Leak-resistant cryptographic payment smartcard
First Claim
1. A method for performing a plurality of secure payment transactions using a smartcard, where said smartcard and a verifier of said payment transaction share an initial secret starting key value, comprising:
- (a) initializing said smartcard, where said initializing includes;
(i) storing said starting key value in a nonvolatile key storage memory location; and
(ii) storing an initial value in a nonvolatile transaction counter memory location;
(b) for each of a plurality of payment transactions;
(i) computing an updated key value;
(x) by cryptographically transforming at least said stored key value and said transaction counter;
(y) where said transforming at least obscures partial information about said stored key, thereby deterring attacks that combine partial information leaked in said plurality of transactions;
(ii) updating said nonvolatile memory locations including;
(x) updating said key storage location with said updated key value; and
(y) incrementing said value of said transaction counter location;
(iii) using said updated key value to compute a message authentication code authenticating said transaction; and
(iv) sending said computed message authentication code and said transaction counter to a third party for use in verifying said payment transaction.
1 Assignment
0 Petitions
Accused Products
Abstract
We disclose methods and apparatuses for securing cryptographic devices against attacks involving external monitoring and analysis. A “self-healing” property is introduced, enabling security to be continually re-established following partial compromises. In addition to producing useful cryptographic results, a typical leak-resistant cryptographic operation modifies or updates secret key material in a manner designed to render useless any information about the secrets that may have previously leaked from the system. Exemplary leak-proof and leak-resistant implementations are shown for symmetric authentication, certified Diffie-Hellman (when either one or both users have certificates), RSA, ElGamal public key decryption.
-
Citations
3 Claims
-
1. A method for performing a plurality of secure payment transactions using a smartcard, where said smartcard and a verifier of said payment transaction share an initial secret starting key value, comprising:
-
(a) initializing said smartcard, where said initializing includes;
(i) storing said starting key value in a nonvolatile key storage memory location; and
(ii) storing an initial value in a nonvolatile transaction counter memory location;
(b) for each of a plurality of payment transactions;
(i) computing an updated key value;
(x) by cryptographically transforming at least said stored key value and said transaction counter;
(y) where said transforming at least obscures partial information about said stored key, thereby deterring attacks that combine partial information leaked in said plurality of transactions;
(ii) updating said nonvolatile memory locations including;
(x) updating said key storage location with said updated key value; and
(y) incrementing said value of said transaction counter location;
(iii) using said updated key value to compute a message authentication code authenticating said transaction; and
(iv) sending said computed message authentication code and said transaction counter to a third party for use in verifying said payment transaction.
-
-
2. A computer readable memory containing a program for performing a plurality of secure payment transactions between a tamper-resistant device and a verifier that share an initial secret starting key value, comprising:
-
(a) logic instructions for computing an updated key value for a subsequent transaction;
(i) by cryptographically transforming at least a key value and a transaction counter value stored in nonvolatile memory locations in said tamper-resistant device;
(ii) where said transforming at least obscures partial information about said stored key, thereby deterring attacks that combine partial information leaked in said plurality of transactions;
(b) logic instructions for updating said nonvolatile memory locations including;
(i) replacing said key value with said updated key value; and
(ii) incrementing said transaction counter value;
(c) logic instructions for using said updated key value to compute a message authentication code authenticating said transaction; and
(d) logic instructions for sending said computed message authentication code and said transaction counter to a third party for use in verifying said payment transaction.
-
-
3. A smartcard for performing a secure payment transaction, comprising:
-
(a) a microprocessor;
(b) a nonvolatile memory area initially configured to store a secret parameter;
(c) a nonvolatile memory area initially configured to store an indexing indicia;
(d) a memory storing logic instructions capable of being executed using said processor to;
(i) compute an updated secret parameter for a subsequent transaction by cryptographically transforming at least said stored secret parameter and said indexing indicia, where said transforming at least obscures partial information about said stored secret parameter;
(ii) replace said stored secret parameter with said updated value thereof;
(iii) compute a value authenticating transaction information by cryptographically transforming at least said updated secret parameter and said transaction information; and
(e) an output interface configured to transmit representations of said value and said indexing indicia to a payment transaction verifier.
-
Specification