Authentication method in data communication and smart card for implementing the same
First Claim
1. An authentication method for use in a system including a first entity (CARD) and a second entity (SERVER) mutually communicating by way of a network (NET), wherein said first entity is adapted to authenticate said second entity and data received from said second entity, and wherein both first and second entities store the same secret key (K), said authentication method comprising the steps of:
- receiving by said first entity a message authenticating code (MAC) and other parameters (RAND, SQN, AMF, . . .), said message authenticating code (MAC) being a function of said secret key (K) and said other parameters (RAND, SQN, AMF, . . .);
computing by said first entity an expected code (XMAC) from said other parameters which have been received and from said secret key (K) stored in said first entity;
comparing by said first entity said message authenticating code (MAC) received and said expected code (XMAC); and
aborting authentication if the message authenticating code (MAC) received and the expected code (XMAC) do not match;
said method being characterised by the further step of;
updating in said first entity a failure counter every time the message authenticating code (MAC) received and the expected code (XMAC) do not match upon comparison by said first entity.
2 Assignments
0 Petitions
Accused Products
Abstract
The invention sets forth an authentication method for use in a system including a first entity and a second entity in a network, the first entity being adapted to authenticate the second entity and data received therefrom, both first and second entities storing the same secret key. The method is implemented in a smart card such as a USIM card, including: a memory storing authentication algorithms and keys; means for receiving a message authenticating code and other parameters; means for computing an expected code from said other parameters and from said secret key; means for comparing said message authenticating code received and said expected code; and means for aborting authentication if the message authenticating code received and the expected code do not match. The smart card further comprises a failure counter adapted to store the number of abortion occurrences, and means for updating said failure counter every time the comparing means indicate that said message authenticating code and said expected code do not match. Thanks to its built-in failure counter and the fact that the updating of this counter is controlled from inside the card, the card becomes tamper-resistant against reiterated fraudulent authentication attempts.
32 Citations
5 Claims
-
1. An authentication method for use in a system including a first entity (CARD) and a second entity (SERVER) mutually communicating by way of a network (NET), wherein said first entity is adapted to authenticate said second entity and data received from said second entity, and wherein both first and second entities store the same secret key (K),
said authentication method comprising the steps of: -
receiving by said first entity a message authenticating code (MAC) and other parameters (RAND, SQN, AMF, . . .), said message authenticating code (MAC) being a function of said secret key (K) and said other parameters (RAND, SQN, AMF, . . .);
computing by said first entity an expected code (XMAC) from said other parameters which have been received and from said secret key (K) stored in said first entity;
comparing by said first entity said message authenticating code (MAC) received and said expected code (XMAC); and
aborting authentication if the message authenticating code (MAC) received and the expected code (XMAC) do not match;
said method being characterised by the further step of;
updating in said first entity a failure counter every time the message authenticating code (MAC) received and the expected code (XMAC) do not match upon comparison by said first entity. - View Dependent Claims (2, 3, 4)
-
-
5. A smart card (CARD) adapted to authenticate a remote entity (SERV) and data received from it, said smart card including:
-
a memory storing authentication algorithms as well as authentication and encryption keys including a secret key (K) which is the same as a corresponding key stored in said remote entity;
means for receiving from said remote entity a message authenticating code (MAC) and other parameters (RAND, SQN, AMF, . . .);
means for computing an expected code (XMAC) from said other parameters and from said secret key (K);
means for comparing said message authenticating code (MAC) received and said expected code (XMAC); and
means for aborting authentication if the message authenticating code (MAC) received and the expected code (XMAC) do not match;
said smart card being characterised by further comprising;
a failure counter adapted to store the number of abortion occurrences; and
means for updating said failure counter every time the comparing means indicate that said message authenticating code (MAC) and said expected code (XMAC) do not match.
-
Specification
-
- Resources
-
Current AssigneeGemalto SA (Thales SA)
-
Original AssigneeAxalto S A
-
InventorsSalgado, Stephanie, Bernard, Eddy
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current713/185
-
CPC Class CodesH04L 2209/80 Wireless network architectu...H04L 63/08 for authentication of entit...H04L 63/0853 using an additional device,...H04L 63/14 for detecting or protecting...H04L 9/0643 Hash functions, e.g. MD5, S...H04L 9/3242 involving keyed hash functi...H04W 12/065 Continuous authenticationH04W 12/069 using certificates or pre-s...H04W 12/12 Detection or prevention of ...H04W 28/18 Negotiating wireless commun...
