Integrated circuit devices with steganographic authentication, and steganographic authentication methods

US 6,779,112 B1
Filed: 11/05/1999
Issued: 08/17/2004
Est. Priority Date: 11/05/1999
Status: Expired due to Term

First Claim

Patent Images

1. A smart card authentication method comprising:

selecting a set of defined commands each of which has an inherent function that is not associated with authentication;

transmitting the selected set of defined commands between a smart card and a receiving/sending unit;

receiving the transmitted commands; and

authenticating at least one of the smart card and the receiving/sending unit using the transmitted set of defined commands.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention concerns an integrated circuit (IC) device, such as smart cards, electronic wallets, PC cards, and the like, and various methods for steganographically authenticating identities and authorizing transactions based on the authenticated identities. The IC device has a memory and a processor. The IC device maintains an identity authentication table in the memory to hold an arbitrary number of identities. The identity authentication table correlates identities with authentication structures. In preferred embodiments, the authentication structures each comprise a collection of commands, such as data processing commands, that are normally associated with data handling capabilities of the IC device. The commands are arranged into unique groupings that serve to identify the identity with which they are associated. Authentication can then take place outside of detectable cryptographic protocols. That is, the authentication structures blend in with other seemingly normal data processing functions thereby reducing the chances of detection.

Citations

42 Claims

1. A smart card authentication method comprising:
- selecting a set of defined commands each of which has an inherent function that is not associated with authentication;
  
  transmitting the selected set of defined commands between a smart card and a receiving/sending unit;
  
  receiving the transmitted commands; and
  
  authenticating at least one of the smart card and the receiving/sending unit using the transmitted set of defined commands.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The smart card authentication method of claim 1, wherein the authenticating comprises determining an order of the set of defined commands, and authenticating based upon said order.
  - 3. The smart card authentication method of claim 1, wherein the authenticating comprises determining which commands are used to define the set of commands, and authenticating based upon which commands are used.
  - 4. The smart card authentication method of claim 1, wherein the authenticating comprises:
5. The smart card authentication method of claim 1, wherein the functions are associated with data handling.
6. The smart card authentication method of claim 1, wherein said transmitting further comprises transmitting at least one false cryptographic command designed to emulate an actual cryptographic operation.

7. An authentication method comprising:
- transmitting a plurality of data processing commands between a first identity that is to be authenticated and a second identity that is to authenticate the first identity, the data processing commands having an apparent data processing function and a hidden function, the apparent data processing function not being associated with authenticating the first identity, the hidden function being associated with authenticating the first identity;
  
  receiving the data processing commands; and
  
  evaluating the hidden functions of the commands to ascertain whether the first identity can be authenticated.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The authentication method of claim 7, wherein the hidden function defines a sequence of commands that are associated with the first identity.
  - 9. The authentication method of claim 7, wherein the hidden function defines command types that are associated with the first identity.
  - 10. The authentication method of claim 7, wherein the hidden function defines command types that are associated with the first identity and used in connection with a particular data object.
  - 11. The authentication method of claim 7, wherein the hidden function is selected to operate upon data in a manner that is known only to the first and second identities.
  - 12. The authentication method of claim 11, wherein operation of the hidden function is associated with particular data selected by the apparent data processing function that is associated with a hidden function.
  - 13. The authentication method of claim 7, wherein one of the first and second identities comprises a smart card.

14. An authentication method comprising:
- establishing communication between a pair of authenticatable identities, one of which is to be authenticated by the other;
  
  allocating a portion of the communication to steganographic communication; and
  
  authenticating the one identity using the steganographic portion of the communication.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
- - 15. The authentication method of claim 14 further comprising defining the steganographic portion of the communication using one or more data processing commands.
  - 16. The authentication method of claim 14 further comprising defining the steganographic portion of the communication using a plurality of data processing commands.
  - 17. The authentication method of claim 16, wherein said defining comprises arranging the data processing commands into a predefined structure, and wherein said authenticating comprises recognizing the predefined structure.
  - 18. The authentication method of claim 17, wherein the predefined structure comprises a data processing command order.
  - 19. The authentication method of claim 17, wherein the predefined structure comprises a predefined number of data processing commands.
  - 20. The authentication method of claim 17, wherein the predefined structure comprises data processing command types.
  - 21. The authentication method of claim 14, wherein one of the identities comprises a smart card.

22. An authentication method comprising:
- defining a plurality of unencrypted authentication structures, each authentication structure containing at least one command;
  
  associating each authentication structure with an identity that is to be authenticated;
  
  establishing an unencrypted dialog between a pair of identities;
  
  incorporating an authentication structure into the unencrypted dialog;
  
  evaluating the authentication structure; and
  
  authenticating an identity if the authentication structure corresponds to the identity seeking to be authenticated.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
- - 23. The authentication method of claim 22, wherein the unencrypted authentication structures comprise one or more data processing commands.
  - 24. The authentication method of claim 22, wherein the defining of the authentication structures comprise arranging a plurality of data-processing commands into defined arrangements for each authentication structure.
  - 25. The authentication method of claim 24, wherein some of the defined arrangements have different collections of data-processing commands.
  - 26. The authentication method of claim 24, wherein the defined arrangements have different sequences of data-processing commands.
  - 27. The authentication method of claim 24, wherein some of the defined arrangements different collections of data-processing commands, and all of the defined arrangements have different sequences of data-processing commands.
  - 28. The authentication method of claim 22 further comprising incorporating a false cryptographic operation into the unencrpted dialog, the false cryptographic operation being designed to emulate a real cryptographic operation.
  - 29. The authentication method of claim 22, wherein the authenticating is performed by a smart card.

30. A computer readable media having instructions stored thereon which, when executed by a computer, perform the following steps:
- transmitting a set of defined commands between a smart card and a receiving/sending unit, the defined commands having data-handling functions that are not associated with authentication, the set of defined commands having an order that is associated with one of the smart card and the receiving/sending unit;
  
  receiving the transmitted commands;
  
  recognizing the order of the set of defined commands; and
  
  authenticating at least one of the smart card and the receiving/sending unit based upon the recognized order of the set of defined commands.
- View Dependent Claims (31)
- - 31. The computer readable media of claim 30 further comprising incorporating at least one false cryptographic command into the set of defined commands, the false cryptographic command being designed to emulate an actual cryptographic operation.

32. A memory device comprising:
- a memory; and
  
  an authentication table stored in memory to hold a plurality of identities and to correlate data-processing commands with each identity, the data-processing commands for each identity having a unique identity-specific organization which, when recognized, can be used to authenticate an associated identity.
- View Dependent Claims (33, 34)
- - 33. The memory device of claim 32, wherein each identity-specific organization is embodied as a specific order of data-processing commands.
  - 34. The memory device of claim 32, wherein each identity-specific organization is embodied as a specific collection of data-processing commands.

35. The memory device of clam 32 embodied as a smart card.

36. A computer readable medium configured for use in a smart card system for authenticating a plurality of identities, the medium containing an authentication table to hold the plurality of identities and to correlate data-processing commands with each identity, the data-processing commands for each identity having a unique identity-specific organization which, when recognized, can be used to authenticate an associated identity.
- View Dependent Claims (37, 38, 39)
- - 37. The computer readable medium of claim 36 embodied on a smart card.
  - 38. The computer readable medium of claim 36, wherein each identity-specific organization is embodied as a specific order of data-processing commands.
  - 39. The computer readable medium of claim 36, wherein each identity-specific organization is embodied as a specific collection of data-processing commands.

40. A smart card comprising:
- a memory; and
  
  steganographic authentication means stored in the memory and configured for steganographically authenticating one or more authenticatable identities.
- View Dependent Claims (41, 42)
- - 41. The smart card of claim 40, wherein the steganographic authentication means comprises a collection of data processing commands.
  - 42. The smart card of claim 40, wherein the steganographic authentication means comprises a collection of data processing commands arranged into a predefined order.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Guthery, Scott B.
Primary Examiner(s)
Smithers, Matthew
Assistant Examiner(s)
Fields, Courtney D.

Application Number

US09/434,545
Time in Patent Office

1,747 Days
Field of Search

713/170, 713/193, 713/171, 713/172, 713/173, 713/174
US Class Current

713/172
CPC Class Codes

G06F 21/31   User authentication

G06F 21/42   using separate channels for...

G06F 21/556   involving covert channels, ...

G06F 21/77   in smart cards

G06F 2221/2105   Dual mode as a secondary as...

G06F 2221/2107   File encryption

G06Q 20/105   involving programming of a ...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3552   Downloading or loading of p...

G06Q 20/3674   involving authentication

G06Q 20/40975   using encryption therefor

G07F 7/08   by coded identity card or c...

G07F 7/1008   Active credit-cards provide...

G07F 7/12   Card verification

G07F 7/122   Online card verification

H04L 63/08   for authentication of entit...

H04L 9/40   Network security protocols

Integrated circuit devices with steganographic authentication, and steganographic authentication methods

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Integrated circuit devices with steganographic authentication, and steganographic authentication methods

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links