Payment smart cards with hierarchical session key derivation providing security against differential power analysis and other attacks

US 7,941,666 B2
Filed: 03/24/2003
Issued: 05/10/2011
Est. Priority Date: 07/02/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method for cryptographically authenticating a payment transaction conducted by a chip card configured for use with a compatible transaction verifier, comprising the steps performed by said chip card of:

(a) retrieving from a nonvolatile memory in said chip card a transaction counter, and an intermediate key state corresponding to said transaction counter;

(b) deriving a new intermediate key by applying a cryptographic update operation;

(i) thereby preventing partial information about a plurality of predecessor intermediate keys from being combined to determine said new intermediate key;

(c) incrementing said transaction counter and updating said intermediate key state in said nonvolatile memory;

(d) using said new intermediate key to compute a cryptographic value authenticating at least an amount of a payment transaction; and

(e) outputting to an external device said transaction counter and said cryptographic authentication value;

where said transaction verifier, with knowledge of said counter and an initial key state for said chip card, will re-derive said new intermediate key used by said chip card in (d) by applying one or more key transformation steps, the maximum number of such step(s) depending logarithmically on a maximum value for said transaction counter.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Chip cards are used to secure credit and debit payment transactions. To prevent fraudulent transactions, the card must protect cryptographic keys used to authenticate transactions. In particular, cards should resist differential power analysis and/or other attacks. To address security risks posed by leakage of partial information about keys during cryptographic transactions, cards may be configured to perform periodic cryptographic key update operations. The key update transformation prevents adversaries from exploiting partial information that may have been leaked about the card'"'"'s keys. Update operations based on a hierarchical structure can enable efficient transaction verification by allowing a verifying party (e.g., an issuer) to derive a card'"'"'s current state from a transaction counter and its initial state by performing one operation per level in the hierarchy, instead of progressing through all update operations performed by the card.

225 Citations

22 Claims

1. A method for cryptographically authenticating a payment transaction conducted by a chip card configured for use with a compatible transaction verifier, comprising the steps performed by said chip card of:
- (a) retrieving from a nonvolatile memory in said chip card a transaction counter, and an intermediate key state corresponding to said transaction counter;
  
  (b) deriving a new intermediate key by applying a cryptographic update operation;
  
  (i) thereby preventing partial information about a plurality of predecessor intermediate keys from being combined to determine said new intermediate key;
  
  (c) incrementing said transaction counter and updating said intermediate key state in said nonvolatile memory;
  
  (d) using said new intermediate key to compute a cryptographic value authenticating at least an amount of a payment transaction; and
  
  (e) outputting to an external device said transaction counter and said cryptographic authentication value;
  
  where said transaction verifier, with knowledge of said counter and an initial key state for said chip card, will re-derive said new intermediate key used by said chip card in (d) by applying one or more key transformation steps, the maximum number of such step(s) depending logarithmically on a maximum value for said transaction counter.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 where said cryptographic update operation includes at least one block cipher operation.
  - 3. The method of claim 2 where said cryptographic update operation includes a plurality of DES block cipher operations.
  - 4. The method of claim 3 where:
    - (i) said intermediate key state includes at least two components;
      
      (ii) said cryptographic update operation is configured such that its repeated application to an initial intermediate key state causes each updated component to be a cryptographic combination of all components of said initial intermediate key state.
  - 5. The method of claim 1 where said update operation includes (i) computing at least one inverse transformation operation to derive a predecessor intermediate key, then (ii) using said predecessor intermediate key and said transaction counter to produce said new intermediate key.
  - 6. The method of claim 5 where said update operation includes using said transaction counter to select a sequence of forward transformation operations.
  - 7. The method of claim 1 where said update operation includes (i) retrieving at least one predecessor intermediate key from said nonvolatile memory, then (ii) using said predecessor intermediate key and said transaction counter to produce said new intermediate key.
  - 8. The method of claim 7 where said update operation includes using said transaction counter to select a sequence of forward transformation operations.
  - 9. The method of claim 1 where said update operation includes using said transaction counter to select a forward transformation operation chosen from at least two predetermined forward transformation operations.
  - 10. The method of claim 9 where said selected forward transformation operation is chosen from two predetermined forward transformation operations.

11. A method for authenticating chip card transactions, comprising the steps of:
- (a) retrieving a transaction counter and a stored intermediate key state from a nonvolatile memory in said chip;
  
  (b) applying a hierarchical key update operation to said intermediate key state to produce a successor intermediate key state from among a sequence of intermediate key states, where;
  
  (i) said sequence includes a hierarchy of successive levels, where each lower level of said hierarchy contains at least twice as many keys as each predecessor level;
  
  (ii) each key in each said lower level is a predetermined function of at least one parent key in at least one said predecessor level;
  
  (iii) said key update operation includes (A) obtaining at least one parent key to a key included in said stored intermediate key state, (B) applying a key update transformation to derive a new lower-level key from said at least one parent key;
  
  (c) updating said intermediate key state in said nonvolatile memory with a result of said key update operation;
  
  (d) using said updated intermediate key state to compute a value cryptographically authenticating a transaction involving said chip card;
  
  (e) transmitting said cryptographic authentication value to a third party for verification.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The method of claim 11 where said key update transformation depends on said transaction counter.
  - 13. The method of claim 12 where said key update transformation includes using a DES block cipher operation to transform said at least one parent key.
  - 14. The method of claim 12 where said step of obtaining said at least one parent key includes deriving at least one said parent key from said retrieved intermediate key state.
  - 15. The method of claim 12 where said step of obtaining said parent key includes retrieving said parent key from a nonvolatile memory.
  - 16. The method of claim 12 further comprising:
    - (a) said chip card transmitting said transaction counter and said cryptographic authentication result to an external authentication service;
      
      (b) said authentication service obtaining an initial key state;
      
      (c) said authentication service deriving a key state corresponding to said transaction counter by using said transaction counter to apply a plurality of key update transformations to said initial key state, where the maximum number of key update transformations corresponds to the number of said key levels; and
      
      (d) said authentication service using said derived key state to authenticate said transaction.
  - 17. The method of claim 16 where said transaction is a credit card payment.
  - 18. The method of claim 11 where said cryptographic authentication value is derived from a key derived from said intermediate key state.

19. A chip card for cryptographically authenticating a payment transaction conducted by said chip card configured for use with a compatible transaction verifier, said chip card comprising:
- (a) a microprocessor;
  
  (b) a nonvolatile memory including a transaction counter, and an intermediate key state corresponding to said transaction counter;
  
  (c) a memory containing program logic configured;
  
  (i) to retrieve from said nonvolatile memory said transaction counter and said intermediate key state;
  
  (ii) to derive a new intermediate key by applying a cryptographic update operation;
  
  (A) thereby preventing partial information about a plurality of predecessor intermediate keys from being combined to determine said new intermediate key;
  
  (iii) to increment said transaction counter and updating said intermediate key state in said nonvolatile memory;
  
  (iv) to use said new intermediate key to compute a cryptographic value authenticating at least an amount of a payment transaction; and
  
  (v) to output to an external device said transaction counter and said cryptographic authentication value;
  
  where said transaction verifier, with knowledge of said counter and an initial key state for said chip card, will re-derive said new intermediate key used by said chip card in (iv) by applying one or more key transformation steps, the maximum number of such step(s) depending logarithmically on a maximum value for said transaction counter.

20. A computer-readable medium for cryptographically authenticating a payment transaction conducted by a chip card configured for use with a compatible transaction verifier, said chip card comprising:
- (a) a microprocessor;
  
  (b) a nonvolatile memory including a transaction counter, and an intermediate key state corresponding to said transaction counter;
  
  (c) a memory containing program logic configured;
  
  (i) to retrieve from said nonvolatile memory said transaction counter and said intermediate key state;
  
  (ii) to derive a new intermediate key by applying a cryptographic update operation;
  
  (A) thereby preventing partial information about a plurality of predecessor intermediate keys from being combined to determine said new intermediate key;
  
  (iii) to increment said transaction counter and updating said intermediate key state in said nonvolatile memory;
  
  (iv) to use said new intermediate key to compute a cryptographic value authenticating at least an amount of a payment transaction; and
  
  (v) to output to an external device said transaction counter and said cryptographic authentication value;
  
  where said transaction verifier, with knowledge of said counter and an initial key state for said chip card, will re-derive said new intermediate key used by said chip card in (iv) by applying one or more key transformation steps, the maximum number of such step(s) depending logarithmically on a maximum value for said transaction counter.

21. An automated method for authenticating a chip card transaction, comprising the steps of:
- (a) receiving a transaction counter and a cryptographic value purporting to authenticate said transaction;
  
  (b) obtaining an initial key corresponding to said chip card;
  
  (c) applying a plurality of key update transformations determined by said transaction counter to produce an intermediate key; and
  
  (d) using said intermediate key to determine the validity of said cryptographic value;
  
  where the maximum number of key update operations depends logarithmically on a maximum value for said transaction counter.
- View Dependent Claims (22)
- - 22. The method of claim 21 where said transaction is a payment transaction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cryptography Research, Inc. (Rambus Inc.)
Original Assignee
Cryptography Research, Inc. (Rambus Inc.)
Inventors
Kocher, Paul C.
Primary Examiner(s)
Dada; Beemnet W

Application Number

US10/396,975
Publication Number

US 20030188158A1
Time in Patent Office

2,969 Days
Field of Search

713/161, 713/172, 713/167, 713/193, 380/1, 380/44, 380/260, 380/262, 380/277, 380/26, 380/45, 705/66, 705/67, 705/68, 705/75
US Class Current

713/172
CPC Class Codes

G06F 2207/7219   Countermeasures against sid...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

H04L 9/003   for power analysis, e.g. di...

H04L 9/0625   with splitting of the data ...

H04L 9/0891   Revocation or update of sec...

Payment smart cards with hierarchical session key derivation providing security against differential power analysis and other attacks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

225 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Payment smart cards with hierarchical session key derivation providing security against differential power analysis and other attacks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

225 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links