Multiple-use smart card with security features and method
First Claim
1. A smart card comprising:
- a processor for processing data;
input/output apparatus operably connected to the processor for communicating with a reader/writer station for any of a plurality of data user groups; and
memory for storing information, the memory being operably connected with the processor to transfer stored information permitting an algorithm to verify the identity of a proper user and refuse use by other users, the memory simultaneously providing information for verifying the user'"'"'s membership in or lack of membership in any of the plurality of data user groups and correspondingly allowing or refusing access to the data of a particular one of the plurality of data user groups according to the algorithm, the algorithm being at least partially included in the memory and providing in each instance a plurality of types of cryptographic security for the data.
1 Assignment
0 Petitions
Accused Products
Abstract
A smart card is adapted to partially include and employ a triply-secure algorithm for data exchange. The algorithm verifies a user'"'"'s identity and his simultaneous membership in any groups that he has joined. For this purpose, the algorithm requires only a single insertion of the smart card and only a single input of the user'"'"'s personal identification number. The algorithm can be used in smart cards or in computer networks for identity verification and membership proof. A combination of three different hard problems is used. The first one is based on integer factorization, such as the RSA authenticating technique, and the second one is based on a discrete logarithm, and the third one is based on the coefficients of a polynomial function. In a typical application using smart cards, a certification authority (CA) establishes requirements for preparation and issuance of a multi-purpose card.
-
Citations
13 Claims
-
1. A smart card comprising:
-
a processor for processing data;
input/output apparatus operably connected to the processor for communicating with a reader/writer station for any of a plurality of data user groups; and
memory for storing information, the memory being operably connected with the processor to transfer stored information permitting an algorithm to verify the identity of a proper user and refuse use by other users, the memory simultaneously providing information for verifying the user'"'"'s membership in or lack of membership in any of the plurality of data user groups and correspondingly allowing or refusing access to the data of a particular one of the plurality of data user groups according to the algorithm, the algorithm being at least partially included in the memory and providing in each instance a plurality of types of cryptographic security for the data. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A multi-purpose end-user authentication method that can provide cryptographically strong security, including services of strong authentication of a user'"'"'s membership in a group upon request for use and strong verification of the user'"'"'s identity, in which security of the authentication and the verification is based on a plurality of types of cryptographic security, the method comprising:
-
invoking an integer factorization system in at least one of the services of authentication of the user'"'"'s membership in the group and verification of the user'"'"'s identity;
employing cryptographically a discrete logarithm in at least one of the services of authentication of the user'"'"'s membership in the group and verification of the user'"'"'s identity; and
using cryptographically coefficients of a polynomial f (x) in cooperation with at least one of the steps of invoking the integer factorization system and of employing cryptographically the discrete logarithm. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
-
Specification