WO2000063856A1 - Chip card system - Google Patents

Chip card system Download PDF

Info

Publication number
WO2000063856A1
WO2000063856A1 PCT/EP2000/002853 EP0002853W WO0063856A1 WO 2000063856 A1 WO2000063856 A1 WO 2000063856A1 EP 0002853 W EP0002853 W EP 0002853W WO 0063856 A1 WO0063856 A1 WO 0063856A1
Authority
WO
WIPO (PCT)
Prior art keywords
chip card
card
cryptographic
data
module
Prior art date
Application number
PCT/EP2000/002853
Other languages
French (fr)
Inventor
Frank Fransen
Original Assignee
Koninklijke Kpn N.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Kpn N.V. filed Critical Koninklijke Kpn N.V.
Priority to AU42922/00A priority Critical patent/AU4292200A/en
Publication of WO2000063856A1 publication Critical patent/WO2000063856A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0806Details of the card
    • G07F7/0813Specific details related to card security
    • G07F7/082Features insuring the integrity of the data on or in the card
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1016Devices or methods for securing the PIN and other transaction-data, e.g. by encryption

Definitions

  • the invention is related to a chip card system which makes use of a cryptographic module, called Secure Application Module (SAM) , for accepting an electronic transaction, such as an electronic purse payment or a ticketing transaction.
  • SAM Secure Application Module
  • a cryptographic module can be sensitive for attacks aimed at procuring such a secret cryptographic key. In such an attack, for example, it can be attempted to have the cryptographic module repeatedly execute a cryptographic process on a known set of data -preferably intended for that objective- with the secret key and subsequently to analyse external signals - such as the electric power consumption of the system.
  • the prior art systems are sensitive to the said kind of attacks in particular because (1) the possibility of having the cryptographic module execute processes with the most important secret key is unrestricted and (2) the kind of data on which the cryptographic process takes place is also unrestricted.
  • the invention seeks to obviate the said disadvantages.
  • the invention -based on the observation at the end of the previous paragraph- provides the following measure.
  • a system set-up is shown.
  • a chip card 1 can be connected to a terminal 2, which comprises a Transaction Control Application Module (TCAM) 3 and a cryptographic Secure Application Module (SAM) 4.
  • the SAM 4 comprises a secret key (k) to check the transaction.
  • TCAM Transaction Control Application Module
  • SAM 4 comprises a secret key (k) to check the transaction.
  • FSM finite state machine
  • the FSM according to the invention is shown in Fig. 2.
  • the use of the secret key (k) is restricted by means of a new, initial state in the FSM, which enforces authenticity checking of the chip card.
  • the method for checking the authenticity of the chip card is known per se as Card Authentication Method (CAM) , and makes use of static data authentication, described in the EMV 1 96 specifications [EMV96] .
  • CAM Card Authentication Method
  • EMV96 static data authentication
  • Fig. 2 the improved finite state machine of said SAM 4 is shown.
  • State 0 is the initial state. From said state, there are two possibilities: (a) no CAM or (b) CAM. If path (a) is followed -no CAM- the use of the secret key (k) is excluded (disabled) . Only actions defined in fsm 1 can then be executed, no key being required. If path (b) -CAM- is followed, the CAM will be executed. After this is carried out correctly ("card is OK”), state 1 is reached. At that moment it is certain that the chip card, with card number X, concerned is authentic, and the state machine (fsm”) for the actual transaction, in which the use of secret key k is allowed to be used, is allowed to proceed. Since the card number X is known, it can be established that the cryptographic process takes place only on the data of the chip card having card number X.
  • EMV96 EMV'96 Integrated Circuit Card Specification for Payment Systems; version 3.1.1; May 31, 1998; Europay-Mastercard-Visa.

Abstract

By authentication of a card (1) for electronic payment transactions before subjecting a cryptographic module (4) to data to be enciphered within said module by a secret key (k), the manner in which the cryptographic module can be used and the character of the supplied data stream can be restricted to that which is normal for this kind of payment transaction, whereby experimenting with abnormal data to the end of hacking the key is excluded.

Description

Title: Chip card system.
A. Background of the invention
The invention is related to a chip card system which makes use of a cryptographic module, called Secure Application Module (SAM) , for accepting an electronic transaction, such as an electronic purse payment or a ticketing transaction.
It is known in the prior art that, in a cryptographic module, secret cryptographic keys are stored in order to secure said electronic transaction. A cryptographic module (SAM) can be sensitive for attacks aimed at procuring such a secret cryptographic key. In such an attack, for example, it can be attempted to have the cryptographic module repeatedly execute a cryptographic process on a known set of data -preferably intended for that objective- with the secret key and subsequently to analyse external signals - such as the electric power consumption of the system.
The prior art systems are sensitive to the said kind of attacks in particular because (1) the possibility of having the cryptographic module execute processes with the most important secret key is unrestricted and (2) the kind of data on which the cryptographic process takes place is also unrestricted.
B. Summary of the invention
The invention seeks to obviate the said disadvantages. To this end the invention -based on the observation at the end of the previous paragraph- provides the following measure. By enforcing in the cryptographic module -by means of a (finite) state machine- that first the authenticity of the chip card (for example card number) must be proved, the data on which the cryptographic process with the secret key takes place is restricted to data of authentic chip cards only. By doing so, both the number of cryptographic processes is restricted to the "normal" number and also only the "normal" kind of data can be used. In other words, through the invention, the cryptographic key of a SAM can no longer be "calculated" by unrestricted experimenting with data.
C. Description of the diagram
The mode of operation of the invention is further explained on the basis of a number of figures. In Fig. 1, a system set-up is shown. A chip card 1 can be connected to a terminal 2, which comprises a Transaction Control Application Module (TCAM) 3 and a cryptographic Secure Application Module (SAM) 4. The SAM 4 comprises a secret key (k) to check the transaction. In said SAM 4, use is made of a finite state machine (FSM) for stepwise checking and control of an electronic transaction. The FSM according to the invention is shown in Fig. 2.
According to the invention, the use of the secret key (k) is restricted by means of a new, initial state in the FSM, which enforces authenticity checking of the chip card. The method for checking the authenticity of the chip card is known per se as Card Authentication Method (CAM) , and makes use of static data authentication, described in the EMV196 specifications [EMV96] . The checking of the authenticity of the chip card takes place on the basis of a unique characteristic of the chip card, the card number. The check provides the proof that a chip card with said characteristic was issued by the card provider.
In Fig. 2, the improved finite state machine of said SAM 4 is shown. State 0 is the initial state. From said state, there are two possibilities: (a) no CAM or (b) CAM. If path (a) is followed -no CAM- the use of the secret key (k) is excluded (disabled) . Only actions defined in fsm1 can then be executed, no key being required. If path (b) -CAM- is followed, the CAM will be executed. After this is carried out correctly ("card is OK"), state 1 is reached. At that moment it is certain that the chip card, with card number X, concerned is authentic, and the state machine (fsm") for the actual transaction, in which the use of secret key k is allowed to be used, is allowed to proceed. Since the card number X is known, it can be established that the cryptographic process takes place only on the data of the chip card having card number X.
D. References
[EMV96] EMV'96 Integrated Circuit Card Specification for Payment Systems; version 3.1.1; May 31, 1998; Europay-Mastercard-Visa.

Claims

E . Claims
1. A system, comprising an electronic card (1) and a cryptographic module (4) , for accepting an electronic transaction, characterised by means (3) for checking the authentication of said electronic card, preceding said electronic transaction.
PCT/EP2000/002853 1999-04-14 2000-03-31 Chip card system WO2000063856A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU42922/00A AU4292200A (en) 1999-04-14 2000-03-31 Chip card system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
NL1011790A NL1011790C2 (en) 1999-04-14 1999-04-14 Chip card system.
NL1011790 1999-04-14

Publications (1)

Publication Number Publication Date
WO2000063856A1 true WO2000063856A1 (en) 2000-10-26

Family

ID=19769008

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2000/002853 WO2000063856A1 (en) 1999-04-14 2000-03-31 Chip card system

Country Status (3)

Country Link
AU (1) AU4292200A (en)
NL (1) NL1011790C2 (en)
WO (1) WO2000063856A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0574990A2 (en) * 1992-06-17 1993-12-22 Philips Patentverwaltung GmbH Method and circuit arrangement for testing a credit card
US5528231A (en) * 1993-06-08 1996-06-18 Bull Cp8 Method for the authentication of a portable object by an offline terminal, and apparatus for implementing the process
EP0789336A2 (en) * 1996-02-10 1997-08-13 Deutsche Telekom AG Method for checking transactions with electronic wallet systems
EP0851396A1 (en) * 1996-12-23 1998-07-01 Koninklijke KPN N.V. System for increasing a value of an electronic payment card
FR2759833A1 (en) * 1997-02-19 1998-08-21 Gemplus Card Int METHOD FOR PROTECTING A MOTHER KEY FOR AUTHENTICATING USER CARDS

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0574990A2 (en) * 1992-06-17 1993-12-22 Philips Patentverwaltung GmbH Method and circuit arrangement for testing a credit card
US5528231A (en) * 1993-06-08 1996-06-18 Bull Cp8 Method for the authentication of a portable object by an offline terminal, and apparatus for implementing the process
EP0789336A2 (en) * 1996-02-10 1997-08-13 Deutsche Telekom AG Method for checking transactions with electronic wallet systems
EP0851396A1 (en) * 1996-12-23 1998-07-01 Koninklijke KPN N.V. System for increasing a value of an electronic payment card
FR2759833A1 (en) * 1997-02-19 1998-08-21 Gemplus Card Int METHOD FOR PROTECTING A MOTHER KEY FOR AUTHENTICATING USER CARDS

Also Published As

Publication number Publication date
NL1011790C2 (en) 2000-10-17
AU4292200A (en) 2000-11-02

Similar Documents

Publication Publication Date Title
Bond et al. Chip and Skim: cloning EMV cards with the pre-play attack
TW525104B (en) Security module with volatile memory for storing an algorithm code
CN103258169B (en) Method, chip card and chip card terminal that protection chip card is used without permission
EP2380308B1 (en) Secure remote authentication through an untrusted network
US7080258B2 (en) IC, IC-mounted electronic device, debugging method and IC debugger
US20050050366A1 (en) Personal website for electronic commerce on a smart Java card with multiple security check points
Kasper et al. All You Can Eat or Breaking a Real-World Contactless Payment System: (Short Paper)
US9118643B2 (en) Authentication and data integrity protection of token
EP1271435A3 (en) Authentication and access control system
US8117449B2 (en) Method to detect man-in-the-middle (MITM) or relay attacks
WO2005059723A1 (en) Method and apparatus for programming electronic security token
WO2007010333A1 (en) Host security module using a collection of smartcards
CN100566253C (en) A kind of method and system of using intelligent key apparatus safely
EP1046976B1 (en) Method and apparatus for enabling a user to authenticate a system prior to providing any user-privileged information
US7113592B1 (en) Method and device for loading input data into a program when performing an authentication
US7526648B2 (en) Cryptographic method of protecting an electronic chip against fraud
WO2000063856A1 (en) Chip card system
JP3869657B2 (en) Method for authentication of at least one subscriber in data exchange
CN112529574A (en) Protection method for certificate of intelligent password equipment and intelligent password equipment
WO2000028493A1 (en) A method of encryption and apparatus therefor
Sanchez-Reillo Achieving security in Integrated Circuit Card applications: reality or desire?
Brandt et al. Don’t push it: breaking iButton security
JPS63263848A (en) Authorization system
JPH10307899A (en) Prepaid ic card system
JPH10274927A (en) Instruction issuing method accompanying authentication and module used for the same

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP