Publication Date
WO2010018469A1 true WO2010018469A1 (en) 2010-02-18

Family

ID=41141895

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2009/050623 WO2010018469A1 (en) 2008-08-13 2009-02-16 Method and apparatus for access to telematic services in protected mode by means of a single electronic universal key, and corresponding electronic universal key

Country Status (2)

Country Link
IT (1) ITMI20081517A1 (en)
WO (1) WO2010018469A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112105012A (en) * 2019-06-18 2020-12-18 中国移动通信有限公司研究院 Fingerprint information processing method, SIM card, terminal, fingerprint chip and communication system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001082190A1 (en) * 2000-04-26 2001-11-01 Global Transaction Company Multi-tiered identity verification authority for e-commerce
WO2008074342A1 (en) * 2006-12-19 2008-06-26 Telecom Italia S.P.A. Method and arrangement for secure user authentication based on a biometric data detection device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001082190A1 (en) * 2000-04-26 2001-11-01 Global Transaction Company Multi-tiered identity verification authority for e-commerce
WO2008074342A1 (en) * 2006-12-19 2008-06-26 Telecom Italia S.P.A. Method and arrangement for secure user authentication based on a biometric data detection device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112105012A (en) * 2019-06-18 2020-12-18 中国移动通信有限公司研究院 Fingerprint information processing method, SIM card, terminal, fingerprint chip and communication system
CN112105012B (en) * 2019-06-18 2023-04-07 中国移动通信有限公司研究院 Fingerprint information processing method, SIM card, terminal, fingerprint chip and communication system

Also Published As

Publication number Publication date
ITMI20081517A1 (en) 2010-02-14

Similar Documents

Publication Publication Date Title
US10223555B2 (en) Smart card systems comprising a card and a carrier
US9704312B2 (en) Apparatus and methods for identity verification
CN107944332B (en) Fingerprint identification card and method for operating a fingerprint identification card
TWI697855B (en) Credit payment method and device based on mobile terminal card simulation
US20150127553A1 (en) Intelligent payment card and a method for performing secure transactions using the payment card
US20080028230A1 (en) Biometric authentication proximity card
US20140236842A1 (en) Payment system
EA020762B1 (en) Contactless biometric authentication system and authentication method
EP1873729A1 (en) Portable terminal, settlement method, and program
CN102257540A (en) Enhanced smart card usage
CN104919779A (en) Method for authenticating a user with respect to a machine
CN104412285A (en) Systems, methods, and computer program products for securing and managing applications on secure elements
US10140614B2 (en) User authentication method and device for credentials back-up service to mobile devices
US9111082B2 (en) Secure electronic identification device
CN110326011B (en) Determining legal conditions at a computing device
US8931080B2 (en) Method and system for controlling the execution of a function protected by authentification of a user, in particular for the access to a resource
US9466060B1 (en) System and method for validating identity for international use of an electronic payment card
CN106156549B (en) application program authorization processing method and device
WO2017171698A1 (en) Payment authentication
KR20060092030A (en) System and method for applying for exchange and providing with exchange money, server for processing exchange, ic card, mobile devices, exchange terminal, recording medium and information storing medium
CN110313005B (en) Security architecture for device applications
WO2010018469A1 (en) Method and apparatus for access to telematic services in protected mode by means of a single electronic universal key, and corresponding electronic universal key
KR20200013494A (en) System and Method for Identification Based on Finanace Card Possessed by User
KR101103189B1 (en) System and Method for Issueing Public Certificate of Attestation using USIM Information and Recording Medium
WO2022182566A1 (en) Payment system using customer's fingerprints

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09786312

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 07.06.2011)

122 Ep: pct application non-entry in european phase

Ref document number: 09786312

Country of ref document: EP

Kind code of ref document: A1