Transaction verification protocol for smart cards
First Claim
1. A method of performing, in a communication system, a first transaction between a first participant device comprising a first processing unit performing cryptographic operations and a second participant device performing cryptographic operations wherein said second participant device permits a service to be provided to said first participant device to complete said first transaction and is enabled to obtain payment from a third participant in a second transaction, said method performed by said first processing unit and comprising:
- verifying a digitally signed message from said second participant device, said digitally signed message comprising an identifier of said second participant device;
generating a digital signature using an anomalous elliptic curve scheme involving two exponentiations by performing;
generating a first value comprising a first random bit string and a second value comprising a second random bit string wherein said second value is required by said third participant to complete said second transaction; and
generating said digital signature comprising a first signature component encrypting said first value with said identifier of said second participant device and a second signature component generated using a hash, said hash being generated using said second value;
providing said first signature component and second signature component and said hash to said second participant device, for decryption of said first signature component using said second signature component and said hash, and for extraction of said first value from said first signature component;
receiving said extracted first value from said second participant device and verifying that said extracted first value received from said second participant device is equal to said first value originally generated by said first processing unit; and
authenticating said second participant device by determining that said extracted first value received from said second participant device is equal to said first value originally generated by said first processing unit, said first processing unit completing said first transaction by providing said second value to said authenticated second participant device and thereby obtaining said service, whereupon said authenticated second participant device completes said second transaction by providing said second value, received from said first processing unit, to said third participant.
1 Assignment
0 Petitions
Accused Products
Abstract
A protocol appropriate for smartcard purchase applications such as those that might be completed between a terminal or ATM and a users personal card is disclosed The protocol provides a signature scheme which allows the card to authenticate the terminal without unnecessary signature verification which is an computationally intense operation for the smart card. The only signature verification required is that of the terminal identification (as signed by the certifying authority, or CA, which is essential to any such protocol). In the preferred embodiment, the protocol provides the card and terminal from fraudulent attacks from impostor devices, either a card or terminal.
27 Citations
56 Claims
-
1. A method of performing, in a communication system, a first transaction between a first participant device comprising a first processing unit performing cryptographic operations and a second participant device performing cryptographic operations wherein said second participant device permits a service to be provided to said first participant device to complete said first transaction and is enabled to obtain payment from a third participant in a second transaction, said method performed by said first processing unit and comprising:
-
verifying a digitally signed message from said second participant device, said digitally signed message comprising an identifier of said second participant device; generating a digital signature using an anomalous elliptic curve scheme involving two exponentiations by performing; generating a first value comprising a first random bit string and a second value comprising a second random bit string wherein said second value is required by said third participant to complete said second transaction; and generating said digital signature comprising a first signature component encrypting said first value with said identifier of said second participant device and a second signature component generated using a hash, said hash being generated using said second value; providing said first signature component and second signature component and said hash to said second participant device, for decryption of said first signature component using said second signature component and said hash, and for extraction of said first value from said first signature component; receiving said extracted first value from said second participant device and verifying that said extracted first value received from said second participant device is equal to said first value originally generated by said first processing unit; and authenticating said second participant device by determining that said extracted first value received from said second participant device is equal to said first value originally generated by said first processing unit, said first processing unit completing said first transaction by providing said second value to said authenticated second participant device and thereby obtaining said service, whereupon said authenticated second participant device completes said second transaction by providing said second value, received from said first processing unit, to said third participant. - View Dependent Claims (2, 3, 4)
-
-
5. A device for performing, in a communication system, a first transaction between a first participant and a second participant, wherein said second participant permits a service to be provided to said first participant to complete said first transaction and is enabled to obtain payment from a third participant in a second transaction, said device being located at said first participant, said device being configured for communicating with said second participant, and said device comprising a processing unit configured for:
-
verifying a digitally signed message from said second participant, said digitally signed message comprising an identifier of said second participant; generating a digital signature using an anomalous elliptic curve scheme involving two exponentiations by; generating a first value comprising a first random bit string and a second value comprising a second random bit string, wherein said second value is required by said third participant to complete said second transaction; and generating said digital signature comprising a first signature component encrypting said first value and said identifier of said second participant and a second signature component generated using a hash, said hash being generated using said second value; providing said first signature component and second signature component and said hash to said second participant, for decryption of said first signature component using said second signature component and said hash, and for extraction of said first value from said first signature component; receiving said extracted first value from said second participant and verifying that said extracted first value received from said second participant is equal to said first value originally generated by said first participant device; and authenticating said second participant by determining that said extracted first value received from said second participant is equal to said first value originally generated by said processing unit, completing said first transaction by providing said second value to said authenticated second participant thereby obtaining said service from said second processing device, and said authenticated second participant completing said second transaction by providing said second value, received from the first participant to said third participant. - View Dependent Claims (6, 7)
-
-
8. A method of performing, in a communication system, a first transaction between a first participant device and a second participant device comprising a second processing unit, wherein said second participant device permits a service to be provided to said first participant device to complete said first transaction, and is enabled to obtain payment from a third participant in a second transaction, said method comprising:
-
said second processing unit obtaining a signature and a hash from said first participant device, said signature comprising a first signature component encrypting a first value and a second signature component generated using said hash, said hash being generated using a second value, said signature encrypted using an anomalous elliptic curve scheme; said second processing unit extracting said first value from said first signature component using said second signature component and said hash; said second participant device authenticating itself to said first participant device by sending said first value extracted from said first signature component to said first participant device; after being authenticated by said first participant device upon said first participant device determining that said first value extracted from said first signature component and returned to said first participant device is equal to said first value originally encrypted in said first signature component, said second participant device receiving said second value from said first participant device, completing said first transaction, for providing to said third participant; and said second participant device permitting said service to be provided to said first participant device to complete said first transaction, and completing said second transaction by providing said second value to said third participant. - View Dependent Claims (9, 10)
-
-
11. A device for performing, in a communication system, a first transaction between a first participant and a second participant wherein said second participant permits a service to be provided to said first participant to complete said first transaction, and is enabled to obtain payment from a third participant in a second transaction, said device being located at said second participant, said device being configured for communicating with said first participant, and said device comprising a processing unit configured for:
-
obtaining a signature and a hash from said first participant, said signature encrypted using an anomalous elliptic curve scheme and comprising a first signature component encrypting a first value and a second signature component generated using said hash, said hash being generated using a second value; extracting said first value from said first signature component using said second signature component and said hash; sending said extracted first value extracted from said first signature component to said first participant to authenticate said device to said first participant; and after said first participant determines that said extracted first value extracted from said first signature component and returned to said first participant is equal to said first value originally encrypted in said first signature component, receiving said second value from said first participant for providing to said third participant; and permitting said service to be provided to said first participant, thus completing said first transaction, and providing said second value, to said third participant, thus completing said second transaction. - View Dependent Claims (12, 13, 14)
-
-
15. A method of performing a first transaction in a communication system between a first participant device comprising a first processing unit and a second participant device comprising a second processing unit, wherein said second participant device permits a service to be provided to said first participant device to complete said first transaction, and is enabled to obtain payment from a third participant in a second transaction, said method comprising:
-
said first processing unit verifying a digitally signed message from said second participant device, said digitally signed message comprising an identifier of said second participant device; said first processing unit generating a digital signature using an anomalous elliptic curve scheme involving two exponentiations by performing; generating a first value comprising a first random bit string and a second value comprising a second random bit string wherein said second value is required by said third participant to complete said second transaction; and said first processing unit generating said digital signature comprising a first signature component encrypting said first value and a second signature component generated using a hash, said hash generated using said second value; said first participant device providing said first signature component and second signature component and said hash to said second participant device; said second processing unit decrypting said first signature component and extracting said first value from said first signature component using said second signature component and said hash; said second participant device authenticating itself to said first participant device by sending said extracted first value extracted from said first signature component to said first participant device; said first processing unit receiving said extracted first value extracted from said first signature component and returned by said second participant device and verifying that said extracted first value extracted from said first signature component and returned by said second participant is equal to said first value originally generated by said first processing unit; said first processing unit authenticating said second participant device by determining that said extracted first value extracted from said first signature component and returned by said second participant device is equal to said first value originally generated by said first processing unit, said first participant device completing said first transaction by providing said second value to said authenticated second participant device and thereby obtaining said service; and said authenticated second participant device permitting said service to be provided to said first participant device and completing said second transaction by providing said second value to said third participant. - View Dependent Claims (16, 17)
-
-
18. A system for performing a first transaction between a first participant and a second participant, wherein said second participant permits a service to be provided to said first participant, to complete said first transaction, and is enabled to obtain payment from a third participant to complete a second transaction, said system comprising a first participant device comprising a first processing unit and a second participant device comprising a second processing unit configured to communicate with each other, said system being configured for:
-
said first processing unit verifying a digitally signed message from said second participant device, said digitally signed message comprising an identifier of said second participant device; said first processing unit generating a digital signature using an anomalous elliptic curve scheme involving two exponentiations by performing; generating a first value and a second value wherein said second value is required by said third participant to complete said second transaction; and generating said digital signature comprising a first signature component encrypting said first value and a second signature component generated using a hash, said hash generated using said second value; said first participant device providing said first signature component and second signature component and said hash to said second participant device; said second processing unit decrypting said first signature component and extracting said first value from said first signature component using said second signature component and said hash; said second participant device sending said first value extracted from said first signature component to said first participant device; said first processing unit receiving said first value extracted from said first signature component and returned by said second participant device and verifying that said first value extracted from said first signature component and returned by said second participant is equal to said first value originally generated by said first processing unit; said first processing unit authenticating said second participant by determining that said first value extracted from said first signature component and returned by said second participant is equal to said first value originally generated by said first processing unit, said first participant device completing said first transaction by providing said second value to said authenticated second participant device and thereby obtaining said service; and said second participant device permitting said service to be provided to said first participant device and completing said second transaction by providing said second value, received from said first processing unit, to said third participant. - View Dependent Claims (19, 20)
-
-
21. A method of performing, in a communication system, a first transaction between a first participant device comprising a first processing unit and a second participant device, wherein said second participant device permits a service to be provided to said first participant device to complete said first transaction, and is enabled to obtain payment from a third participant in a second transaction, said method comprising:
-
upon initiation of said transaction by said first participant device, said first participant device receiving from said second participant device, a first message including information pertaining to said second participant device; said first processing unit verifying said information pertaining to said second participant device; said first processing unit generating a digital signature using an anomalous elliptic curve scheme involving two exponentiations by performing; generating a first value and a second value; preparing a second message comprising said first value; and preparing a digital signature comprising a first signature component encrypting said second message and a second signature component generated using a hash, said hash generated using said second value; said first participant device sending said first signature component and second signature component, said hash and information pertaining to said first participant device to said second participant device, whereupon said second participant device decrypts said first signature component using said second signature component and said hash and extracts said first value from said first signature component; said first processing unit receiving said extracted first value from said second participant device to acknowledge provision of said service; and said first processing unit authenticating said second participant device by verifying said extracted first value received from said second participant device is equal to said first value originally generated by said first processing unit, and completing said first transaction by sending said second value to said authenticated second participant device thereby obtaining said service and completing said second transaction by providing to said second value to said third participant. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
-
-
29. A system for performing a first transaction between a first and second participant wherein said second participant permits a service to be provided to said first participant to complete said first transaction, and is enabled to obtain payment from a third participant in a second transaction, said system comprising at least a first participant device, said first participant device having a cryptographic processor that is configured for;
-
upon initiation of said transaction, receiving from a second participant device, a first message including information comprising an identifier of said second participant device; verifying said information pertaining to said second participant device by decrypting said first message; generating a digital signature using an anomalous elliptic curve scheme involving two exponentiations by performing; generating a first value comprising a random bit string and a second value comprising a random bit string; preparing a second message comprising said first value; preparing a digital signature comprising a first signature component encrypting said second message with said identifier of said second participant device and a second signature component generated using a hash, said hash generated using said second value; sending said first signature component and second signature component, said hash and information pertaining to said first participant device to said second participant device, whereupon said second participant device decrypts said first signature component using said second signature component and said hash and extracts said first value from said first signature component; receiving said extracted first value from said second participant device to acknowledge provision of said service; and authenticating said second participant device by verifying said extracted first value received from said second participant device is equal to said first value originally generated by said first processing unit, and completing said first transaction by sending said second value to said authenticated second participant device thereby obtaining said service, and thereby enabling said second participant device to complete said second transaction by providing said second value to said third participant. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36)
-
-
37. A method of performing, in a communication system, a first transaction between a first participant device and a second participant device comprising a second processing unit, wherein said second participant device permits a service to be provided to said first participant device to complete said first transaction, and is enabled to obtain payment from a third participant to complete a second transaction, said method comprising:
-
upon initiation of said transaction by said first participant device, said second participant device sending a first message to said first participant device, said first message including information pertaining to said second participant device; said second participant device receiving from said first participant, a digital signature, a hash and information pertaining to said first participant device, said digital signature comprising a first signature component being prepared using a second message, said second message being prepared to comprise a first value, and a second signature component generated using said hash, said hash being generated using a second value; said second processing unit verifying said information pertaining to said first participant device; said second processing unit extracting said second message from said first signature component using said second signature component and said hash and extracting said first value from said second message; said second participant device sending said first value extracted from said second message to said first participant device to acknowledge provision of said service and authenticate itself to the first participant device; and after being authenticated by said first participant device upon determining that said first value extracted from said second message and returned to said first participant device is equal to said first value originally generated by said first participant device, said authenticated second participant device receiving said second value from said first participant device, and completing said second transaction by providing said second value to said third participant to be used to obtain payment from said third participant. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
-
-
48. A system for performing a first transaction in a communication system between a first and a second participant wherein said second participant permits a service to be provided to said first participant to complete said first transaction, and is enabled to obtain payment from a third participant in a second transaction, said system configured to permit communication between a first participant device comprising a first cryptographic processor and a second participant device comprising a second cryptographic processor, said system comprising said first participant device and said second participant device, wherein:
-
said second cryptographic processor is configured to, upon initiation of said transaction by said first participant device, send a first message to said first participant device, said first message including information pertaining to said second participant device; said first cryptographic processor is configured to;
verify said information pertaining to said second participant device, and, using an anomalous elliptic curve scheme, generate a first value and a second value, prepare a second message comprising said first value, prepare a digital signature comprising a first signature component encrypting said second message and a second signature component generated using a hash, said hash generated using said second value, and send said digital signature, said hash and information pertaining to said first participant device to said second participant device;said second cryptographic processor is further configured to verify said information pertaining to said first participant device, decrypt said first signature component to extract said second message from said first signature component using said second signature component and said hash and extract said first value from said second message, and send said first value extracted from said second message to said first participant device to acknowledge provision of said service; and said first cryptographic processor is further configured to authenticate said second participant by verifying that said first value extracted by said second cryptographic processor and returned to said first participant device is equal to said first value originally generated by said first cryptographic processor and, send said second value to said authenticated second participant device, completing said first transaction, whereupon said authenticated second participant device provides said second value to said third participant to complete said second transaction. - View Dependent Claims (49, 50, 51, 52, 53, 54, 55, 56)
-
Specification