Multiple-use smart card with security features and method

US 20030196106A1
Filed: 04/12/2002
Published: 10/16/2003
Est. Priority Date: 04/12/2002
Status: Active Grant

First Claim

Patent Images

1. A smart card comprising:

a processor for processing data;

input/output apparatus operably connected to the processor for communicating with a reader/writer station for any of a plurality of data user groups; and

memory for storing information, the memory being operably connected with the processor to transfer stored information permitting an algorithm to verify the identity of a proper user and refuse use by other users, the memory simultaneously providing information for verifying the user'"'"'s membership in or lack of membership in any of the plurality of data user groups and correspondingly allowing or refusing access to the data of a particular one of the plurality of data user groups according to the algorithm, the algorithm being at least partially included in the memory and providing in each instance a plurality of types of cryptographic security for the data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A smart card is adapted to partially include and employ a triply-secure algorithm for data exchange. The algorithm verifies a user'"'"'s identity and his simultaneous membership in any groups that he has joined. For this purpose, the algorithm requires only a single insertion of the smart card and only a single input of the user'"'"'s personal identification number. The algorithm can be used in smart cards or in computer networks for identity verification and membership proof. A combination of three different hard problems is used. The first one is based on integer factorization, such as the RSA authenticating technique, and the second one is based on a discrete logarithm, and the third one is based on the coefficients of a polynomial function. In a typical application using smart cards, a certification authority (CA) establishes requirements for preparation and issuance of a multi-purpose card.

Citations

13 Claims

1. A smart card comprising:
- a processor for processing data;
  
  input/output apparatus operably connected to the processor for communicating with a reader/writer station for any of a plurality of data user groups; and
  
  memory for storing information, the memory being operably connected with the processor to transfer stored information permitting an algorithm to verify the identity of a proper user and refuse use by other users, the memory simultaneously providing information for verifying the user'"'"'s membership in or lack of membership in any of the plurality of data user groups and correspondingly allowing or refusing access to the data of a particular one of the plurality of data user groups according to the algorithm, the algorithm being at least partially included in the memory and providing in each instance a plurality of types of cryptographic security for the data.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The smart card according to claim 1, wherein the included portion of the algorithm requires only one personal identification number for use for all of the plurality of data user groups.
  - 3. The smart card according to claim 2, wherein the processor is adapted to communicate with any of a plurality of external entities containing other portions of the algorithm, the algorithm together including a first module that is a function of a number y that contains some of the smart card user'"'"'s personal information, the first module being the included portion stored in the memory on the smart card, a second module that includes a function of y and some parameters established by a certification authority and that is stored separately in the smart card, and a third module that includes a polynomial function f (x) established by the certification authority and that is stored separately in the smart card.
  - 4. The smart card according to claim 3, wherein the algorithm includes a fourth module that is a record of the user'"'"'s membership in a group, said fourth module including a function that includes parameters from each of the first, second, and third modules.
  - 5. The smart card according to claim 4, wherein the algorithm triggers validation procedures including consistency checks for identity and membership in an appropriate reader and upon request by the user for use in any of a plurality of groups.

6. A multi-purpose end-user authentication method that can provide cryptographically strong security, including services of strong authentication of a user'"'"'s membership in a group upon request for use and strong verification of the user'"'"'s identity, in which security of the authentication and the verification is based on a plurality of types of cryptographic security, the method comprising:
- invoking an integer factorization system in at least one of the services of authentication of the user'"'"'s membership in the group and verification of the user'"'"'s identity;
  
  employing cryptographically a discrete logarithm in at least one of the services of authentication of the user'"'"'s membership in the group and verification of the user'"'"'s identity; and
  
  using cryptographically coefficients of a polynomial f (x) in cooperation with at least one of the steps of invoking the integer factorization system and of employing cryptographically the discrete logarithm.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
- - 7. The multi-purpose end-user authentication method according to claim 6, wherein a user requests use by presenting a card having data encrypted therein relating to his identity and to his membership in multiple data user groups.
  - 8. The multi-purpose end-user authentication method according to claim 7, wherein the strong identity verification uses a hard problem that requires zero knowledge proof.
  - 9. The multi-purpose end-user authentication method according to claim 7, wherein the strong user membership authentication via one of the invoking and employing steps authenticates membership in a plurality of groups to which the card can provide access in response to a single input of a user'"'"'s personal identification number.
  - 10. The multi-purpose end-user authentication method according to claim 6, wherein the steps respond to an interfacing smart card including a first module that is a function of a number y that contains some of the smart card user'"'"'s personal information and a second module that includes a function of y and of some of the parameters of the integer factorization system that is established by a certification authority, and a third module that includes another function of the integer factorization system established by the certification authority, the method initiating, upon request, validation procedures including consistency checks with respect to identity of the user.
  - 11. The multi-purpose end-user authentication method according to claim 10, wherein the algorithm includes a fourth module that is a record of the user'"'"'s membership in a group, said fourth module including a function that includes parameters from each of the first, second, and third modules, the algorithm initiating, upon request, validation procedures including consistency checks both with respect to identity and with respect to membership in one or more groups without a further insertion of a card.
  - 12. The multi-purpose end-user authentication method according to claim 8, wherein the algorithm is adapted with a plurality of hard problems to permit the card to provide access in response to a single input of the user'"'"'s personal identification number.
  - 13. The multi-purpose end-user authentication method according to claim 6, wherein the step of invoking an integer factorization system comprises employing an RSA system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lucent Technologies, Inc. (Nokia Corporation)
Original Assignee
Lucent Technologies, Inc. (Nokia Corporation)
Inventors
Ren, Jian, Erfani, Shervin

Granted Patent

US 6,708,893 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

Multiple-use smart card with security features and method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Multiple-use smart card with security features and method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links