AU651584B2 - Smart card validation device and method - Google Patents
Smart card validation device and methodInfo
- Publication number
- AU651584B2 AU651584B2 AU77519/91A AU7751991A AU651584B2 AU 651584 B2 AU651584 B2 AU 651584B2 AU 77519/91 A AU77519/91 A AU 77519/91A AU 7751991 A AU7751991 A AU 7751991A AU 651584 B2 AU651584 B2 AU 651584B2
- Authority
- AU
- Australia
- Prior art keywords
- data
- memory
- encryption
- smartcard
- identification data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
- 238000000034 method Methods 0.000 title claims description 16
- 238000010200 validation analysis Methods 0.000 title claims description 16
- 230000015654 memory Effects 0.000 claims description 66
- 238000013500 data storage Methods 0.000 claims description 8
- 230000006870 function Effects 0.000 description 4
- 238000007726 management method Methods 0.000 description 3
- 230000004075 alteration Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000004377 microelectronic Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
Landscapes
- Telephone Function (AREA)
- Mobile Radio Communication Systems (AREA)
Description
Title:
"SMART CARD VALIDATION DEVICE AND METHOD"
Technical Field
The present invention relates to a smartcard validation device and method.
The validation device of this invention is particularly suited to applications in which the smartcard is used as a cash substitute. Although the invention will hereinafter be described with reference to this application it is equally useful in a variety of other applications including for example security access systems. Background Art
Smartcards are essentially plastic cards with micro-electronic circuitry embedded therein. They are also known as "integrated circuit cards" and fall into three categories according to the degree of "intelligence" they possess.
At one end of the scale, a smartcard providing only
memory is analogous to a card having a magnetic strip. Information may be stored within the memory but the card has no processing capability, and no ability to restrict access to that memory.
At the middle scale is a card that has memory controlled by a hard wired logic which can restrict access to any or all of the memory until a valid access code has been issued. The same scheme can be used to prevent unauthorised erasing of card memory. The access code can take the form of a personal identification number (PIN) . Most sophisticated however is a smartcard in which the processor is able to perform complex functions, such as the performance of algorithms. It is those smartcards falling within the middle scale referred to above to which the present invention relates.
In practice information is transferred to and from the memory of the smartcard when the card is interfaced with a suitable reader/writer device. As such, the information provided on the smartcard may be constantly updated. Preferably, the use of the card should not always require communication with a control database. If the card provides stand-alone operation it will be more flexible in use.
It will be apparent that, in providing a system in which a smartcard is used as a cash substitute, a most important aspect is the provision of a tight security system. Early smartcards utilised a user-key/PIN
similar to that used by credit cards or magnetic stripe cards. Access to the smartcard often relies upon the submission of the correct user-key/PIN. Furthermore, the data stored within the card may be encrypted. For a reasonable level of security in the system, two numbers must be managed, namely a user key and an encryption key. Management of these keys involves keeping them secret from potential unauthorised users, and with regular changes. The reason for regular changing of the keys is that, if the user key is intercepted by or revealed to an unauthorised user and access to the card is obtained, copying the card data becomes possible. Further, if the card data is not encrypted, then fraudulent alteration of the data is also possible. In the application of the smartcard as a cash substitute such operations pose serious problems.
A second type of smartcard security method was subsequently developed, using a "signature" or "certificate" to prove the integrity of the contents of the card. However this requires manual input of a further key, therefore this system also requires management of two keys. In this case, however, alteration of the card data without correct calculation of the new certificate may be detected when the card is next used. Moreover, copying the card is prevented since the card memory location which contains the certificate is erased upon access to the contents of the
card. Therefore, if the user key alone is intercepted and the card is unlocked, a copy may be made onto a second card but without the encryption key a fresh certificate can not be calculated and the card, or copies, will be rejected when next used.
While an improvement over earlier approaches, these prior art systems still possess the disadvantage that multiple user keys must be managed, with the constant danger that the information will fall into the hands of unauthorised users. Disclosure of the Invention
It is an object of the present invention to overcome, or at least ameliorate, the disadvantages presented by the prior art.
Accordingly, there is provided a validation device for a smartcard of the kind having unprotected data storage memory and protected data storage memory selectively accessible by means of a user access code, said device comprising: encryption means to perform an encryption upon identification data to produce said user access code; means to read identification data from said unprotected memory to said encryption means; means to supply said user access code to the smartcard; means to read selected data from said protected memory to said encryption means for encryption to
produce validating data; comparator means to compare said identification data with said validating data and reject the smartcard if the data do not agree; and means responsive to said comparator means to establish access to said protected memory if the data do agree.
Preferably, the validation device further comprises memory means for storage of the identification data and the means to read identification data from the unprotected memory erases the unprotected memory after reading the identification data to the memory means.
Preferably, also, the encryption means performs the same encryption algorithm to produce the user access code and the validating data. Preferably, the encryption algorithm employs an encryption key stored in memory.
Preferably, also, the validation device further comprises card locking means responsive to an input indication of termination of use of the smartcard for reading updated selected data from the protected memory to the encryption means for encryption to produce updated validating data, and means to write the updated validating data to unprotected memory to form part of updated identification data.
Preferably, the card locking means generates a new user access code for the smartcard by encryption of the
updated identification data and transmits the new user access code to the smartcard.
In a second aspect, the invention provides a method for validating access to smartcards of the kind having unprotected data storage memory and protected data storage memory selectively accessible by means of a user access code, said method including the steps of: reading identification data from said unprotected memory; encrypting said identification data to produce a user access code; supplying said user access code to said smartcard; reading selected data from said protected memory; encrypting said selected data to produce validating data; comparing said identification data with said validating data; and rejecting the smartcard if the data do not agree and establishing access to the protected memory if the data do agree.
Preferably, the method of the invention further includes the step of storing the identification data and erasing the unprotected memory.
Preferably also, the steps of encrypting the identification data and encrypting selected data from the protected memory employ the same encryption algorithm to produce the user access code and the
validating data respectively.
Preferably, the encryption steps employ an encryption key stored in read only memory.
Preferably also, the method of the invention further includes the steps of: responding to an indication of termination of use of the smartcard to read updated selected data from the protected memory; encrypting said selected data to produce updated validating data; and writing the updated validating data to unprotected memory to form part of updated identification data.
Preferably, the step of writing updated validating data to form part of updated identification data further includes the step of encrypting the updated identification data to produce a new user access code and transmitting the new user access code to the smartcard. Brief Description of the Drawings
A preferred embodiment of the invention will now be described, by way of example only, with reference to the accompanying drawings in which:
Figure 1 is a block diagram showing a validation device in accordance with the present invention; Figure 2 is a generalised flow chart of the operation of the validation device of Figure 1;
Figure 3 shows a more detailed flow chart of the
unlocking function of Figure 2; and
Figure 4 shows a more detailed flow chart of the locking function of Figure 2. Modes for Carrying out the Invention
Referring now to Figure 1, the validation device interfaces to a smartcard 1 by means of a card reader/writer 2. The latter in turn is part of a host system 3, for example, a gaming machine.
The smartcard 1 consists of two types of EEPROM memory. A first portion is accessible at any time and is termed the unprotected memory 4. The remaining portion is accessible only after presentation of a "key" or PIN to the card and is termed the protected memory
5. In addition, the card contains input/output hardware
6, security logic 7 which controls access to the EEPROM memories 4 and 5, and the interconnecting data and address buses (not shown) .
The smartcard reader/writer 2 consists of a microprocessor 8, a RAM 9 , a ROM 10, an input/output interface 11 to the card 1 and an input/output interface 13 to the host machine 12, for example an RS232C serial interface. Each of these units 8 to 13 are connected by appropriate data and address buses.
Figure 2 shows a generalised flow chart of a preferred system embodying the present invention. In particular. Figure 2 illustrates the procedure for validation of the card whereby access to the data within
may be obtained. Initially, a certificate and card serial number are read from unprotected memory. This information is then encrypted with the aid of a secret encryption key stored in read only memory or read/write memory within the validation device. The result of the encryption is transmitted to the smartcard as a user key or PIN to unlock the card.
Thereafter, protected memory may be accessed and card data read. The validation procedure continues by encrypting the card data obtained in the previous step, again with the aid of the secret encryption key. In the final step of validating card access, the certificate obtained from unprotected memory is compared with the result of encrypting card data. If the parameters are equal then access is validated and the card data may be employed to perform transactions and the like according the function of the card.
Figure 2 also illustrates the procedure for locking the card. When it is determined that card access must be terminated, for example after a transaction is completed, the card data is updated. A fresh certificate is generated by encrypting the new card data with the aid of the secret key as before. The certificate is combined with a card serial number and further encrypted, once more with the aid of the secret encryption key to produce a new user key. The new user key is stored in write only memory. The advantage of
generating a new user key each time the card is used is to increase the security of access to the card. In addition, the new certificate provides protection against copying the card. A major advantage of the invention however is that no information need be memorized by the user of the card. This means of course that the validation device when used with transaction card, requires the card to be treated just as money is treated. It will be appreciated that the effect of the invention is not to provide a system secure against unauthorised use, but to prevent tampering with the data stored in the smartcard.
Figure 3 illustrates in more detail and with particular reference to the application of the invention to the management of gaming machines.
Initially a card user inserts the card into a host machine. A card reader/writer as shown in Figure 1 reads identification data from the unprotected memory. This identification data takes the form of a certificate, a card serial number, a service provider number and a manufacturer's number. The identification data is taken and stored in RAM 9 within the card reader/writer 2.
These values form the input to an encryption algorithm, for example the data encryption algorithm (DEA as specified in AUSTRALIAN STANDARD 2805.5 or similar) . In addition a secret encryption key is held
within the reader/writer 2 by ROM 10 or RAM 9. From the output of the encryption algorithm a 16 bit user key is extracted and transmitted to the smartcard to unlock or enable protected memory 5.
If the card is successfully unlocked, the certificate area of unprotected memory 4 is erased and the data within protected memory is read and stored in RAM 9 of the reader/writer. This data typically consists of the cards monetary value and other sensitive data according the particular application.
The card data forms the input to an encryption algorithm once more employing the encryption key stored in ROM to produce validating data for comparison with the certificate stored earlier. If the certificate and validating data are identical the transaction involving the smartcard may proceed. Otherwise, the card has been tampered with and the transaction is terminated.
If the card is validated by the reader/writer, the monetary value and any other pertinent information is transferred to the host machine via the interface with the reader. After the transaction is successfully completed the card must be locked in accordance with the invention to ensure security of the information it contains.
Figure 4 illustrates a detailed procedure for locking the card.
Updated data is transferred from the host machine
to the protected memory of the smartcard. At the same time, this data is encrypted and a certificate extracted and written to the unprotected memory of the smartcard.
The certificate is combined also with the other parameters such as card serial number, service provider number and manufacturer's number read during opening of the card to form the input to a further encryption. From the result of this second encryption a new user key is extracted and transferred to the smartcard. It will be apparent that further security may be provided by encrypting the card data representing monetary value and the like. Even greater protection would be provided by employing several different encryption algorithms or encryption keys. In practice however the difficulty of breaking the standard data encryption algorithm is such that each encryption performed by the invention may be achieved with the same algorithm and key.
It will be appreciated also that the great advantage of the present invention is that it relieves the user of the burden of remembering a PIN. In systems where key information is provided by the user, the information must be limited in complexity to that which the average user can remember. Thus, the simplicity of user supplied pins renders these systems more susceptible to interference.
It will be apparent that a validation device of the present invention allows a smartcard to be used as a
substitute for cash. Accordingly, unauthorised use of the card is possible. However it is possible and indeed desirable, to incorporate unique markings such as service provider identification, member number, personal signature etc. on the surface of the smartcard in order to minimise this type of misuse. It will be apparent that in a variety of applications the prevention of tampering is often more important than the possibility of unauthorised use.
Although reference has been made to specific examples, it will be appreciated by those skilled in the art that the invention may be embodied in many other ways.
Claims (10)
1. A validation device for a smartcard of the kind having unprotected data storage memory and protected data storage memory selectively accessible by means of a user access code, said device comprising: encryption means to perform an encryption upon identification data to produce said user access code; means to read identification data from said unprotected memory to said encryption means; means to supply said access code to the smartcard; means to read selected data from said protected memory to said encryption means for encryption to produce validating data; comparator means to compare said identification data with said validating data and reject the smartcard if the data do not agree; and means responsive to said comparator means to establish access to said protected memory if the data do agree.
2. A device as claimed in Claim 1 further comprising memory means for storage of said identification data and wherein said means to read identification data from said unprotected memory erases the unprotected memory after reading the identification data to said memory means.
3. A device as claimed in Claim 1 wherein said encryption means performs the same encryption algorithm to produce said user access code and said validating data .
4. A device as claimed in Claim 3, wherein said encryption algorithm employs an encryption key stored in memory.
5. A device as claimed in any one of Claim 1 to 4, further comprising card locking means responsive to an input indication of termination of use of the said smartcard to read updated selected data from said protected memory to said encryption means for encryption to produce updated validating data; and means to write said updated validating data to said unprotected memory to form part of updated identification data.
6. A device as claimed in Claim 5, wherein said card locking means generates a new user access code for said smartcard by encryption of said updated identification data and transmits said new user access code to said smartcard.
7. A method for validating access to smartcards of the kind having unprotected data storage memory and protected data storage memory selectively accessible by means of a user access code, said method including the steps of: reading identification data from said unprotected memory; encrypting said identification data to produce a user access code; supplying said user access code to said smartcard; reading selected data from said protected memory; encrypting said selected data to produce validating data; comparing said identification data with said validating data; and rejecting the smartcard if the data do not agree and establishing access to the protected memory if the data do agree.
8. A method as claimed in Claim 7, further including the step of storing the identification data and erasing the unprotected memory.
9. A method as claimed in Claim 8, further including the steps of encrypting the identification data and encrypting selected data from the protected memory employ the same encryption algorithm to produce the user access code and the validating data respectively.
10. A method as claimed in any one of Claims 7 to 9, wherein the encryption steps employ an encryption key stored in memory.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU77519/91A AU651584B2 (en) | 1990-04-27 | 1991-04-26 | Smart card validation device and method |
Applications Claiming Priority (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AUPJ9863 | 1990-04-27 | ||
| AUPJ986390 | 1990-04-27 | ||
| AU77519/91A AU651584B2 (en) | 1990-04-27 | 1991-04-26 | Smart card validation device and method |
| PCT/AU1991/000164 WO1991017524A1 (en) | 1990-04-27 | 1991-04-26 | Smart card validation device and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| AU7751991A AU7751991A (en) | 1991-11-27 |
| AU651584B2 true AU651584B2 (en) | 1994-07-28 |
Family
ID=25638664
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| AU77519/91A Ceased AU651584B2 (en) | 1990-04-27 | 1991-04-26 | Smart card validation device and method |
Country Status (1)
| Country | Link |
|---|---|
| AU (1) | AU651584B2 (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FR2704341B1 (en) * | 1993-04-22 | 1995-06-02 | Bull Cp8 | Device for protecting the keys of a smart card. |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FR2645303A1 (en) * | 1989-03-31 | 1990-10-05 | Mitsubishi Electric Corp | PORTABLE SECURITY SEMICONDUCTOR MEMORY DEVICE |
| WO1990015382A1 (en) * | 1989-05-31 | 1990-12-13 | Datacard Corporation | Microcomputer debit card |
| EP0409701A1 (en) * | 1989-07-19 | 1991-01-23 | France Telecom | Hard-wired micro-circuit card and transaction method between a respective hard-wired micro-circuit card and a terminal |
-
1991
- 1991-04-26 AU AU77519/91A patent/AU651584B2/en not_active Ceased
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FR2645303A1 (en) * | 1989-03-31 | 1990-10-05 | Mitsubishi Electric Corp | PORTABLE SECURITY SEMICONDUCTOR MEMORY DEVICE |
| WO1990015382A1 (en) * | 1989-05-31 | 1990-12-13 | Datacard Corporation | Microcomputer debit card |
| EP0409701A1 (en) * | 1989-07-19 | 1991-01-23 | France Telecom | Hard-wired micro-circuit card and transaction method between a respective hard-wired micro-circuit card and a terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| AU7751991A (en) | 1991-11-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US5379344A (en) | Smart card validation device and method | |
| EP0696016B1 (en) | Method for managing security for card type storage medium and a card type storage medium | |
| US5796835A (en) | Method and system for writing information in a data carrier making it possible to later certify the originality of this information | |
| US6454173B2 (en) | Smart card technology | |
| EP0379333B1 (en) | Secure data interchange system | |
| US5036461A (en) | Two-way authentication system between user's smart card and issuer-specific plug-in application modules in multi-issued transaction device | |
| US4357529A (en) | Multilevel security apparatus and method | |
| US4839506A (en) | IC card identification system including pin-check time means | |
| JPH0682405B2 (en) | Test program start method | |
| EP0439609A1 (en) | System for collating personal identification number | |
| JPH0762862B2 (en) | Authentication method in IC card system | |
| WO1999064996A1 (en) | Preloaded ic-card and method for authenticating the same | |
| AU8545398A (en) | Method for managing a secure terminal | |
| JP2003123032A (en) | IC card terminal and personal authentication method | |
| AU651584B2 (en) | Smart card validation device and method | |
| JPH0822517A (en) | Hybrid card tampering prevention method | |
| JP2001524724A (en) | Data management method for chip card | |
| KR100468154B1 (en) | System and method for business of electronic finance bases of smart card | |
| KR970002757A (en) | Security device of cash machine and its control method | |
| JP3652409B2 (en) | Portable information recording medium | |
| JP4638135B2 (en) | Information storage medium | |
| JP2712148B2 (en) | Test program starting method and test program starting device | |
| KR19980065912A (en) | Electronic Commerce Method Using Remote Hardware Security Module (SAM) | |
| JPS63262779A (en) | IC card authentication system | |
| JPS62211756A (en) | IC card test method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MK14 | Patent ceased section 143(a) (annual fees not paid) or expired |