WO2001011575A1 - Portable certification device with acoustic coupling - Google Patents

Portable certification device with acoustic coupling Download PDF

Info

Publication number
WO2001011575A1
WO2001011575A1 PCT/BE2000/000092 BE0000092W WO0111575A1 WO 2001011575 A1 WO2001011575 A1 WO 2001011575A1 BE 0000092 W BE0000092 W BE 0000092W WO 0111575 A1 WO0111575 A1 WO 0111575A1
Authority
WO
WIPO (PCT)
Prior art keywords
algorithm
data
interface
acoustic
smart card
Prior art date
Application number
PCT/BE2000/000092
Other languages
French (fr)
Inventor
Jean-Marc Gilliard
Joseph Demarteau
Original Assignee
Wow Company S.A.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wow Company S.A. filed Critical Wow Company S.A.
Publication of WO2001011575A1 publication Critical patent/WO2001011575A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • G06Q20/3415Cards acting autonomously as pay-media
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor

Definitions

  • the invention relates to certification methods and, more particularly, to user and data authentication and encryption systems.
  • PSTN public switched telephone network
  • the Internet makes necessary that security tools are used to protect sensitive data and/or to restrict remote access to a resource (e.g.: sensitive file, database server, etc.) to authorized persons only.
  • Some of these tools consist of a kind of pocket calculator with cryptographic capabilities; they are known as "security tokens".
  • security tokens generate codes ("digital signatures") which are used to certify remote transactions.
  • PIN personal identification number
  • PIN personal identification number
  • the security tokens offer the advantage of being portable and compatible with various commutation media.
  • the main problem encountered with such devices is the difficulty to interface them with another terminal for automatic data interchange.
  • data to authenticate is generally input manually by the user through the keypad of the token, and the user has to enter the output data displayed by the token (usually the authentication codes) into the communication terminal.
  • Some solutions have already been investigated to make this data transfer more user-friendly.
  • some security tokens are dedicated to authentication of transactions made by means of personal computer ("P.C"). They allow automatic input of data by infrared interface (using a dedicated P.C. peripheral) or by optical reading on the P.C. screen.
  • tokens rather dedicated to phone transactions, use the standard DTMF (dual tone multi-frequency) signals to output the generated codes either through an electrical connection or through a speaker or buzzer.
  • DTMF dual tone multi-frequency
  • the tokens can be considered as the well known DTMF dialers, equipped with cryptographic capabilities.
  • FSK frequency-shift keying
  • other modulation techniques have been widely used for bi-directional acoustic coupling of low transmission speed modems. Most of these modems are now obsolete because of the requirements for high speed data transfers.
  • the present invention combines the technologies of security tokens and acoustic modulation techniques, so as to provide a powerful security tool, efficient and easy to use, compatible with almost any communication media, thanks to its wireless acoustic interface.
  • the present invention is a portable certification device ("PCD”), capable of receiving and/or transmitting data through a wireless acoustic interface.
  • PCD portable certification device
  • Certification is herein defined as a technique to restrict remote access to a resource to authorized persons only and/or to protect sensitive data during the transmission.
  • Data protection may include data authentication (or electronic signature), for example to ensure that said data have not been modified during transmission, and/or data encryption to prevent unauthorized access to the said data.
  • the portable certification device of this invention comprises a compact housing provided at least with: a. first means selected from the group consisting of :
  • the preferred modulation technique is frequency-shift keying.
  • the processing means process at least a signal by means of an algorithm using at least one cryptographic key.
  • At least one acoustic interface can be used to input data to be processed by the processing means and/or to output data processed by the processing means.
  • the same or different interface and/or modulation technique can be used to input and output data.
  • the device is equipped with a smart card interface, for smart card data interchange.
  • the device is further provided with a at least one non- acoustic interface for data interchange. 11575
  • the processing means comprise an algorithm selected from the group consisting of : algorithm for unique user identification, algorithm for data authentication, algorithm for data encryption, and any combination thereof
  • the device comprises a means for at least reading information from a smart card, the said smart card comprising an algorithm selected from the group consisting of : algorithm for unique user identification, algorithm for data authentication, algorithm for data encryption, and any combination thereof.
  • the processing means comprise a first algorithm selected from the group consisting of : algorithm for unique user identification, algorithm for data authentication, algorithm for data encryption, and any combination thereof
  • the said device further comprises a means for at least reading information from a smart card, the said smart card comprising a second algorithm selected from the group consisting of : algorithm for unique user identification, algorithm for data authentication, algorithm for data encryption, and any combination thereof ; the said second algorithm being different from the first.
  • the device comprises data storage means for at least one cryptographic key and/or a means for at least reading information from a smart card containing at least one cryptographic key.
  • the device comprises data storage means for at least a first cryptographic key and a means for at least reading information from a smart card containing at least a second cryptographic key, different from the first one.
  • the device may comprise initialization means.
  • the said initialization means include radio signal reception means.
  • the device further comprises user interface means, allowing control of the device.
  • the said user interface means include at least a keypad and/or at least on/off switching means and/or a user display.
  • the acoustic interface may comprise at least a microphone and/or a speaker and/or buzzer and/or any combination thereof.
  • the speaker is used as bi-directional acoustic interface.
  • a portable security device which can be interfaced to various communication media by means of wireless acoustic coupling.
  • This device can be used as an access control means and/or user or data authentication and/or encryption tool.
  • the invention relates also to a certification method having the improvement of exchanging data by means of at least an acoustic signal generated using a modulation technique selected from the group consisting of: FSK (frequency-shift keying), PSK (phase-shift keying), ASK (amplitude-shift keying) and any combination thereof.
  • a modulation technique selected from the group consisting of: FSK (frequency-shift keying), PSK (phase-shift keying), ASK (amplitude-shift keying) and any combination thereof.
  • the method can be applied for access control and/or user authentication and/or remote transaction certification and/or data authentication and/or data encryption.
  • Processing means of the PCD are used preferably to generate unpredictable digital signatures for user and/or data authentication. It is to be appreciated that either symmetrical (private key) or asymmetrical (public key) encryption algorithm can be implemented in the PCD for digital signature generation.
  • the PCD will preferably comprise a keypad to enter the user's PIN (personal identification number); the said PIN being required by the processing unit for generation of valid digital signatures.
  • PIN personal identification number
  • this PIN will never be stored in the PCD, nor transmitted on the communication /1
  • the PCD when a lower security level is acceptable for the application, the PCD will operate without the need of user's PIN entry. In this latter case, no keypad is provided on the PCD, but a single on/off switch will be used; when powered on, the PCD will automatically generate an authentication code and send it through the acoustic interface.
  • the PCD will also preferably comprise a display for user guidance and for displaying generated authentication codes or other information.
  • user guidance will be achieved by means of symbols on the display.
  • a portable security device which can be interfaced to various communication media by means of wireless acoustic coupling.
  • This device can be used as an access control means and/or data authentication and/or encryption tool.
  • Fig. 1 is a block diagram of a preferred functional description of the invention.
  • Fig. 2A, 2B and 2C are respectively a front view, side view and rear view of a physical embodiment of the invention.
  • Fig. 3 depicts a preferred embodiment of the authentication algorithm.
  • Fig. 4 describes a typical operating environment of the invention. 1/11575
  • Fig. depicts another configuration of the server modules of Fig. 4.
  • Fig.6 depicts a possible configuration of the acoustic interface.
  • Fig.7 shows another possible configuration of the acoustic interface.
  • Fig.8 depicts still another possible configuration of the acoustic interface.
  • Fig.9 shows an improved version of the configuration depicted by Fig.8.
  • the present invention is a portable certification device, hereinafter referred to as "PCD", equipped with wireless acoustic coupling interface. It can be used as a security token for user and/or data authentication and/or for data encryption.
  • PCD portable certification device
  • FIG. 1 A functional description of the PCD is shown in Fig. 1. It is to be appreciated that this functional block diagram does not necessarily describe the physical implementation of the invention. Actually, several functions can be integrated into the same physical component; alternatively, some functions can be implemented by means of several components. Moreover, all these functional modules are interconnected through microprocessor bus and/or electronic circuits which will not be described in the scope of this document, as this technology is rather trivial for those skilled in the art. Similarly, a battery and/or any other power supply module and/or circuitry are considered as obvious components of the PCD which will not be described here, because a large variety of such modules are well known in the art.
  • Fig. 1 depicts a preferred functional description of the invention, but variations are possible by selectively excluding or including certain functional modules, depending on the application.
  • the PCD preferably includes a central processing unit (10) with its internal memory (1 1) (e.g.: RAM, ROM, EEPROM, etc.), a user interface (12) and an acoustic interface (13).
  • a dedicated initialization interface (14) and/or a smart card interface (15) can also be provided.
  • an additional interface (16) may be included for specific applications.
  • the arrows depicts the exchange of signals between the central processing unit (10) and the other peripherals (1 1), (12), (13), (14), (15), and/or (16).
  • a one-chip microprocessor may include the central processing unit (10) and the internal memory (1 1).
  • the application software is preferably stored in the microprocessor ROM (read only memory) during production of the chip (masked microprocessor), while specific parameters (encryption keys, device serial number, etc.) are preferably stored into the microprocessor RAM (random access memory) during a device initialization procedure.
  • the user interface (12) is used by the user for controlling the device.
  • Fig.2 depicts an example where this user interface physically consists of a keypad and a display, with their associated circuitry for communication with the microprocessor.
  • the acoustic interface (13) allows wireless coupling of the PCD to various communication channels. This interface will be described with more details later.
  • the initialization process may use the acoustic interface (13), or even the user interface (12) for information transfer.
  • a specific initialization interface (14) is provided.
  • this interface may include a short-distance radio transmission channel, in such a way that no mechanical operation is required on the device (not even pressing the "on" key) to trigger the initialization process in the device.
  • the PCD may include an integrated smart card interface (15). Such interface for connection between a smart card and a microprocessor is well known by those skilled in the art and will not be described here. With such interface, the cryptographic data and/or processing of the PCD can be partially or completely located on a smart card.
  • an additional interface (16) is included to enhance the capabilities of the PCD.
  • this additional interface may be used for connecting an external power supply module or for exchanging data by another means than the acoustic coupling.
  • FIG. 2 A preferred physical embodiment of the invention is illustrated in Fig. 2.
  • a front- , bottom- and side-view of a preferred design of the housing (20) are depicted. Shape and dimensions of this preferred housing have been designed for easy operation of the device, even with one hand only, and for easy interface to a telephone handset or a personal computer.
  • a keypad (21 ) similar as a telephone keypad is provided for digits and "*" and " #" symbols entry, the letters printed on these keys can be used for mnemonic remembering of the PIN.
  • a fully alphanumeric keypad can be provided for alphanumeric data entry, when required for the application.
  • At least one other key (22) is provided for triggering of the acoustic signal transmission and/or detection.
  • One or more keys (23) are powering the device on and off ; these keys will preferably be protected to avoid unexpected power-on of the device, for example when it is stored in a pocket. Such protection may consist in a ring (24) surrounding the said on/off key(s).
  • the display (25) is preferably a liquid crystal display matrix; it is used for user guidance and/or for displaying generated authentication codes and/or other information.
  • holes (26) are provided on the bottom side of the housing (20) to ensure efficient acoustic coupling of the PCD with various types of communication terminals. It is to be appreciated that the Fig.
  • the keypad (21) needs not to be present for applications where user's PIN entry is not required, another embodiment could be designed without display (25), still another embodiment could use a flexible membrane instead of holes (26), in order to allow acoustic coupling while being waterproof, etc..
  • the PCD may also be physically protected against tampering, by means of one of the various techniques well known by those skilled in the art.
  • Fig. 3 depicts one embodiment of the authentication algorithm.
  • the cryptographic algorithm CRYPTO (305) may be either a symmetrical (private key) or an asymmetrical (public key) encryption algorithm ; many existing standards (D.E.S., R.S.A., etc.) are well known by those skilled in the art.
  • the KEY (304) parameter may therefore designate one or more encryption keys.
  • the encryption key(s) have been stored in the device memory (11 of Fig. 1) in an encoded form SKEY (303), so that user's PIN (301) is required for decoding.
  • PIN (301) entered by the user is input to the P_FMT function (302) which decodes SKEY (303), in order to retrieve the encryption key(s) KEY (304) to use with the selected cryptographic algorithm CRYPTO (305).
  • the technique used in this embodiment makes the PIN indispensable for valid authentication, although this PIN is never stored in the device nor transmitted on the communication channel.
  • SKEY (303) may be either partially or totally stored on a smart, card which can be accessed by means of the smart card interface (15 of Fig. 1).
  • the cryptographic algorithm CRYPTO (305) may also be partially or totally located on a smart card.
  • the processing means of the device need not to include cryptographic means and the complete device may be considered as a smart card interface, to be used with various communication terminals, including P.C. and telephone.
  • the parameters PARAM (306) entered as data fields to the cryptographic algorithm CRYPTO (305) preferably consists in an initialization vector (preferably filled with zeroes), followed by the device serial number and a sequential number incremented before each new authentication code generation.
  • the data authentication algorithm is preferably similar as user authentication algorithm, except that not only the parameters PARAM (306), but also the data fields DATA (307) are input to the cryptographic algorithm CRYPTO (305).
  • the worldwide standard D.E.S. Data Encryption Standard
  • CBC cipher block chaining
  • CRYPTO (305) is preferably passed to a formatting function C_FMT (308) which manipulates its input in order to output an authentication code complying with the format specified for the application.
  • this C_FMT (308) function combines the left and right parts of the 16 hexadecimal digit output of the D.E.S. , chosen as CRYPTO algorithm (305), in order to provide a 8 hexadecimal digit number which is further converted into a 8 decimal digit authentication code.
  • the output of C_FMT (308) is passed to the message formatting function M_FMT (311) which builds the authentication message M_OUT (312) according to the format specified for the application.
  • the authentication message M_OUT (312) consists of the device serial number, a part of the current value of the sequential number incremented for each code generation, the resulting authentication code and a CRC (cyclic redundancy checksum) for detection of eventual transmission errors.
  • the message M_OUT (312) also includes the data to be authenticated. If no encryption is required by the application, the said data will be included in clear text (i.e. without encryption) in the message and the authentication code will ensure that data are not modified during transmission. For applications requiring confidentiality of the transmission, only encrypted data are included in the message M_OUT (312). In this latter case, the CRYPTO algorithm (305) is used not only to generate an authentication code, but to provide a complete encrypted message which can be decoded after transmission so as to retrieve the original data message. Various methods for such encryption are well known in the art.
  • a PIN check value P_CHK (310) can be stored in the device memory (11 of Fig. 1) so that the validity of the PIN (301) entered by the user on the device keypad can be checked before generation of an authentication code.
  • the P_CHK value (310) is generated during the initialization process (described later) by running the CRYPTO algorithm (305) using the encryption key(s) KEY (304) and predefined fixed value of parameter PARAM (306); the resulting output is formatted by the C_FMT function (308), 1/11575
  • P_EXT function (309) is provided so that the output of C_FMT (309) may be partially or completely stored in P_CHK value (310), depending on application requirements.
  • the KEY value (304) is retrieved by means of the P_FMT function (302) and the CRYPTO algorithm (305) is run using the said predefined fixed value of parameter PARAM (306); the resulting output is converted by the C_FMT (308) and P_EXT (309) functions and finally compared to the previously stored value of P_CHK (310). If both values do not match, the PIN entry is rejected.
  • the device is locked when successive unsuccessful attempts for PIN entry are detected, to prevent fraudulent use of the device by unauthorized persons.
  • the said locking can be either temporary or permanent and preferably consists in disabling all functions of the device, making it not operational for the duration of the locking period.
  • each device has to be personalized by means of the initialization process.
  • This process preferably consists in transmitting parameters specific to each device for storage in the device memory. In a preferred embodiment, these parameters are: the device serial number, initial value for sequential number to be incremented for each transaction, encryption key(s) and various flags for selection of operating options.
  • the initialization process is preferably achieved by means of an initialization machine; a preferred embodiment of such machine consists in a computer (e.g. a P.C.) linked to its peripherals, preferably including a printer and a dedicated interface for communication with each PCD to initialize.
  • this initialization process can be triggered in the device by means of short-distance radio transmission.
  • the short-distance radio transmission allows to "awake" the microprocessor (so that it will enter the initialization process) without need to open the individual packing box.
  • this initialization process has been triggered, communication is successively established between each PCD to initialize and the initialization machine.
  • this communication uses the short-distance radio transmission to send data from the initialization machine to the PCD and the acoustic interface to send acknowledgement data from the PCD to the initialization machine.
  • other embodiments could use any kind of communication media for data exchange between the PCD and the initialization machine, eventually including a specific initialization interface in the PCD.
  • the initialization process preferably comprises two steps: the transmission of specific parameters (e.g.: serial number, encryption key(s), etc.) from the initialization machine to the PCD and the transmission of an acknowledgment signal from the PCD to the initialization machine, when the procedure has been successful.
  • specific parameters e.g.: serial number, encryption key(s), etc.
  • the initialization machine can print a label to be put on the PCD box for identification (the said label giving, for instance, the device serial number and the date of initialization) and store the initialization data in a secured database to be transferred to the authentication server (described later).
  • the initialization process transfers to the PCD multiple sets of parameters, each set corresponding to a specific authentication server. Accordingly, the same PCD can be used to authenticate transactions with various applications which can either share or not the same authentication server. It should also be noted that multiple set of parameters need not necessarily to be initialized at the same time. Actually, some embodiments of the invention allow remote updating of PCD parameters by means of a predefined secure procedure, using for example the acoustic interface for encrypted data transfer.
  • Fig. 4 depicts a typical operating environment of the invention. It is to be appreciated that the present invention can be used in a wide range of various environments which may significantly differ from the one depicted in Fig. 4. The following description of the PCD operations in this environment can easily be transposed for other environments. Furthermore, it should be noted that the specificity of the present invention resides in the use of a portable device acoustically coupled to whatever terminal; the rest of the authentication process described hereinafter, including the way data are processed by the authentication server, is not restricted to the use of the present invention, such process is common to most security environments and is well known in the art.
  • a user (41) is willing to communicate with an application server (45), by means of a communication network (44) and a communication terminal (43) connected to the said communication network and preferably equipped with an acoustic interface for communication with the user's PCD (42).
  • This acoustic interface of the terminal (43) preferably consists in a microphone and a speaker or buzzer. Acoustic coupling between the PCD and the terminal is simply achieved by placing the PCD in the vicinity of the said acoustic interface of the terminal.
  • the terminal (43) can be a telephone with the handset being the acoustic interface or else it can be a P.C. equipped with peripherals including a microphone and a speaker and/or buzzer.
  • an authentication server (46) is provided, which is connected to the application server (45) either through the said communication channel (44), or via another connection, or both.
  • the authentication server (46) may be used as a "front-end” or “firewall” system for the application server (45), as 1/11575
  • the security protocol of the authentication server (46) preferably requires use of PCD (42) for each authorized user, who has received such a PCD (42) duly initialized.
  • the initialization database of all PCD's distributed to authorized users has been securely transferred to the authentication server (46), from the initialization machine. The procedure for such database transfer will not be described here, as many various secure procedures are well known in the art for this kind of transmission.
  • the user (41) when the user (41) wants to establish a communication with the application server (45), he or she uses the terminal (43) to connect to the application server (45).
  • the authentication server (46) is alerted either by the application server (45) or, in the configuration depicted in Fig. 5, even before any access is made to the application server (45).
  • the said authentication server (46) prompts the user (41) for logging.
  • the user (41) powers on his or her PCD (42) and is prompted for PIN entry, preferably by means of symbols on the display of the PCD (42).
  • the user's PIN is entered by means of the PCD keypad (21 of Fig. 2).
  • the PIN is checked by the PCD by means of the P_CHK code (310 of Fig. 3) and a positive or negative acknowledge is displayed on the PCD display, preferably by means of symbols. If the PIN is valid, an authentication code can be generated (and preferably displayed on the PCD display) and an authentication message (312 of Fig. 3) is built.
  • the PCD (42) is placed by the user (41) in the vicinity of the acoustic interface of the terminal (43), and the user (41) can start the acoustic transmission of the said authentication message, preferably by pressing the transmission key (22 of Fig. 2) on the PCD keypad.
  • the acoustic signal is generated using the FSK (frequency-shift keying) encoding technique, but other possibilities for such generation are well known in the art.
  • the said acoustic signal transmitted to the terminal (43) comprises in encoded form (preferably FSK) several data fields, preferably /11575
  • the terminal (43) which sends it through the communication network (44) to the authentication server (46).
  • the received device serial number allows the authentication server to retrieve from its database the information concerning this device, including the encryption key(s); the received partial value of sequential number is used to synchronize the information from the database and the authentication algorithm (depicted by Fig. 3) is run for validation of the received authentication code. If this code is valid, a positive acknowledgement can be sent to the application server (45) and the user (41) is allowed to enter the application session.
  • the PCD (42) can also be used for data authentication or encryption.
  • the procedure is similar as for user authentication, except that after user's PIN entry, data to authenticate or to encrypt are also entered in the PCD.
  • This data entry can be done either manually by means of the device keypad (21 of Fig. 2) or automatically by means of the wireless acoustic connection with the terminal (43), or else by means of an additional interface (16 of Fig. 1).
  • a secure communication can be established between the PCD (42) and the authentication server (46) or an initialization machine connected to the communication network (44) for remote updating of the internal parameters of the PCD (42).
  • the user when data fields to be authenticated or encrypted have been introduced in the device (either manually via the keypad or automatically via the acoustic interface or additional interface), the user has the opportunity of visualizing the said data fields on the display of the PCD for validation before generation of the authentication code and/or encrypted message.
  • Fig. 6 depicts an embodiment of the acoustic interface.
  • the acoustic interface is used only to output data processed by the processing unit (10). This data is first converted in an analog signal and modulated by the modulation module (60). Various techniques for such digital to analog conversion are well know in the art and they will not be described here.
  • the acoustic signal is output from the device to a terminal (43) by means of a speaker (61), but a buzzer could also be used in another embodiment.
  • the terminal (43) is equipped with a microphone to receive the said acoustic signal. If, for example, this terminal is an analog telephone, the said acoustic signal is transmitted trough the communication network (44 of Fig.
  • the received acoustic signal is preferably demodulated by the P.C. and converted back into a digital signal, to be sent on the communication network using the same protocol as for other data exchanged between the terminal and the application server.
  • a demodulator and analog to digital converter must be used either in the terminal (43) or in the front-end processing of the application server (45 of Fig. 4) and/or authentication sever (46 of Fig. 4) and it will be obvious for those skilled in the art that the said demodulator and converter have to use the decoding technique associated to the encoding technique used by the modulator module (60).
  • the FSK (frequency-shift keying) technique is preferably used, however other techniques could be used, including ASK (amplitude-shift keying) or PSK (phase-shift keying).
  • Fig. 7 depicts another embodiment, where the acoustic interface is used to input data to be processed by the processing unit.
  • the acoustic signal is output by the terminal (43).
  • the said acoustic signal can be generated either by the terminal (if this terminal is a P.C. or digital telephone) or by the application server peripherals (if the terminal is a simple analog telephone).
  • the acoustic signal is received by means of the microphone /11575
  • the demodulator must use the decoding technique corresponding to the encoding technique used by the modulator (either in the terminal or server peripherals).
  • the FSK (frequency-shift keying) technique is preferably used, however other techniques could be used, including ASK (amplitude-shift keying) or PSK (phase-shift keying).
  • FIG. 8 Still another embodiment of the invention is depicted by Fig. 8, where the acoustic interface is used both for data input and output.
  • Fig. 8 This is obviously a combination of embodiments previously described with Fig. 6 and Fig. 7.
  • the encoding and decoding techniques used respectively by the modulator (60) and demodulator (70) need not necessarily to be the same. However, in a preferred embodiment, FSK technique is used for both.
  • Fig. 9 depicts a preferred embodiment of the configuration shown by Fig. 8, where the speaker is used as a bi-directional acoustic transducer, so that no microphone is needed. This configuration will be preferred in most cases, except when very high sensitivity is required for data input from the acoustic interface.
  • a first application of the invention consists in using the PCD for access control to a restricted area (e.g.: a building, a room, a parking place, etc.).
  • a restricted area e.g.: a building, a room, a parking place, etc.
  • a microphone is placed at the entrance of the restricted area and anybody willing to access the said area has to use his or her PCD for generation of valid access code.
  • verification server located either in the said area or in a remote site connected to the said area is used to verify the code and to permit access when the code is valid.
  • the PCD can be used for user authentication before allowing access to a local and/or remote resource, including protected machine and/or vehicle, sensitive database, private network, etc.
  • transaction certification is another typical application of the invention.
  • remote payments by phone or P.C. networks e.g. Internet
  • the PCD is used to generate a digital signature ensuring the authenticity of the data received by the application server.
  • the PCD can also be used as a efficient and user-friendly encryption tool.
  • the preferred embodiment will be equipped with bi- directional acoustic interface (as depicted in Fig. 8 and 9), so that automatic data transfer can easily be achieved between the PCD and a large variety of communication terminals.
  • such application may consists in allowing telephone use of a smart card based electronic purse, for remote payment and/or loading of the said electronic purse.

Abstract

A portable certification device comprises a compact housing provided with: data storage means for storage of at least one cryptographic key and/or smart card interface; processing means for computer processing; at least one acoustic interface for wireless exchange of information with the device, by means of at least an acoustic signal generated using a modulation technique selected from the group consisting of: frequency-shift keying, phase-shift keying, amplitude-shift keying and any combination thereof; means for supplying power to the acoustic interface, processing means, storage means and/or smart card interface.

Description

PORTABLE CERTIFICATION DEVICE WITH ACOUSTIC COUPLING
Field of the invention
The invention relates to certification methods and, more particularly, to user and data authentication and encryption systems.
Background of the invention
The increasing demand for information transfer over various networks, including
PSTN (public switched telephone network) and the Internet, makes necessary that security tools are used to protect sensitive data and/or to restrict remote access to a resource (e.g.: sensitive file, database server, etc.) to authorized persons only. Some of these tools consist of a kind of pocket calculator with cryptographic capabilities; they are known as "security tokens".
Generally, security tokens generate codes ("digital signatures") which are used to certify remote transactions. To achieve a high security level, a user's PIN (personal identification number) must be entered into most security tokens before they can generate valid authentication codes. This is known as a two-factor security scheme; valid codes can be generated only when two things are used simultaneously: something the user possesses (the token) and something the user knows (the PIN).
Compared to other cryptographic tools, the security tokens offer the advantage of being portable and compatible with various commutation media. The main problem encountered with such devices is the difficulty to interface them with another terminal for automatic data interchange. Actually, data to authenticate is generally input manually by the user through the keypad of the token, and the user has to enter the output data displayed by the token (usually the authentication codes) into the communication terminal. Some solutions have already been investigated to make this data transfer more user-friendly. As an example, some security tokens are dedicated to authentication of transactions made by means of personal computer ("P.C"). They allow automatic input of data by infrared interface (using a dedicated P.C. peripheral) or by optical reading on the P.C. screen. Other tokens, rather dedicated to phone transactions, use the standard DTMF (dual tone multi-frequency) signals to output the generated codes either through an electrical connection or through a speaker or buzzer. In this latter case, the tokens can be considered as the well known DTMF dialers, equipped with cryptographic capabilities.
On the other hand, FSK (frequency-shift keying) and other modulation techniques have been widely used for bi-directional acoustic coupling of low transmission speed modems. Most of these modems are now obsolete because of the requirements for high speed data transfers.
The present invention combines the technologies of security tokens and acoustic modulation techniques, so as to provide a powerful security tool, efficient and easy to use, compatible with almost any communication media, thanks to its wireless acoustic interface.
Brief description of the invention
The present invention is a portable certification device ("PCD"), capable of receiving and/or transmitting data through a wireless acoustic interface. Certification is herein defined as a technique to restrict remote access to a resource to authorized persons only and/or to protect sensitive data during the transmission. Data protection may include data authentication (or electronic signature), for example to ensure that said data have not been modified during transmission, and/or data encryption to prevent unauthorized access to the said data.
The portable certification device of this invention comprises a compact housing provided at least with: a. first means selected from the group consisting of :
- data storage means for storage of at least one cryptographic key;
- a means for at least reading information from a smart card containing at least one cryptographic key ; - any combination thereof ; b. at least one acoustic interface for wireless exchange of information with the device, by means of at least an acoustic signal generated using a modulation technique selected from the group consisting of: frequency-shift keying, phase-shift keying, amplitude-shift keying and any combination thereof; c. processing means, at least for processing signal between the acoustic interface and said processing means; d. means for supplying power to the first means, processing means and acoustic interface.
The preferred modulation technique is frequency-shift keying.
Advantageously, the processing means process at least a signal by means of an algorithm using at least one cryptographic key.
At least one acoustic interface can be used to input data to be processed by the processing means and/or to output data processed by the processing means. The same or different interface and/or modulation technique can be used to input and output data.
According to one embodiment, the device is equipped with a smart card interface, for smart card data interchange.
In another embodiment, the device is further provided with a at least one non- acoustic interface for data interchange. 11575
According to a detail of a device of the invention, the processing means comprise an algorithm selected from the group consisting of : algorithm for unique user identification, algorithm for data authentication, algorithm for data encryption, and any combination thereof, and/or the device comprises a means for at least reading information from a smart card, the said smart card comprising an algorithm selected from the group consisting of : algorithm for unique user identification, algorithm for data authentication, algorithm for data encryption, and any combination thereof. For example, the processing means comprise a first algorithm selected from the group consisting of : algorithm for unique user identification, algorithm for data authentication, algorithm for data encryption, and any combination thereof, while the said device further comprises a means for at least reading information from a smart card, the said smart card comprising a second algorithm selected from the group consisting of : algorithm for unique user identification, algorithm for data authentication, algorithm for data encryption, and any combination thereof ; the said second algorithm being different from the first.
According to a characteristic of an embodiment, the device comprises data storage means for at least one cryptographic key and/or a means for at least reading information from a smart card containing at least one cryptographic key. For example, the device comprises data storage means for at least a first cryptographic key and a means for at least reading information from a smart card containing at least a second cryptographic key, different from the first one.
For specific use, the device may comprise initialization means. For example, the said initialization means include radio signal reception means.
According to another characteristic of an embodiment, the device further comprises user interface means, allowing control of the device. For example, the said user interface means include at least a keypad and/or at least on/off switching means and/or a user display. The acoustic interface may comprise at least a microphone and/or a speaker and/or buzzer and/or any combination thereof. In a preferred embodiment, the speaker is used as bi-directional acoustic interface.
As a result of the present invention, a portable security device is provided which can be interfaced to various communication media by means of wireless acoustic coupling. This device can be used as an access control means and/or user or data authentication and/or encryption tool. Although the present invention has been preliminary designed for remote certification, other applications can easily be considered by those skilled in the art.
The invention relates also to a certification method having the improvement of exchanging data by means of at least an acoustic signal generated using a modulation technique selected from the group consisting of: FSK (frequency-shift keying), PSK (phase-shift keying), ASK (amplitude-shift keying) and any combination thereof.
The method can be applied for access control and/or user authentication and/or remote transaction certification and/or data authentication and/or data encryption.
Processing means of the PCD are used preferably to generate unpredictable digital signatures for user and/or data authentication. It is to be appreciated that either symmetrical (private key) or asymmetrical (public key) encryption algorithm can be implemented in the PCD for digital signature generation.
The PCD will preferably comprise a keypad to enter the user's PIN (personal identification number); the said PIN being required by the processing unit for generation of valid digital signatures. In a preferred embodiment of this invention, this PIN will never be stored in the PCD, nor transmitted on the communication /1
channel. In another embodiment, when a lower security level is acceptable for the application, the PCD will operate without the need of user's PIN entry. In this latter case, no keypad is provided on the PCD, but a single on/off switch will be used; when powered on, the PCD will automatically generate an authentication code and send it through the acoustic interface.
The PCD will also preferably comprise a display for user guidance and for displaying generated authentication codes or other information. In a preferred embodiment, user guidance will be achieved by means of symbols on the display.
As a result of the present invention, a portable security device is provided which can be interfaced to various communication media by means of wireless acoustic coupling. This device can be used as an access control means and/or data authentication and/or encryption tool. Although the present invention has been preliminary designed for remote certification, other applications can easily be considered by those skilled in the art.
Preferred embodiments of the invention will be described in greater details below. This description should be considered as an illustration, but it is not intended to restrict in any way the scope of the present invention.
Brief description of the drawings
Fig. 1 is a block diagram of a preferred functional description of the invention.
Fig. 2A, 2B and 2C are respectively a front view, side view and rear view of a physical embodiment of the invention.
Fig. 3 depicts a preferred embodiment of the authentication algorithm.
Fig. 4 describes a typical operating environment of the invention. 1/11575
Fig. depicts another configuration of the server modules of Fig. 4.
Fig.6 depicts a possible configuration of the acoustic interface.
Fig.7 shows another possible configuration of the acoustic interface.
Fig.8 depicts still another possible configuration of the acoustic interface.
Fig.9 shows an improved version of the configuration depicted by Fig.8.
Detailed description of preferred embodiments
The present invention is a portable certification device, hereinafter referred to as "PCD", equipped with wireless acoustic coupling interface. It can be used as a security token for user and/or data authentication and/or for data encryption.
A functional description of the PCD is shown in Fig. 1. It is to be appreciated that this functional block diagram does not necessarily describe the physical implementation of the invention. Actually, several functions can be integrated into the same physical component; alternatively, some functions can be implemented by means of several components. Moreover, all these functional modules are interconnected through microprocessor bus and/or electronic circuits which will not be described in the scope of this document, as this technology is rather trivial for those skilled in the art. Similarly, a battery and/or any other power supply module and/or circuitry are considered as obvious components of the PCD which will not be described here, because a large variety of such modules are well known in the art.
It is to be understood that Fig. 1 depicts a preferred functional description of the invention, but variations are possible by selectively excluding or including certain functional modules, depending on the application. According to Fig. 1 , the PCD preferably includes a central processing unit (10) with its internal memory (1 1) (e.g.: RAM, ROM, EEPROM, etc.), a user interface (12) and an acoustic interface (13). Optionally, a dedicated initialization interface (14) and/or a smart card interface (15) can also be provided. Furthermore, an additional interface (16) may be included for specific applications. The arrows depicts the exchange of signals between the central processing unit (10) and the other peripherals (1 1), (12), (13), (14), (15), and/or (16).
It is obvious for those skilled in the art that a one-chip microprocessor may include the central processing unit (10) and the internal memory (1 1). The application software is preferably stored in the microprocessor ROM (read only memory) during production of the chip (masked microprocessor), while specific parameters (encryption keys, device serial number, etc.) are preferably stored into the microprocessor RAM (random access memory) during a device initialization procedure. The user interface (12) is used by the user for controlling the device. Fig.2 depicts an example where this user interface physically consists of a keypad and a display, with their associated circuitry for communication with the microprocessor.
The acoustic interface (13) allows wireless coupling of the PCD to various communication channels. This interface will be described with more details later.
The initialization process, also described later in more details, may use the acoustic interface (13), or even the user interface (12) for information transfer. However, in a preferred embodiment, a specific initialization interface (14) is provided. According to a possible improvement of the device, this interface may include a short-distance radio transmission channel, in such a way that no mechanical operation is required on the device (not even pressing the "on" key) to trigger the initialization process in the device. According to a possible improvement of the device, the PCD may include an integrated smart card interface (15). Such interface for connection between a smart card and a microprocessor is well known by those skilled in the art and will not be described here. With such interface, the cryptographic data and/or processing of the PCD can be partially or completely located on a smart card.
According to a further possible improvement of the device, an additional interface (16) is included to enhance the capabilities of the PCD. By way of example, this additional interface may be used for connecting an external power supply module or for exchanging data by another means than the acoustic coupling.
A preferred physical embodiment of the invention is illustrated in Fig. 2. Referring to this figure, a front- , bottom- and side-view of a preferred design of the housing (20) are depicted. Shape and dimensions of this preferred housing have been designed for easy operation of the device, even with one hand only, and for easy interface to a telephone handset or a personal computer. A keypad (21 ) similar as a telephone keypad is provided for digits and "*" and " #" symbols entry, the letters printed on these keys can be used for mnemonic remembering of the PIN. As an option of one embodiment of the invention, a fully alphanumeric keypad can be provided for alphanumeric data entry, when required for the application. At least one other key (22) is provided for triggering of the acoustic signal transmission and/or detection. One or more keys (23) are powering the device on and off ; these keys will preferably be protected to avoid unexpected power-on of the device, for example when it is stored in a pocket. Such protection may consist in a ring (24) surrounding the said on/off key(s). The display (25) is preferably a liquid crystal display matrix; it is used for user guidance and/or for displaying generated authentication codes and/or other information. In this preferred embodiments, holes (26) are provided on the bottom side of the housing (20) to ensure efficient acoustic coupling of the PCD with various types of communication terminals. It is to be appreciated that the Fig. 2 is given as an illustration of a possible embodiment of the application and should not be construed as a restrictive description of the invention. By way of example, the keypad (21) needs not to be present for applications where user's PIN entry is not required, another embodiment could be designed without display (25), still another embodiment could use a flexible membrane instead of holes (26), in order to allow acoustic coupling while being waterproof, etc.. Furthermore, it is to be noted that the PCD may also be physically protected against tampering, by means of one of the various techniques well known by those skilled in the art.
Fig. 3 depicts one embodiment of the authentication algorithm. Depending on the application, the cryptographic algorithm CRYPTO (305) may be either a symmetrical (private key) or an asymmetrical (public key) encryption algorithm ; many existing standards (D.E.S., R.S.A., etc.) are well known by those skilled in the art. Depending on the chosen cryptographic algorithm CRYPTO (305), one or more cryptographic keys are needed; in the following description, the KEY (304) parameter may therefore designate one or more encryption keys.
In the preferred embodiment depicted by Fig. 3, it is assumed that during an initialization process (explained later), the encryption key(s) have been stored in the device memory (11 of Fig. 1) in an encoded form SKEY (303), so that user's PIN (301) is required for decoding. Various techniques for such encoding are well known in the art. Accordingly, the PIN (301) entered by the user is input to the P_FMT function (302) which decodes SKEY (303), in order to retrieve the encryption key(s) KEY (304) to use with the selected cryptographic algorithm CRYPTO (305). It is worth noting that the technique used in this embodiment makes the PIN indispensable for valid authentication, although this PIN is never stored in the device nor transmitted on the communication channel. It should be noted that in another embodiment of the invention, SKEY (303) may be either partially or totally stored on a smart, card which can be accessed by means of the smart card interface (15 of Fig. 1). In still another embodiment, the cryptographic algorithm CRYPTO (305) may also be partially or totally located on a smart card. For example, in this latter case, the processing means of the device need not to include cryptographic means and the complete device may be considered as a smart card interface, to be used with various communication terminals, including P.C. and telephone.
Furthermore, it is to be appreciated that in embodiment requiring a lower security level, no PIN needs to be entered. In this case, the authentication algorithm depicted by Fig. 3 is still valid, but items 301, 302 and 303 have to be removed. In this embodiment, when the device is activated by the user (preferably by means of a single on/off key), the parameter KEY (304) is retrieved from device memory and/or from a smart card, for execution of the authentication process.
For user authentication, the parameters PARAM (306) entered as data fields to the cryptographic algorithm CRYPTO (305) preferably consists in an initialization vector (preferably filled with zeroes), followed by the device serial number and a sequential number incremented before each new authentication code generation. The data authentication algorithm is preferably similar as user authentication algorithm, except that not only the parameters PARAM (306), but also the data fields DATA (307) are input to the cryptographic algorithm CRYPTO (305). In a preferred embodiment of the invention, the worldwide standard D.E.S. (Data Encryption Standard) is used in CBC (cipher block chaining) mode; this technology is well known by those skilled in the art.
The resulting output of CRYPTO (305) is preferably passed to a formatting function C_FMT (308) which manipulates its input in order to output an authentication code complying with the format specified for the application. In one embodiment of the invention, this C_FMT (308) function combines the left and right parts of the 16 hexadecimal digit output of the D.E.S. , chosen as CRYPTO algorithm (305), in order to provide a 8 hexadecimal digit number which is further converted into a 8 decimal digit authentication code. The output of C_FMT (308) is passed to the message formatting function M_FMT (311) which builds the authentication message M_OUT (312) according to the format specified for the application. In a preferred embodiment of the invention, the authentication message M_OUT (312) consists of the device serial number, a part of the current value of the sequential number incremented for each code generation, the resulting authentication code and a CRC (cyclic redundancy checksum) for detection of eventual transmission errors.
In another embodiment of the invention, the message M_OUT (312) also includes the data to be authenticated. If no encryption is required by the application, the said data will be included in clear text (i.e. without encryption) in the message and the authentication code will ensure that data are not modified during transmission. For applications requiring confidentiality of the transmission, only encrypted data are included in the message M_OUT (312). In this latter case, the CRYPTO algorithm (305) is used not only to generate an authentication code, but to provide a complete encrypted message which can be decoded after transmission so as to retrieve the original data message. Various methods for such encryption are well known in the art.
In a particular embodiment of the invention, a PIN check value P_CHK (310) can be stored in the device memory (11 of Fig. 1) so that the validity of the PIN (301) entered by the user on the device keypad can be checked before generation of an authentication code. For that purpose, the P_CHK value (310) is generated during the initialization process (described later) by running the CRYPTO algorithm (305) using the encryption key(s) KEY (304) and predefined fixed value of parameter PARAM (306); the resulting output is formatted by the C_FMT function (308), 1/11575
13 then preferably partially extracted by the P_EXT function (309) and stored in the P_CHK value (310). The P_EXT function (309) is provided so that the output of C_FMT (309) may be partially or completely stored in P_CHK value (310), depending on application requirements. When the user's PIN (301) is entered on the device keypad, the KEY value (304) is retrieved by means of the P_FMT function (302) and the CRYPTO algorithm (305) is run using the said predefined fixed value of parameter PARAM (306); the resulting output is converted by the C_FMT (308) and P_EXT (309) functions and finally compared to the previously stored value of P_CHK (310). If both values do not match, the PIN entry is rejected. In a preferred embodiment, the device is locked when successive unsuccessful attempts for PIN entry are detected, to prevent fraudulent use of the device by unauthorized persons. The said locking can be either temporary or permanent and preferably consists in disabling all functions of the device, making it not operational for the duration of the locking period.
In a preferred embodiment of this invention, all devices are identical just after their production. Consequently, before it can be used, each device has to be personalized by means of the initialization process. This process preferably consists in transmitting parameters specific to each device for storage in the device memory. In a preferred embodiment, these parameters are: the device serial number, initial value for sequential number to be incremented for each transaction, encryption key(s) and various flags for selection of operating options. The initialization process is preferably achieved by means of an initialization machine; a preferred embodiment of such machine consists in a computer (e.g. a P.C.) linked to its peripherals, preferably including a printer and a dedicated interface for communication with each PCD to initialize.
In a particular embodiment, this initialization process can be triggered in the device by means of short-distance radio transmission. Considering that each device is preferably coming from the production factory packed in an individual box and with its microprocessor unit waiting in stand-by mode, the short-distance radio transmission allows to "awake" the microprocessor (so that it will enter the initialization process) without need to open the individual packing box. Once this initialization process has been triggered, communication is successively established between each PCD to initialize and the initialization machine. In a preferred embodiment, this communication uses the short-distance radio transmission to send data from the initialization machine to the PCD and the acoustic interface to send acknowledgement data from the PCD to the initialization machine. However other embodiments could use any kind of communication media for data exchange between the PCD and the initialization machine, eventually including a specific initialization interface in the PCD.
The initialization process preferably comprises two steps: the transmission of specific parameters (e.g.: serial number, encryption key(s), etc.) from the initialization machine to the PCD and the transmission of an acknowledgment signal from the PCD to the initialization machine, when the procedure has been successful. In a preferred embodiment, once this acknowledgment has been received, the initialization machine can print a label to be put on the PCD box for identification (the said label giving, for instance, the device serial number and the date of initialization) and store the initialization data in a secured database to be transferred to the authentication server (described later).
It is to be appreciated that, in some embodiments of this invention, the initialization process transfers to the PCD multiple sets of parameters, each set corresponding to a specific authentication server. Accordingly, the same PCD can be used to authenticate transactions with various applications which can either share or not the same authentication server. It should also be noted that multiple set of parameters need not necessarily to be initialized at the same time. Actually, some embodiments of the invention allow remote updating of PCD parameters by means of a predefined secure procedure, using for example the acoustic interface for encrypted data transfer.
Fig. 4 depicts a typical operating environment of the invention. It is to be appreciated that the present invention can be used in a wide range of various environments which may significantly differ from the one depicted in Fig. 4. The following description of the PCD operations in this environment can easily be transposed for other environments. Furthermore, it should be noted that the specificity of the present invention resides in the use of a portable device acoustically coupled to whatever terminal; the rest of the authentication process described hereinafter, including the way data are processed by the authentication server, is not restricted to the use of the present invention, such process is common to most security environments and is well known in the art.
A user (41) is willing to communicate with an application server (45), by means of a communication network (44) and a communication terminal (43) connected to the said communication network and preferably equipped with an acoustic interface for communication with the user's PCD (42). This acoustic interface of the terminal (43) preferably consists in a microphone and a speaker or buzzer. Acoustic coupling between the PCD and the terminal is simply achieved by placing the PCD in the vicinity of the said acoustic interface of the terminal. As a way of example, the terminal (43) can be a telephone with the handset being the acoustic interface or else it can be a P.C. equipped with peripherals including a microphone and a speaker and/or buzzer.
In order to prevent unauthorized access to the application server (45), an authentication server (46) is provided, which is connected to the application server (45) either through the said communication channel (44), or via another connection, or both. In a preferred embodiment of the application, the authentication server (46) may be used as a "front-end" or "firewall" system for the application server (45), as 1/11575
16
depicted in Fig. 5. The security protocol of the authentication server (46) preferably requires use of PCD (42) for each authorized user, who has received such a PCD (42) duly initialized. The initialization database of all PCD's distributed to authorized users has been securely transferred to the authentication server (46), from the initialization machine. The procedure for such database transfer will not be described here, as many various secure procedures are well known in the art for this kind of transmission.
In a preferred operating mode of the present invention, when the user (41) wants to establish a communication with the application server (45), he or she uses the terminal (43) to connect to the application server (45). The authentication server (46) is alerted either by the application server (45) or, in the configuration depicted in Fig. 5, even before any access is made to the application server (45). The said authentication server (46) prompts the user (41) for logging. The user (41) powers on his or her PCD (42) and is prompted for PIN entry, preferably by means of symbols on the display of the PCD (42). The user's PIN is entered by means of the PCD keypad (21 of Fig. 2). In a preferred embodiment, the PIN is checked by the PCD by means of the P_CHK code (310 of Fig. 3) and a positive or negative acknowledge is displayed on the PCD display, preferably by means of symbols. If the PIN is valid, an authentication code can be generated (and preferably displayed on the PCD display) and an authentication message (312 of Fig. 3) is built. The PCD (42) is placed by the user (41) in the vicinity of the acoustic interface of the terminal (43), and the user (41) can start the acoustic transmission of the said authentication message, preferably by pressing the transmission key (22 of Fig. 2) on the PCD keypad. In a preferred embodiment of the invention, the acoustic signal is generated using the FSK (frequency-shift keying) encoding technique, but other possibilities for such generation are well known in the art.
As previously mentioned, the said acoustic signal transmitted to the terminal (43) comprises in encoded form (preferably FSK) several data fields, preferably /11575
17 including the PCD serial number, the authentication code and part of the current value of the sequential number to be incremented for each authentication code generation. This information is received by the terminal (43), which sends it through the communication network (44) to the authentication server (46). The received device serial number allows the authentication server to retrieve from its database the information concerning this device, including the encryption key(s); the received partial value of sequential number is used to synchronize the information from the database and the authentication algorithm (depicted by Fig. 3) is run for validation of the received authentication code. If this code is valid, a positive acknowledgement can be sent to the application server (45) and the user (41) is allowed to enter the application session.
The PCD (42) can also be used for data authentication or encryption. In a preferred embodiment, the procedure is similar as for user authentication, except that after user's PIN entry, data to authenticate or to encrypt are also entered in the PCD. This data entry can be done either manually by means of the device keypad (21 of Fig. 2) or automatically by means of the wireless acoustic connection with the terminal (43), or else by means of an additional interface (16 of Fig. 1). In a similar way, a secure communication can be established between the PCD (42) and the authentication server (46) or an initialization machine connected to the communication network (44) for remote updating of the internal parameters of the PCD (42).
In a preferred embodiment of the invention, when data fields to be authenticated or encrypted have been introduced in the device (either manually via the keypad or automatically via the acoustic interface or additional interface), the user has the opportunity of visualizing the said data fields on the display of the PCD for validation before generation of the authentication code and/or encrypted message. 1/11575
18
Fig. 6 depicts an embodiment of the acoustic interface. In this particular embodiment, the acoustic interface is used only to output data processed by the processing unit (10). This data is first converted in an analog signal and modulated by the modulation module (60). Various techniques for such digital to analog conversion are well know in the art and they will not be described here. The acoustic signal is output from the device to a terminal (43) by means of a speaker (61), but a buzzer could also be used in another embodiment. The terminal (43) is equipped with a microphone to receive the said acoustic signal. If, for example, this terminal is an analog telephone, the said acoustic signal is transmitted trough the communication network (44 of Fig. 4) and will be decoded by the authentication server and/or the application server. In another example, where the terminal is a P.C. equipped with a microphone and a sound processing card , the received acoustic signal is preferably demodulated by the P.C. and converted back into a digital signal, to be sent on the communication network using the same protocol as for other data exchanged between the terminal and the application server.
Accordingly, a demodulator and analog to digital converter must be used either in the terminal (43) or in the front-end processing of the application server (45 of Fig. 4) and/or authentication sever (46 of Fig. 4) and it will be obvious for those skilled in the art that the said demodulator and converter have to use the decoding technique associated to the encoding technique used by the modulator module (60). In this embodiment, the FSK (frequency-shift keying) technique is preferably used, however other techniques could be used, including ASK (amplitude-shift keying) or PSK (phase-shift keying).
Fig. 7 depicts another embodiment, where the acoustic interface is used to input data to be processed by the processing unit. In the case, the acoustic signal is output by the terminal (43). Depending on the nature of this terminal, the said acoustic signal can be generated either by the terminal (if this terminal is a P.C. or digital telephone) or by the application server peripherals (if the terminal is a simple analog telephone). The acoustic signal is received by means of the microphone /11575
19
(71), demodulated and converted to a digital signal by the demodulation module (70) and then passed to the processing unit (10) for processing. The demodulation and analog to digital conversion is well known in the art and will not be described here. Again, the demodulator must use the decoding technique corresponding to the encoding technique used by the modulator (either in the terminal or server peripherals). In this embodiment, the FSK (frequency-shift keying) technique is preferably used, however other techniques could be used, including ASK (amplitude-shift keying) or PSK (phase-shift keying).
Still another embodiment of the invention is depicted by Fig. 8, where the acoustic interface is used both for data input and output. This is obviously a combination of embodiments previously described with Fig. 6 and Fig. 7. It should be noted that the encoding and decoding techniques used respectively by the modulator (60) and demodulator (70) need not necessarily to be the same. However, in a preferred embodiment, FSK technique is used for both.
Fig. 9 depicts a preferred embodiment of the configuration shown by Fig. 8, where the speaker is used as a bi-directional acoustic transducer, so that no microphone is needed. This configuration will be preferred in most cases, except when very high sensitivity is required for data input from the acoustic interface.
By way of example, a few applications of the invention will be described below. However, it will be apparent for those skilled in the art that the features of this invention are not limited thereto but may be applied in a wide variety of other applications.
A first application of the invention consists in using the PCD for access control to a restricted area (e.g.: a building, a room, a parking place, etc.). In this case, a microphone is placed at the entrance of the restricted area and anybody willing to access the said area has to use his or her PCD for generation of valid access code. A 1/11575
20 verification server located either in the said area or in a remote site connected to the said area is used to verify the code and to permit access when the code is valid. Similarly, the PCD can be used for user authentication before allowing access to a local and/or remote resource, including protected machine and/or vehicle, sensitive database, private network, etc.
Besides the access control, transaction certification is another typical application of the invention. For example, remote payments by phone or P.C. networks (e.g. Internet) can be certified using the data authentication capability of the invention. In this case, the PCD is used to generate a digital signature ensuring the authenticity of the data received by the application server.
Furthermore, the PCD can also be used as a efficient and user-friendly encryption tool. For this application, the preferred embodiment will be equipped with bi- directional acoustic interface (as depicted in Fig. 8 and 9), so that automatic data transfer can easily be achieved between the PCD and a large variety of communication terminals. By way of example, such application may consists in allowing telephone use of a smart card based electronic purse, for remote payment and/or loading of the said electronic purse.
The foregoing description has been limited to what are currently believed to be the preferred embodiments and applications of the present invention. However, those skilled in the art will realize that variations and modifications may be made thereto without departing from the true spirit of the invention and it is intended in the appended claims to cover all such variations and modifications as come within the true spirit and scope of the present invention.

Claims

What we claim is:
1. A portable certification device comprising a compact housing provided at least with: a) first means selected from the group consisting of : - data storage means for storage of at least one cryptographic key,
- a means for at least reading information from a smart card containing at least one cryptographic key, and
- any combination thereof ; b) at least one acoustic interface for wireless exchange of information with the device, by means of at least an acoustic signal generated using a modulation technique selected from the group consisting of : frequency-shift keying, phase- shift keying, amplitude-shift keying and any combination thereof; c) processing means, at least for processing signal between the acoustic interface and said processing means; d) means for supplying power to the first means, processing means and acoustic interface.
2. The device of claim 1, in which the modulation technique is frequency-shift keying.
3. The device of claim 1, in which at least one acoustic interface is used to input data to be processed by the processing means.
4. The device of claim 1, in which at least one acoustic interface is used to output data processed by the processing means.
5. The device of claim 1, in which at least one acoustic interface is used to input data to be processed by the processing means and to output data processed by the processing means.
6. The device of claim 5, wherein different modulation techniques are used for input and output of data. /11575
22
7. The device of claim 1 , wherein a smart card interface is provided, for smart card data interchange.
8. The device of claim 1, which is further provided with at least one non-acoustic interface for data interchange.
9. The device of claim 1 , wherein the processing means comprise an algorithm selected from the group consisting of : algorithm for unique user identification, algorithm for data authentication, algorithm for data encryption, and any combination thereof.
10. The device of claim 1, comprising a means for at least reading information from a smart card, the said smart card comprising an algorithm selected from the group consisting of : algorithm for unique user identification, algorithm for data authentication, algorithm for data encryption, and any combination thereof.
11. The device of claim 1 , wherein the processing means comprise a first algorithm selected from the group consisting of : algorithm for unique user identification, algorithm for data authentication, algorithm for data encryption, and any combination thereof, the said device further comprising a means for at least reading information from a smart card, the said smart card comprising a second algorithm selected from the group consisting of : algorithm for unique user identification, algorithm for data authentication, algorithm for data encryption, and any combination thereof ; the said second algorithm being different from the first.
12. The device of claim 1, which comprises data storage means for at least one cryptographic key.
13. The device of claim 1, which comprises a means for at least reading information from a smart card containing at least one cryptographic key.
14. The device of claim 1, which comprises data storage means for at least a first cryptographic key and a means for at least reading information from a smart card containing at least a second cryptographic key, different from the first one.
15. The device of claim 1, which further comprises initialization means. /11575
23
16. The device of claim 15, wherein the said initialization means are associated to radio signal reception means.
17. The device of claim 1, which further comprises user interface means, allowing control of the device.
18. The device of claim 17, in which the user interface means include at least a keypad.
19. The device of claim 1, which further comprises user interface means, allowing control of the device, said user interface means comprising at least on/off switching means.
20. The device of claim 1, which further comprises user interface means, allowing control of the device, said user interface means comprising at least a user display.
21. The device of claim 1 , which comprises at least a microphone as acoustic interface.
22. The device of claim 1, which comprises at least means selected from the group consisting of speaker, buzzer and any combination thereof, as acoustic interface.
23. The device of claim 1 , which comprises at least a speaker used as bi-directional acoustic interface.
24. The device of claim 1, in which the processing means process at least a signal by means of an algorithm using at least one cryptographic key.
25. A certification method having the improvement of exchanging data by means of at least an acoustic signal generated using a modulation technique selected from the group consisting of : frequency-shift keying, phase-shift keying, amplitude-shift keying and any combination thereof.
26. The method of claim 25 in which the modulation technique is frequency-shift keying.
27. The method of claim 25 applied for access control.
28. The method of claim 25 applied for user authentication.
29. The method of claim 25 applied for certifying remote transactions.
30. The method of claim 25 applied for data authentication.
31. The method of claim 25 applied for data encryption.
PCT/BE2000/000092 1999-08-09 2000-08-02 Portable certification device with acoustic coupling WO2001011575A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US36992599A 1999-08-09 1999-08-09
US09/369,925 1999-08-09

Publications (1)

Publication Number Publication Date
WO2001011575A1 true WO2001011575A1 (en) 2001-02-15

Family

ID=23457510

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/BE2000/000092 WO2001011575A1 (en) 1999-08-09 2000-08-02 Portable certification device with acoustic coupling

Country Status (1)

Country Link
WO (1) WO2001011575A1 (en)

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002005078A2 (en) * 2000-07-07 2002-01-17 Qualcomm Incorporated Method and apparatus for secure identity authentication with audible tones
FR2850813A1 (en) * 2003-01-31 2004-08-06 France Telecom Electronic transaction securing device for use in electronic commerce, has analyzing unit to analyze intercepted signals from control, and quantifying unit retransmitting information quantified in secured mode to telephone
FR2850772A1 (en) * 2003-01-31 2004-08-06 France Telecom Electronic transaction securing device for use in electronic commerce, has analyzing unit to retransmit intercepted signals to processing unit without modification if they are not in order of passage in secured mode
EP1481535A1 (en) * 2002-02-15 2004-12-01 Qualcomm, Incorporated System and method for acoustic two factor authentication
EP1527539A1 (en) * 2002-07-01 2005-05-04 QUALCOMM Incorporated Communication using audible tones
US8341002B2 (en) 2009-07-31 2012-12-25 Lg Electronics Inc. Diagnostic system and method for home appliance
US8346508B2 (en) 2009-04-10 2013-01-01 Lg Electronics Inc. System and method for diagnosing home appliance
US8432291B2 (en) 2009-07-31 2013-04-30 Lg Electronics Inc. Diagnostic system and method for home appliance
RU2484522C2 (en) * 2008-04-30 2013-06-10 ЭлДжи ЭЛЕКТРОНИКС ИНК. System for household electric appliances and its functioning method
US8854204B2 (en) 2009-04-10 2014-10-07 Lg Electronics Inc. Home appliance
US8943583B2 (en) 2002-05-15 2015-01-27 Qualcomm Incorporated System and method for managing sonic token verifiers
US8984338B2 (en) 2009-07-06 2015-03-17 Lg Electronics Inc. Home appliance diagnosis system, and method for operating same
US8983798B2 (en) 2009-07-24 2015-03-17 Lg Electronics Inc. Diagnostic system and method for home appliance
US9013320B2 (en) 2012-07-09 2015-04-21 Lg Electronics Inc. Home appliance and its system
US9054953B2 (en) 2008-06-16 2015-06-09 Lg Electronics Inc. Home appliance and home appliance system
EP2621126A4 (en) * 2010-09-25 2015-10-21 Tendyron Corp Electronic device that uses voice mode to communicate with external devices
US9197437B2 (en) 2011-08-02 2015-11-24 Lg Electronics Inc. Home appliance, home appliance diagnostic system, and method
US9495859B2 (en) 2012-07-03 2016-11-15 Lg Electronics Inc. Home appliance and method of outputting signal sound for diagnosis
US9644886B2 (en) 2010-01-15 2017-05-09 Lg Electronics Inc. Refrigerator and diagnostic system for the same
US9979560B2 (en) 2011-08-18 2018-05-22 Lg Electronics Inc. Diagnostic apparatus and method for home appliance
US10325269B2 (en) 2010-07-06 2019-06-18 Lg Electronics Inc. Home appliance diagnosis system and diagnosis method for same

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4601011A (en) * 1981-12-30 1986-07-15 Avigdor Grynberg User authorization verification apparatus for computer systems including a central device and a plurality of pocket sized remote units
EP0374012A1 (en) * 1988-12-07 1990-06-20 ETAT FRANCAIS représenté par le Ministre des Postes, Télécommunications et de l'Espace Authentication apparatus for an interactive server
EP0565279A2 (en) * 1992-04-06 1993-10-13 AT&T Corp. A universal authentication device for use over telephone lines
DE4325459A1 (en) * 1993-07-29 1995-02-09 C2S Gmbh Cryptografische Siche Tone transmitter with an identification and authentication device
WO1995010823A1 (en) * 1993-10-15 1995-04-20 British Telecommunications Public Limited Company Personal identification systems
US5740232A (en) * 1994-05-06 1998-04-14 France Telecom Smart card based system for telephone-securized transactions
WO1998025371A1 (en) * 1996-12-04 1998-06-11 Ynjiun Wang Portable electronic authorization devices and methods therefor
US5818930A (en) * 1994-08-05 1998-10-06 Smart Tone Authentication, Inc. Auto-dialer housing
US5878142A (en) * 1994-07-12 1999-03-02 Information Resource Engineering, Inc. Pocket encrypting and authenticating communications device

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4601011A (en) * 1981-12-30 1986-07-15 Avigdor Grynberg User authorization verification apparatus for computer systems including a central device and a plurality of pocket sized remote units
EP0374012A1 (en) * 1988-12-07 1990-06-20 ETAT FRANCAIS représenté par le Ministre des Postes, Télécommunications et de l'Espace Authentication apparatus for an interactive server
EP0565279A2 (en) * 1992-04-06 1993-10-13 AT&T Corp. A universal authentication device for use over telephone lines
DE4325459A1 (en) * 1993-07-29 1995-02-09 C2S Gmbh Cryptografische Siche Tone transmitter with an identification and authentication device
WO1995010823A1 (en) * 1993-10-15 1995-04-20 British Telecommunications Public Limited Company Personal identification systems
US5740232A (en) * 1994-05-06 1998-04-14 France Telecom Smart card based system for telephone-securized transactions
US5878142A (en) * 1994-07-12 1999-03-02 Information Resource Engineering, Inc. Pocket encrypting and authenticating communications device
US5818930A (en) * 1994-08-05 1998-10-06 Smart Tone Authentication, Inc. Auto-dialer housing
WO1998025371A1 (en) * 1996-12-04 1998-06-11 Ynjiun Wang Portable electronic authorization devices and methods therefor

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002005078A2 (en) * 2000-07-07 2002-01-17 Qualcomm Incorporated Method and apparatus for secure identity authentication with audible tones
WO2002005078A3 (en) * 2000-07-07 2003-08-21 Qualcomm Inc Method and apparatus for secure identity authentication with audible tones
EP1481535A4 (en) * 2002-02-15 2006-07-26 Qualcomm Inc System and method for acoustic two factor authentication
US7966497B2 (en) 2002-02-15 2011-06-21 Qualcomm Incorporated System and method for acoustic two factor authentication
EP1481535A1 (en) * 2002-02-15 2004-12-01 Qualcomm, Incorporated System and method for acoustic two factor authentication
US8943583B2 (en) 2002-05-15 2015-01-27 Qualcomm Incorporated System and method for managing sonic token verifiers
EP1527539A1 (en) * 2002-07-01 2005-05-04 QUALCOMM Incorporated Communication using audible tones
EP1527539A4 (en) * 2002-07-01 2005-11-09 Qualcomm Inc Communication using audible tones
FR2850772A1 (en) * 2003-01-31 2004-08-06 France Telecom Electronic transaction securing device for use in electronic commerce, has analyzing unit to retransmit intercepted signals to processing unit without modification if they are not in order of passage in secured mode
FR2850813A1 (en) * 2003-01-31 2004-08-06 France Telecom Electronic transaction securing device for use in electronic commerce, has analyzing unit to analyze intercepted signals from control, and quantifying unit retransmitting information quantified in secured mode to telephone
EP1447777A1 (en) * 2003-01-31 2004-08-18 France Telecom Method and device for securing of transactions executed at an unsecured terminal
RU2484522C2 (en) * 2008-04-30 2013-06-10 ЭлДжи ЭЛЕКТРОНИКС ИНК. System for household electric appliances and its functioning method
US9054953B2 (en) 2008-06-16 2015-06-09 Lg Electronics Inc. Home appliance and home appliance system
US8346508B2 (en) 2009-04-10 2013-01-01 Lg Electronics Inc. System and method for diagnosing home appliance
US8854204B2 (en) 2009-04-10 2014-10-07 Lg Electronics Inc. Home appliance
US8984338B2 (en) 2009-07-06 2015-03-17 Lg Electronics Inc. Home appliance diagnosis system, and method for operating same
US8983798B2 (en) 2009-07-24 2015-03-17 Lg Electronics Inc. Diagnostic system and method for home appliance
US8432291B2 (en) 2009-07-31 2013-04-30 Lg Electronics Inc. Diagnostic system and method for home appliance
US8341002B2 (en) 2009-07-31 2012-12-25 Lg Electronics Inc. Diagnostic system and method for home appliance
US9644886B2 (en) 2010-01-15 2017-05-09 Lg Electronics Inc. Refrigerator and diagnostic system for the same
US10325269B2 (en) 2010-07-06 2019-06-18 Lg Electronics Inc. Home appliance diagnosis system and diagnosis method for same
EP2621126A4 (en) * 2010-09-25 2015-10-21 Tendyron Corp Electronic device that uses voice mode to communicate with external devices
US9197437B2 (en) 2011-08-02 2015-11-24 Lg Electronics Inc. Home appliance, home appliance diagnostic system, and method
US9979560B2 (en) 2011-08-18 2018-05-22 Lg Electronics Inc. Diagnostic apparatus and method for home appliance
US9495859B2 (en) 2012-07-03 2016-11-15 Lg Electronics Inc. Home appliance and method of outputting signal sound for diagnosis
US9013320B2 (en) 2012-07-09 2015-04-21 Lg Electronics Inc. Home appliance and its system

Similar Documents

Publication Publication Date Title
WO2001011575A1 (en) Portable certification device with acoustic coupling
US11622265B2 (en) Security system for handheld wireless devices using time-variable encryption keys
AU726397B2 (en) Pocket encrypting and authenticating communications device
KR100952551B1 (en) Method and apparatus for simplified audio authentication
US6151677A (en) Programmable telecommunications security module for key encryption adaptable for tokenless use
US5546463A (en) Pocket encrypting and authenticating communications device
US7382882B1 (en) Secure session set up based on the wireless application protocol
EP1371255B1 (en) Method for enabling pki functions in a smart card
US7308582B2 (en) Collation processing apparatus, data communication system and data communication method
WO2002069653A1 (en) System for downloading program to general-purpose subscriber identification module
US7690027B2 (en) Method for registering and enabling PKI functionalities
US7836308B2 (en) Apparatus and method for multiple function authentication device
WO2003051080A1 (en) Applet download in a communication system
CN100449990C (en) User centrificating apparatus and method for fixed network terminal
JP2001298779A (en) Mobile information terminal and service system using it
JP2005202650A (en) Authentication system
JP2002279366A (en) Method for using card control system, card holder, card, and card control system
JPH11331405A (en) Modem card and network system
JPS61270940A (en) Cipher communicating equipment
JPH01231451A (en) Communication control system
JPS61270939A (en) Cipher communicating equipment
WO1998056139A1 (en) A process for transmitting confidential communications by telephone and electronic devices for carrying out said transmission
CA2292063A1 (en) Cryptographic token and security system

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): CA JP

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP