Authenticating method between a smart card and a terminal

US 6,839,840 B1
Filed: 11/04/1999
Issued: 01/04/2005
Est. Priority Date: 11/12/1998
Status: Expired due to Fees

First Claim

Patent Images

1. An authenticating method between a memory chip card having at least one counter and a terminal, comprising the following steps:

(a) inserting the memory chip card into the terminal, (b) calculating, in the terminal, a secret code CSC₁, according to a cryptographic function F of a number of variables comprising at least a code CSN identifying the memory chip card and the value of said counter, (c) authenticating the terminal by the card when the calculated secret code CSC₁is identical to a code CSC₀recorded in a memory of the card at the end of a previous authentication operation, (d) carrying out a desired transaction and modifying the value of said counter, (e) calculating, in the terminal, a new secret code CSC₂according to the cryptographic function F of the code CSN identifying the memory chip card and the new value of said counter, (f) updating the memory chip card for the next transaction by recording, in said memory, the new secret code CSC₂calculated by the operation (e).

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention concerns a method enabling a smart card and a terminal whereto it is connected to authenticate each other. The invention is characterized in that at the end of each transaction the terminal calculates, from data representing the card at said transaction end, a secret code CSC₂which is recorded in a zone ZCSC with unprotected access in the card memory and an authentication certificate CA₂which is recorded in a zone ZCA with protected access of the memory by presenting a secret code CSC₂. At the next transaction, the terminal calculates, by means of data contained in the card, a secret code and an authentication certificate which are compared to those previously recorded to perform authentication. The invention is applicable to smart cards.

Citations

15 Claims

1. An authenticating method between a memory chip card having at least one counter and a terminal, comprising the following steps:
- (a) inserting the memory chip card into the terminal, (b) calculating, in the terminal, a secret code CSC₁, according to a cryptographic function F of a number of variables comprising at least a code CSN identifying the memory chip card and the value of said counter, (c) authenticating the terminal by the card when the calculated secret code CSC₁is identical to a code CSC₀recorded in a memory of the card at the end of a previous authentication operation, (d) carrying out a desired transaction and modifying the value of said counter, (e) calculating, in the terminal, a new secret code CSC₂according to the cryptographic function F of the code CSN identifying the memory chip card and the new value of said counter, (f) updating the memory chip card for the next transaction by recording, in said memory, the new secret code CSC₂calculated by the operation (e).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. A method according to claim 1, further including the following steps between the steps (c) and (d):
    - (x) calculating, in the terminal, an authentication certificate CA₁according to a cryptographic function G of a number of variables comprising at least the code CSN identifying the memory chip card and the value of the counter, (y) authenticating the card by the terminal when the calculated authentication certificate CA₁is identical to a certificate CA₀calculated and recorded at the end of the previous transaction, and wherein step (e) is supplemented by the step of (e′
      
      ) calculating, in the terminal, a new authentication certificate CA₂according to the cryptographic function G of the code CSN identifying the memory chip card and the new value of said counter, and wherein step (f) is supplemented by the step of (f′
      
      ) updating the memory chip card for the next transaction by recording, in the memory, the new authentication certificate CA₂calculated according to the step (e′
      
      ).
  - 3. A method according to claim 2 wherein step (b) comprises the following steps:
    - first calculating, in the terminal, a session key K_s1according to a cryptographic function F_ksof a number of variables comprising at least a parent key K_mknown by the terminal, the code CSN identifying the memory chip card and the value of said counter, next calculating, in the terminal, the secret code CSC₁according to the cryptographic function F of the session key K_s1, and wherein step (e) comprises;
      
      first calculating, in the terminal, a new session key K_s2according to the cryptographic function F_kswith the new value of said counter, next calculating, in the terminal, the new secret code CSC₂according to the cryptographic function F of the new session key K_s2.
  - 4. A method according to claim 3 wherein step (e′
    - ) includes the step of calculating the new authentication certificate CA₂according to the cryptographic function G of the new session key K_s2.
  - 5. A method according to claim 1 wherein the memory chip card comprises two counters, one counting the authentications and the other counting payment transactions, and wherein the variables of the cryptographic functions comprise the values of said counters.
  - 6. A method according to claim 1 wherein the cryptographic functions are one-way functions.
  - 7. A method according to claim 6, wherein the cryptographic functions are “
    - hashing”
      
      functions.
  - 8. A method according to claim 3, wherein step (b) comprises the following steps:
    - (b₁) reading the serial number CSN of the card, (b₂) reading the content of the counter, and (b₃) calculating the session key according to a cryptographic function F_kssuch that;
      
      Ks₁=F_ks(K_m, CSN, CTC₁).
  - 9. A method according to claim 1, wherein step (c) comprises the following steps:
    - (c₁) transmitting the secret code CSC₁to the card, (c₂) comparing, in the card, this secret code CSC₁with a secret code CSC₀recorded in the card at the end of the previous transaction with the card, and (C₃) authorizing the remainder of the operations if the comparison indicates the identity CSC₀=CSC, or refusing same if CSC₀is not equal to CSC₁.
  - 10. A method according to claim 2, wherein step (y) comprises the following steps:
    - (y₁) reading the content CA₀of a designated area of the memory of the card CM, (y₂) transmitting, to the terminal, the content CA₀of said area which corresponds to an Authentication Certificate CA₀calculated at the end of the previous transaction, (Y₃) comparing, in the terminal, the calculated Authentication Certificate CA₁with the certificate CA₀, and (y₄) authorizing the remainder of the operations if the comparison indicates the identify CA₁=CA₀.
  - 11. A method according to claim 1, wherein step (d) comprises the following steps:
    - (d₁) reading, from an area of the memory, the value BAL₀of a balance resulting from the previous transaction and a corresponding certificate CBAL₀, and (d₂) verifying that the certificate CBAL₀correctly corresponds to the result of the cryptographic function such that;
      
      CBAL₀=H(K_t, BAL₀, CSN, CTC₁), K_tbeing a transaction key, (d₃) incrementing the transaction counter to the value (CTC₁+1)=CTC₂. (d₄) recording the new balance BAL₁in said area, (d₅) calculating a Certificate CBAL₁for the new balance BAL₁such that;
      
      CBAL₁=H(K_t, BAL₁, CSN, CTC₂), and (d₆) recording CBAL₁in said area.
  - 12. A method according to claim 1 wherein step (a) also comprises a step of entering a personal code of the user.
  - 13. A method according to claim 3, wherein in step (b), one of the variables used for calculating the session key Ks₁is a personal code PIN of the user.
  - 14. A method according to claim 1 wherein step (b) comprises the following steps:
    - first calculating, in the terminal, a session key K_s1according to a cryptographic function F_ksof a number of variables comprising at least a parent key K_mknown by the terminal, the code CSN identifying the memory chip card and the value of said counter, next calculating, in the terminal, the secret code CSC₁according to the cryptographic function F of the session key K_s1, and wherein step (e) comprises;
      
      first calculating, in the terminal, a new session key K_s2according to the cryptographic function F_kswith the new value of said counter, next calculating, in the terminal, the new secret code CSC₂according to the cryptographic function F of the new session key K_s2.
  - 15. A method according to claim 14, wherein step (b) comprises the following steps:
    - (b₁) reading the serial number CSN of the card, (b₂) reading the content of the counter, and (b₃) calculating the session key according to a cryptographic function F_kssuch that;
      
      Ks₁=F_ks(K_m, CSN, CTC₁).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gemalto SA (Thales SA)
Original Assignee
Gemplus (Thales SA)
Inventors
Cooreman, Pascal
Primary Examiner(s)
Peeso, Thomas R.

Application Number

US09/831,634
Time in Patent Office

1,888 Days
Field of Search

713/172, 713/182, 713/185, 713/193, 713/200, 713/201
US Class Current

713/172
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

Authenticating method between a smart card and a terminal

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticating method between a smart card and a terminal

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links