Cryptographic method for protection against fraud

US 7,284,122 B2
Filed: 03/19/2001
Issued: 10/16/2007
Est. Priority Date: 03/22/2000
Status: Expired due to Term

First Claim

Patent Images

1. A cryptographic method of providing protection against fraud in transactions between an application (1) and an electronic chip (2) of a user, the method comprising the following steps:

determining a non-linear pseudo random function f known to the application (1) and implanted (4) in the electronic chip (2),allocating to the electronic chip (2) a first secret key K known only to the electronic chip (2) and to the application (1) and kept secret (5) in the electronic chip (2),on each authentication of the electronic chip (2), generating a variable input word R referred to as a random seed,computing (15,16) by both the electronic chip (2) and the application (1) a certificate (Sp, S) which is the result of applying the non-linear pseudo random function f to a list of arguments (e₁, e₂) comprising at least the seed R and the secret key K,allocating to the electronic chip (2) a second secret key K′

known only to the electronic chip (2) and to the application (1) and kept secret (6) in the electronic chip (2),on each authentication of the electronic chip (2), determining (17, 18) a mask M computed from at least a portion of the secret key K′

,masking (19) the value of the certificate (Sp) by means of the mask M to provide a second layer of security such that only the masked value of the certificate (Spm) is made available to the application (1), andusing the application (1) to verify the masked value of the certificate (Spm) computed by the electronic chip (2).

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cryptographic method of protection against fraud in transactions between an application and an electronic chip of a user. Both the electronic chip and the application compute a certificate (Sp, S) which is the result of applying a non-linear function f to a list of arguments (e_1,e₂) comprising at least a seed R and a secret key KO. A second secret key K′ which is known only to the electronic chip and to the application is allocated to and kept secret in the electronic chip. Upon each authentication of the electronic chip, a mask M is determined by computing it from at least a portion of the secret key K′. The value of the certificate (Sp) is masked by means of the mask M to make available to the application only the masked value of the certificate (Spm). The application is used to verify the masked value of the certificate (Spm) computed by the electronic chip.

Citations

20 Claims

1. A cryptographic method of providing protection against fraud in transactions between an application (1) and an electronic chip (2) of a user, the method comprising the following steps:
- determining a non-linear pseudo random function f known to the application (1) and implanted (4) in the electronic chip (2),allocating to the electronic chip (2) a first secret key K known only to the electronic chip (2) and to the application (1) and kept secret (5) in the electronic chip (2),on each authentication of the electronic chip (2), generating a variable input word R referred to as a random seed,computing (15,16) by both the electronic chip (2) and the application (1) a certificate (Sp, S) which is the result of applying the non-linear pseudo random function f to a list of arguments (e₁, e₂) comprising at least the seed R and the secret key K,allocating to the electronic chip (2) a second secret key K′
  
  known only to the electronic chip (2) and to the application (1) and kept secret (6) in the electronic chip (2),on each authentication of the electronic chip (2), determining (17, 18) a mask M computed from at least a portion of the secret key K′
  
  ,masking (19) the value of the certificate (Sp) by means of the mask M to provide a second layer of security such that only the masked value of the certificate (Spm) is made available to the application (1), andusing the application (1) to verify the masked value of the certificate (Spm) computed by the electronic chip (2).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. A method according to claim 1, wherein verification by the application (1) of the masked value of the certificate (Spm) computed by the electronic chip (2) comprises:
    - using the mask M to unmask the masked value of the certificate (Spm) computed by the electronic chip (2), andcomparing the value of the certificate (Sp) computed by the electronic chip (2) with that (S) computed by the application (1).
  - 3. A method according to claim 1, wherein verification by the application (1) of the masked value of the certificate (Spm) computed by the electronic chip (2) comprises:
    - using the mask M to mask (23) the value of the certificate (S) computed by the application (1), andcomparing (22) the masked value of the certificate (Sp) computed by the electronic chip (2) with the masked value of the certificate (Sm) computed by the application (1).
  - 4. A method according to claim 1, wherein the seed R is determined by the application (1) from a random number generated by the application (1) and wherein the seed R is transmitted to the electronic chip (2) by the application (1).
  - 5. A method according to claim 1, wherein the seed R is determined from a series of consecutive integers generated by the application (1) and by the electronic chip (2).
  - 6. A method according to claim 1, wherein the certificate (Sp, S) is the result of applying the non-linear pseudo random function f to a list of arguments (e₁, e₂) comprising at least the seed R, the secret key K, and data D internal to the electronic chip.
  - 7. A method according to claim 1, wherein the certificate (Sp, S) is the result of applying the non-linear pseudo random function to a list of arguments (e₁, e₂) comprising at least the seed R, the secret key K, and data D′
    - supplied to the electronic chip (2) by the application (1) at the time of authentication.
  - 8. A method according to claim 1, wherein the secret keys K and K′
    - are chosen independently of each other.
  - 9. A method according to claim 1, wherein said second secret key K′
    - consists of a sequence of values K′
      
      , M is equal to a linear combination modulo 2 of the bits of the values K′
      
      , and the characteristics of the combination are determined at the time of authentication.
  - 10. A method according to claim 1, wherein said second secret key K′
    - consists of a sequence of values K′ and
      
      M is equal to values K′
      
      from among the values K′ and
      
      determined by the choice of a parameter c at the time of authentication.
  - 11. A method according to claim 10, wherein the value of the parameter c is computed from at least the value of a counter in the electronic chip which is incremented on each authentication.
  - 12. A method according to claim 10, wherein the value of the parameter c is computed from at least the seed R and the value of a counter in the electronic chip which is incremented on each authentication.
  - 13. A method according to claim 1, wherein the masking of the certificate S by means of the mask M is computed by means of an encryption function (F).
  - 14. A method according to claim 13, wherein the encryption function (F) is an exclusive-OR operation applied bit by bit.
  - 15. A method according to claim 1, wherein the certificate (Sp, S) and the mask M have the same number of bits.
  - 16. A method according to claim 1, wherein the number of authentications of the electronic chip (2) is limited to a maximum value V determined by the application (1) and written into the electronic chip (2).
  - 17. A method according to claim 16, wherein the electronic chip (2) contains a counter which is incremented on each authentication and the electronic chip (2) terminates all authentication computation if the value of the counter reaches the maximum value V.

18. A cryptographic method of providing protection against fraud in transactions between an application (1) and an electronic chip (2) of an user, the method comprising the following steps:
- determining a non-linear pseudo random function f known to the application (1) and implanted (4) in the electronic chip (2),allocating to the electronic chip (2) a first secret key K known only to the electronic chip (2) and to the application (1) and kept secret (5) in the electronic chip,on each authentication of the application (1), generating an input word R referred to as a random seed,computing by both the electronic chip (2) and the application (1) a certificate (Sp, S) which is the result of applying the non-linear pseudo random function f to a list of arguments (e₁, e₂) comprising at least the seed R and the secret key K,allocating to the electronic chip (2) a second secret key K′
  
  known only to the electronic chip (2) and to the application (1) and kept secret (6) in the electronic chip (2),on each authentication of the application (1), determining a mask M computed from at least a portion of the secret key K′
  
  ,masking the value of the certificate (S) by means of the mask M to provide a second layer of security such that only the masked value (Sm) of the certificate (5) is made available to the electronic chip (2), andusing the electronic chip (2) to verify the masked value (Sm) of the certificate (S) computed by the application (1).
- View Dependent Claims (19, 20)
- - 19. A method according to claim 18, wherein the seed R is determined by the electronic chip (2) from a random number generated by the&
    - electronic chip (2) and wherein the seed R is transmitted to the application (1) by the electronic chip (2).
  - 20. A method according to claim 18, wherein the seed R is determined from a series of consecutive integers generated by the application (1) and by the electronic chip (2).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Orange S.A.
Original Assignee
Orange S.A.
Inventors
Girault, Marc, Gilbert, Henri
Primary Examiner(s)
Moise; Emmanuel L.
Assistant Examiner(s)
Gelagay; Shewaye

Application Number

US10/221,692
Publication Number

US 20030159038A1
Time in Patent Office

2,402 Days
Field of Search

713/159
US Class Current

713/159
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

H04L 2209/04   Masking or blinding

H04L 2209/56   Financial cryptography, e.g...

H04L 9/3263   involving certificates, e.g...

Cryptographic method for protection against fraud

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic method for protection against fraud

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links