Secure token integrated circuit and method of performing a secure authentication function or transaction

US 5,841,866 A
Filed: 09/29/1995
Issued: 11/24/1998
Est. Priority Date: 09/30/1994
Status: Expired due to Term

First Claim

Patent Images

1. A method of operating a circuit which includes the steps of accepting a challenge and a command, generating a first response to the challenge using a first algorithm which operates on at least the challenge and a secret key derived from information relating to the circuit and generating the first response only if the command is successfully carried out.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of operating a circuit such as an integrated circuit carried on a plastic card which includes the steps of accepting a challenge, and generating a first response to the challenge using a first algorithm which operates on at least the challenge and a secret key derived from information relating to the circuit. The challenge may be generated, and accepted, by the circuit, with a corresponding challenge being generated externally of the circuit. Alternatively, the challenge is generated externally of the circuit and is then accepted by the circuit. A token count may be stored in the circuit and the first response is generated if a decrement command is successfully carried out on the token count.

Citations

50 Claims

1. A method of operating a circuit which includes the steps of accepting a challenge and a command, generating a first response to the challenge using a first algorithm which operates on at least the challenge and a secret key derived from information relating to the circuit and generating the first response only if the command is successfully carried out.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. A method according to claim 1 wherein the challenge is generated, and accepted, by the circuit, and a corresponding challenge is generated externally of the circuit.
  - 3. A method according to claim 2 wherein the challenge is generated by a counter means in the circuit.
  - 4. A method according to claim 3 wherein the counter means is controlled at least partly by means which is external to the circuit.
  - 5. A method according to claim 1 wherein the challenge is generated externally of the circuit and is then accepted by the circuit.
  - 6. A method according to claim 5 wherein the challenge includes at one of the following:
    - a number which is at least partly random, a command, and data relating to the circuit.
  - 7. A method according to claim 1 wherein the information relating to the circuit is circuit identity information.
  - 8. A method according to claim 1 which includes the step of transmitting the first response to a terminal which is external to the circuit.
  - 9. A method according to claim 8 which includes the step, at the terminal, of generating a second response using at least data, relating to the circuit, obtained from the first response.
  - 10. A method according to claim 9 wherein the second response is generated by the operation of the first algorithm on the challenge and on a second key derived at least from the said obtained data.
  - 11. A method according to claim 10 wherein the second key is derived the operation of a second algorithm on the said information relating to the circuit and on an issuer'"'"'s key which is stored at the terminal.
  - 12. A method according to claim 9 which includes the steps of comparing the second response to the first response and, depending on the outcome of the comparison, of validating or rejecting the first response.
  - 13. A method according to claim 1 which includes the step of storing a token count in the circuit.
  - 14. A method according to claim 13 which includes the steps of accepting a token count decrement command and only generating the said first response if the token decrement command is successfully carried out.
  - 15. A method according to claim 1 wherein the circuit is an integrated circuit.
  - 16. A method according to claim 15 wherein the integrated circuit is carried on a card.

17. A method of programming a circuit which includes the steps of:
- storing in the circuit a secret transport code which is not readable from outside the circuit;
  
  presenting a transport code to the circuit;
  
  comparing the presented transport code to the secret transport code and, if the presented transport code is acceptable, carrying out at least one of the following;
  
  storing application specific information in the circuit;
  
  storing a token counter value in the circuit;
  
  storing in the circuit a secret derived key which is derived using information specific to the circuit and a user defined function; and
  
  replacing the secret transport code with a derived validation key.
- View Dependent Claims (18)
- - 18. A method according to claim 17 wherein the information which is specific to the circuit is a serial number.

19. A method of operating a circuit which includes the steps of:
- presenting the circuit to a terminal, accepting a challenge and a command, generating a first response to the challenge using a first algorithm which operates on at least the challenge and a secret key derived from information relating to the circuit, and generating the first response only if the command is successfully carried out.
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. A method to claim 19 wherein the challenge is generated, and accepted, by the circuit, and a corresponding challenge is generated by the terminal.
  - 21. A method according to claim 19 wherein the challenge is generated by the terminal and is then accepted by the circuit.
  - 22. A method according to claim 19 which includes the stop of transmitting the first response to the terminal.
  - 23. A method according to claim 22 which includes the step, at the terminal, of generating a second response by the operation of the first algorithm on the challenge and on a second key which is derived by the operation of a second algorithm on the said information relating to the circuit and an issuer'"'"'s key which is stored at the terminal.
  - 24. A method according to claim 23 which includes the steps of comparing the second response to the first response and, depending on the outcome of the comparison, of validating or rejecting the first response.
  - 25. A method according to claim 19 which includes the steps of storing a token count in the circuit, issuing a token count decrement command from the terminal to the circuit, and only generating the said first response if the token decrement command is successfully carried out.

26. A method of operating a token card which includes the steps of:
- (a) on the card, storing a card serial number, a token count and a first secret key derived from at least the card serial number;
  
  (b) at a terminal, storing a card issuer'"'"'s key;
  
  (c) presenting the card to the terminal;
  
  (d) at the terminal, reading the card serial number, and issuing to the card a challenge and a token count decrement command;
  
  (e) on the card, if the token count decrement command is successfully carried out, operating a first algorithm on the first secret key and the challenge to produce a first response;
  
  (f) transferring the first response to the terminal;
  
  (g) at the terminal, operating the first algorithm on the challenge and on a second key derived from at least the card issuer'"'"'s key and information obtained from the transferred first response, to produce a second response; and
  
  (h) at the terminal, comparing the transferred first response to the second response.
- View Dependent Claims (27, 28)
- - 27. A method according to claim 26 wherein the second key is produced by the operation of a second algorithm on the card issuer'"'"'s key and on the card serial number extracted from the said information obtained from the transferred first response.
  - 28. A method according to claim 26 which includes the stop of accepting the card and the token transaction as valid if the transferred first response is successfully compared to the second response.

29. A circuit which includes means for accepting a challenge and a command, means for generating a first response to the challenge using a first algorithm which operates on at least the challenge and a secret key derived from information relating to the circuit, and means for generating the first response only if the command is successfully carried out.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 30. A circuit according to claim 29 which includes means for generating the challenge.
  - 31. A circuit according to claim 30 wherein the challenge generating means includes counter means.
  - 32. A circuit according to claim 31 wherein the counter means is controlled at least partly by means which is external to the circuit.
  - 33. A circuit according to claim 29 wherein the challenge includes at least one of the following:
    - a number which is at least partly random, a command, and data relating to the circuit.
  - 34. A circuit according to claim 29 wherein the information relating to the circuit is a serial number.
  - 35. A circuit according to claim 29 which includes means for transmitting the first response to a terminal.
  - 36. A circuit according to claim 29 which includes means for storing a token count.
  - 37. A circuit according to claim 36 which includes means for receiving a token count decrement command and control means for generating the said first response only if the token decrement command is successfully carried out.
  - 38. A circuit according to claim 29 which is an integrated circuit.
  - 39. A circuit according to claim 38 wherein the integrated circuit is carried on a card.

40. A method of operating a circuit, the method including the steps of:
- programming a token counter;
  
  programming a serial number;
  
  deriving a secret key from the serial number and storing the secret key;
  
  submitting a challenge and a command to the circuit;
  
  the circuit responding to the challenge in a secret manner using at least one of the following;
  
  the token counter;
  
  the secret key;
  
  an encoding algorithm; and
  
  information relating to the circuit;
  
  executing the command; and
  
  producing a response that is evaluated to present an indication of validity.
- View Dependent Claims (41, 42, 43, 44)
- - 41. A method according to claim 40 which includes the steps of including in the challenge a command and a count, deducting the count from the token counter, and calculating a response using the new token counter value.
  - 42. A method according to claim 40 which includes the step of controlling a second counter from a terminal, the second counter controlling the challenge.
  - 43. A method according to claim 41 which includes the step of controlling a second counter from a terminal, the second counter controlling the challenge.
  - 44. A method according to claim 40 which includes the step of storing the challenge in memory until the next time a challenge is submitted to the circuit.

45. A circuit which includes:
- means for programming a token counter with a value;
  
  means for programming a serial number;
  
  means for deriving a secret key from the serial number;
  
  means for storing the secret key;
  
  means for accepting a challenge and a command;
  
  means for responding to the challenge in a secret manner using at least one of the following;
  
  the token counter;
  
  the secret key;
  
  an encoding algorithm; and
  
  information relating to the circuit;
  
  means for executing the command; and
  
  means for producing a response that is evaluated to present an indication of validity.
- View Dependent Claims (46, 47, 48)
- - 46. A circuit according to claim 45 which includes means for extracting a count from the challenge, means for deducting the count from a value in the token counter to produce a new token value, and means for calculating a response using the new token counter value.
  - 47. A circuit according to claim 45 which includes means for accepting a count, from a terminal, which controls the challenge.
  - 48. A circuit according to claim 45 produced as an integrated circuit, which is bonded on a card to form a secure token card.

49. A method of performing a transaction on a circuit which includes the steps of:
- (a) presenting the circuit to a terminal;
  
  (b) transferring a challenge and a decrement command from the terminal to the circuit;
  
  (c) implementing the decrement command on the circuit;
  
  (d) if the decrement command has been successfully implemented, transferring a response from the circuit to the terminal;
  
  (e) validating the response; and
  
  (f) if the response is valid, accepting the transaction.

50. A circuit which includes:
- first storage means for storing a serial number;
  
  second storage means for storing a secret derived key derived from the serial number, an issuer'"'"'s key and a first encoding function;
  
  token counter means;
  
  interface means for receiving a challenge and a decrement command;
  
  means for decrementing a count in the token counter means in response to the decrement command;
  
  means, in response to a successful count decrement, for producing an encoded value, from the secret derived key, the challenge and a second encoding function;
  
  means for providing an encoded response based on the challenge, a key, an algorithm and information on the circuit; and
  
  means for presenting the encoded value to the interface means.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microchip Technology Incorporated
Original Assignee
Microchip Technology Incorporated
Inventors
Bruwer, Frederick Johannes, Pretorius, Pieter Jacobus, Dippenaar, Theodor Johannes
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US08/537,292
Time in Patent Office

1,152 Days
Field of Search

380/23, 380/25
US Class Current

705/66
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3672   initialising or reloading t...

G06Q 20/4097   using mutual authentication...

G07F 7/082   Features insuring the integ...

G07F 7/0866   by active credit-cards adap...

G07F 7/1008   Active credit-cards provide...

Secure token integrated circuit and method of performing a secure authentication function or transaction

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

50 Claims

Specification

Solutions

Use Cases

Quick Links

Secure token integrated circuit and method of performing a secure authentication function or transaction

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

50 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links