Method and configuration for mutual authentication of two data processing units

US 20030018893A1
Filed: 08/08/2002
Published: 01/23/2003
Est. Priority Date: 02/08/2000
Status: Active Grant

First Claim

Patent Images

1. A method for mutual authentication of a first data processing unit and of a second data processing unit, which comprises the steps of:

producing a first bit string in the first data processing unit;

transmitting the first bit string to the second data processing unit;

producing a second bit string and a third bit string from the first bit string and from first data using a first algorithm in the second data processing unit;

transmitting the second bit string to the first data processing unit;

producing a first authentication result and a fourth bit string from the first bit string, from the second bit string and from second data using a second algorithm in the first data processing unit;

producing a fifth bit string from the fourth bit string and from third data using a third algorithm in the first data processing unit;

transmitting the fifth bit string to the second data processing unit; and

producing a second authentication result from the third bit string, from the fifth bit string and from fourth data using a fourth algorithm in the second data processing unit.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and a configuration are described for mutual authentication of two data processing units. The mutual authentication of two data processing units is normally carried out in two separate authentication processes, which are carried out successively. A challenge and response method is normally used. For this purpose, a first challenge is sent from a first data processing unit to a second data processing unit, which transmits a first response back. A second response is produced by the first data processing unit, and is transmitted to the second data processing unit.

Citations

9 Claims

1. A method for mutual authentication of a first data processing unit and of a second data processing unit, which comprises the steps of:
- producing a first bit string in the first data processing unit;
  
  transmitting the first bit string to the second data processing unit;
  
  producing a second bit string and a third bit string from the first bit string and from first data using a first algorithm in the second data processing unit;
  
  transmitting the second bit string to the first data processing unit;
  
  producing a first authentication result and a fourth bit string from the first bit string, from the second bit string and from second data using a second algorithm in the first data processing unit;
  
  producing a fifth bit string from the fourth bit string and from third data using a third algorithm in the first data processing unit;
  
  transmitting the fifth bit string to the second data processing unit; and
  
  producing a second authentication result from the third bit string, from the fifth bit string and from fourth data using a fourth algorithm in the second data processing unit.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method according to claim 1, which comprises transmitting the third bit string from the second data processing unit to the first data processing unit and the third bit string is used by the second algorithm to produce at least one of the first authentication result and the fourth bit string.
  - 3. The method according to claim 1, which comprises forming the third bit string from an intermediate result in a calculation of the second bit string.
  - 4. The method according to claim 1, which comprises producing the first bit string randomly.
  - 5. The method according to claim 1, which comprises selecting the first bit string such that it differs from all previously used first bit strings.

6. A configuration for carrying out mutual authentication, comprising:
- a first data processing unit;
  
  a second data processing unit;
  
  a bit string generator disposed in said first data processing unit and producing a first bit string;
  
  a first bit string processing unit for producing a second bit string and a third bit string from the first bit string and from first data, said first bit string processing unit disposed in said second data processing unit;
  
  a second bit string processing unit for producing a first authentication result and a fourth bit string from the first bit string, from the second bit string and from second data, said second bit string processing unit disposed in said first data processing unit;
  
  a third bit string processing unit disposed in said first data processing unit and producing a fifth bit string; and
  
  a fourth bit string processing unit for producing a second authentication result from the third bit string, from the fifth bit string and from fourth data, said fourth bit string processing unit disposed in said second data processing unit.
- View Dependent Claims (7, 8, 9)
- - 7. The configuration according to claim 6, wherein at least one of said first and second data processing units is an integrated circuit.
  - 8. The configuration according to claim 6, wherein one of said first and second data processing units has at least one XOR gate and a shift register feeding back to said at least one XOR gate.
  - 9. The configuration according to claim 6, wherein one of said first and second data processing units is a smart card, and the other of said first and second data processing units is a smart card terminal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Infineon Technologies AG
Original Assignee
Infineon Technologies AG
Inventors
Hess, Erwin, Pockrandt, Wolfgang

Granted Patent

US 7,353,392 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/169
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

Method and configuration for mutual authentication of two data processing units

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Method and configuration for mutual authentication of two data processing units

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links