Method of generating a unique number for a smart card and its use for the cooperation of the card with a host system
First Claim
1. A method of validating access to a smart card via a reader, said card having within it a processor, and being configured with a production key PK and a distributor key MK readable by said processor, said method comprising generating by said processor of a pseudo-random unique number NU by executing the following steps:
- modulo-2 adding the keys PK and MK to obtain a key KMP;
KMP=PK ⊕
MK;
generating a unique input message ME which is modified on each specific use; and
generating said number NU by encrypting said input message ME by means of a reversible encryption algorithm ALG utilizing the key KMP;
NU=ALGKMP (ME);
then;
reading by said reader of the generated number NU; and
determining by said processor whether a response applied to the card by the reader has been correctly calculated in accordance with a predetermined function of the generated number NU.
2 Assignments
0 Petitions
Accused Products
Abstract
A smart card (1) which includes a random access memory RAM (10) and a read-only memory PROM (7) incorporating a production key (PK), a distributor key (MK), a bearer code (CP) and a serial number (NS) generates a unique number (NU) which is stored in the memory RAM (10) in the card after execution of the following steps of a program which is specific of the card:
a - modulo-2 addition and storage in the RAM (10) of the result:
PK⊕MK=KMP,
b - the encryption of a unique input message ME, generated by the card, by means of a reversible algorithm (ALG, ALB-1) using the key KMP:
NU=ALG.sub.KMP (ME).
278 Citations
14 Claims
-
1. A method of validating access to a smart card via a reader, said card having within it a processor, and being configured with a production key PK and a distributor key MK readable by said processor, said method comprising generating by said processor of a pseudo-random unique number NU by executing the following steps:
-
modulo-2 adding the keys PK and MK to obtain a key KMP;
KMP=PK ⊕
MK;generating a unique input message ME which is modified on each specific use; and generating said number NU by encrypting said input message ME by means of a reversible encryption algorithm ALG utilizing the key KMP;
NU=ALGKMP (ME);
then;reading by said reader of the generated number NU; and determining by said processor whether a response applied to the card by the reader has been correctly calculated in accordance with a predetermined function of the generated number NU. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A generator for generating a pseudo-random unique number NU for individualizing a particular access via a reader to a smart card housing said generator, said generator comprising:
-
storage means for storing a production key PK, a distributor key MK, a serial number NS, and a bearer code CP, for comparison with a bearer code CP presented by a bearer; first and second counters for containing respective counts CTRAM and CTROM; input message generating means responsive to said storage means and said first and second counters for therefrom juxtaposing said serial number NS and said counts CTRAM and CTROM to generate an input message ME; key generating means fed by said storage means for modulo-2 adding said production key PK and said distributor key MK to form a key KAC; encryption means responsive to said input message generating means and said key generating means for forming said number NU by encrypting said input message ME utilizing said key KAC; reset means for resetting said first counter to upon a setting or resetting of said card to an active state; first incrementing means for, upon each generation of the number NU, incrementing the count CTRAM of said first counter; and second incrementing means for incrementing the count CTROM of said second counter upon a specific use after each setting or resetting of the card to an active state if the bearer code CP presented by the bearer does not correspond to the bearer code CP with which said card is configured or if the first counter overflows.
-
-
12. A system for validating access to a smart card via a reader, comprising within said card:
-
storage means for storing a production key PK, a distributor key MK, a serial number NS, and a bearer code CP, for comparison with a bearer code CP presented by a bearer; a counter for containing a count CTRAM; input message generating means responsive to said storage means and said counter for therefrom juxtaposing said serial number NS and said count CTRAM to generate an input message ME; key generating means fed by said storage means for modulo-2 adding said production key PK and said distributor key MK to form a key KAC; encryption means responsive to said input message generating means and said key generating means for forming a pseudo-random unique number NU by encrypting said input message ME utilizing said key KAC; and incrementing means for, upon each formation of the number NU, incrementing the count CTRAM of said counter; means for enabling said reader to read the unique number NU formed; and means for determining whether a response applied to the card by the reader has been correctly calculated in accordance with a predetermined function of the unique number NU. - View Dependent Claims (13, 14)
-
Specification