TW200836118A - User authentication method, system and computer system with atm ic-card system - Google Patents

Abstract

This patent application discloses techniques, devices and systems for user authentication based on linking between a randomly generated authentication secret and a personalized secret.

Description

200836118 VII. Designated representative circle: For: (2) The symbol of the figure is simple: (1) The representative representative of the case (2) The component of the representative figure (610) Work 1 (6 20) The work of the second is responsible In the chemical formula, please reveal the features that can best show the invention. 9. Description of the invention: [Technical field to which the invention pertains] The present invention belongs to a brake worker using a computer device, a computer system, and as a cardholder authentication (ear H l ^ + · general machine Network V ardholder authentication, technology u.) Technology should be [previous technology] 曰曰 金融 金融 配合 配合 配合 配合 配合 配合 配合 配合 配合 配合 配合 配合 配合 配合 配合 配合 配合 配合 配合 配合 配合 配合 配合 配合 A A A A A A A A A A A A Even if the transaction verification code is worn, the formula # is cracked out of the base code. This base code is also called the "user base code". It is the Crypt0 Key used for logic operations. It is also important for calculating the transaction verification code ^ ^ and must be properly controlled. The logic equations currently used in ATM machines include the algorithm of Symmetric Crypt〇graphy. The card-issuing bank stores a base code (Master Key, MK) in the garbled device on the bank system side to generate the base code on the multi-chip financial card of the bank system, to derive the user base code and ensure each The uniqueness and security of the user's base code. The eleventh figure is a flow chart for generating a "user base code" for the conventional card issuance system. Issuing card 4 200836118 The garbled device of the bank (1 〇〇 ((10)) stores the main base code (no) MK, which is the source of all cardholder 2 user base codes; the other input value (120) is the calculation Cardholder's user base code ^ , ^ ΡΑΝΧ#^ ΡΑΝ1 ^ ραννρ^^ This value can hold the cardholder's unique-identification data, such as the card number or the functional nature. The value of the ten-out is the same. The calculation process (13G) is performed in the cryptographic device 0 (10) of the issuing bank to calculate the cardholder's user Sigma DKn (140).宜. User base stone DKn (l40) is a part of the memory card (EEpR〇M) of the chip card, ', stored in the memory card memory terminal received from the previous step according to the functional properties Cardholder base code, including DKi, DK2...·.DKn and so on. Cardholders who are ugly into the ATM system must provide a legal chip financial card, and a correct/password or personal identification number (per). The bank system mostly uses offline passcodes. Input verification. Therefore, the financial card of the wafer financial card stores the verification information of the pass code. The chip financial card (^) user base code (140) and the pass code file (26〇) are the two memory areas on the chip financial card, and the "user base code" and "passcode verification information" are stored. . The user base code is generated by the card issuing system at the time of card issuance, and the memory space stored therein is called "user base code He", and stores a plurality of user base codes used in conjunction with different financial transaction items; The memory space of the code verification information is called the "pass code file". In the layout design of the memory card memory space, the "user base code file" and the "pass code file file" are collectively referred to as "base code broadcast". The twelfth figure is a flow chart of the use of the chip financial card by the cardholder in the entity Ατιν [system completes a transaction, including: Step 3 0 5 · Cardholder (1 〇) inserts the chip financial card 〇 $ 〇) into the entity AT Μ The cash machine (30) of the system establishes a connection with the cash dispenser (30); Step 310: The cash machine (30) receives the wafer financial card (15〇) and starts the transaction program; 200836118 Step 315: The ATM system of the machine (30) reads the information stored in the user base code file (140) of the chip financial card (150) memory; Step 320: The ATM system of the cash machine (30) according to the information obtained in step 315 To verify the authenticity of the chip financial card (150), the verification method may include SDA (Static Data Authentication) and DDA (Dynamic Data Authentication). If it is determined to be the correct wafer financial card (150) after verification, then step 325 is continued. Otherwise, skip to step 390 to end the cardholder's transaction; Step 325: The cardholder enters the passcode at the cash machine (30); ▲ Step 330: The ATM system of the cash dispenser (30) receives The pass code input by the card holder, and the received pass code is sent to the chip financial card (1 50) for verification in step 335; Step 340: The chip financial card (150) is in the pass code file (260) The pass code verification statement compares whether the pass code entered by the card holder is correct; Step 345: The chip financial card (150) returns the result of the pass code verification to the ATM system of the cash machine (30); Step 3 5 0: The ATM system of the cash dispenser (30) returns the success message of the passcode verification according to the chip financial card (150), and continues to perform step 35 5 . If the chip financial card (150) returns a message that the passcode verification failed, then the process jumps to step 390 to end the cardholder transaction, and step 355: the ATM system of the cash dispenser (30) performs risk control, including According to the bank's security policy, the amount of transactions or the number of transactions is controlled to avoid risks. If the risk control policy is met, step 360 is performed. Otherwise, the process jumps to step 390 to end the cardholder transaction. Step 360: The cash machine (30) is based on the requested transaction message. An Authorization Request Cryptogram is generated and transmitted to the bank system side. 6 200836118 is verified by the bank ATM system (20) of the entity ATM, and the bank ATM system (20) of the entity ATM generates an Authorization Response Cryptogram. Reply to the ATM system of the cash machine (30), the ATM system of the cash dispenser (30) verifies the authorization reply message to confirm the response of the authorization, and after the transaction is completed, provide the transaction certificate. Step 390: End the transaction. The above steps 325, 330, 335, 340, 345, and 350 form an "offline cardholder identity authentication program (3 5 3 )". Such programs allow the application of multiple verification methods, including verifying the entry of passcodes or verifying the fingerprints of cardholders, but most banking systems currently use offline pass-through authentication. The offline cardholder identity authentication program can improve the security of the chip financial card, and also extend the service of the ATM system. The terminal device replaces the physical ATM with a card reader and connects to the Internet through the Internet. The bank forms a network ATM (Web ATM) system, and other services can be carried out in addition to the cash exchange business. Net er, ~wchuan ah 丨 Wo ^% Yu Feng pays the next person's information between the bank, so it is full of hacker attacks.糸铉, 土令, etc. Feng solves the client computer being hacked into Trojan horse (4) an h. (4) The problem of the program (referred to as the Trojan horse program). Some bank members are in the UTM import and verification code (Dynamie fine (10) (8) C〇de, “heart ΜΑ〇” mechanism, after the bank end system receives the cardholder’s transaction item , returning a randomly generated graphic file verification, to the mourners in the human spot, not to the cardholder's volleyball, asking the cardholder to enter the same text or number as the Le content, _ not by the guest The program entered is controlled. ', Road ATM show A Feng second, the cardholder may not leave the chip financial card, when the six easy f has not completed, leave the computer, in order to prevent others from taking advantage of this, and Yiqi is responsible for the execution of the transaction, so the network ΑΤμ 榣 用 用 / / TM (4) in the ^ cardholder input test ^ 200836118, requires the cardholder to enter the pass code for offline identification. The thirteenth figure illustrates the material The trading procedure of the ATM system is described in detail as follows: 乂秣4 1 0 • The cardholder (1 〇) inserts the chip financial card (〗 〖5 插入) into the card reader to establish a network ATM client system (11). Connection·; vStep 4 1 5 · Network ATM client system (1) Reading the information stored in the user base code file (1 4 〇) of the chip financial card memory through the card reader; v 420 ·, ,, 罔路 ATM client system (1)) according to step 4丨5 After the information is verified to verify the wafer financial card (150), the method of checking the cry is like the method used by the physical ATM, which may include the SDA disk) D Δ ^ ^ \ A. After the right verification is determined to be the correct wafer financial card, step 425 is continued. On the other hand, if you do not touch it, skip to step 490 and end the cardholder's transaction; Step 425: Network ATM client Li Wei n,, Receive & ^, SiS (11) The card enters the pass code, and the pass code received by the Asian pass through the communication command with the card reader to perform the 'offline card holder body == ... step 430. Network ATM user The end system (1)) continues according to the success message of the chip finance "passcode verification", and only passes the step 4 3 5 .吱 曰 , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( The client's transaction item, and send the transaction request to the network atm bank 22 to select the required transaction 'network is the client system (1)) provided by the transaction). Generally, the risk control policy is adopted; 'Step 4 of the Bank's order is set to generate a set of dynamic broadcasts to the network ATM user system: = then convert to the type of the map slot, step 445 ·• Network atm user account (11) and ask the cardholder (10) to enter 8 200836118 line one-person offline cardholder identity certification, to avoid the transaction process, leave halfway, someone impersonation to trade Step 450 'The network ATM client system (11) returns the message that the pass verification succeeds according to the chip financial card (1 50), and proceeds to step 455. Alternatively, the chip financial card (1 50) returns the message that the passcode verification failed, and then skips to step 49〇 to end the cardholder transaction; Step 45 5 · The network ATM client system (11) requires The card person (1〇) inputs the same message according to the dynamic verification code displayed; • Step 460 · The network ATM client system (11) transmits the message input by the cardholder in step 455 to the network ATM bank system (ie 2); Step 4 6 5 · Network AT Μ The bank end system (i 2) compares the received dynamic verification code with the dynamic verification code generated in step 440; then 'if the dynamic verification code is aligned The result is correct, then the success message is sent to, '罔路 AT Μ client system (η) performs step * 7 〇, complete the transaction. If the comparison ', ' is not correct, then the failure message is sent to the network AT Μ client system (1 1) to execute step 490 to end the transaction. In addition to the above solutions using dynamic captcha, the bankers have replaced the first-generation card reader with the second-generation card reader, and the new-generation chip reader has a screen and a PIN pad for the necessary input. Reduce the possibility of being recorded by the Trojan horse, but at a higher cost. In the above-mentioned r offline cardholder identity authentication procedure for verifying the user passcode by the chip financial card, a user passcode must be stored in the wafer financial card to verify that the passcode entered by the user is correct. Therefore, in order to prevent the user's passcode from being obtained by others due to the loss of the wafer financial card, the chip financial card must have a certain degree of ability to protect the stored data. Cardholders must provide two authentication factors such as User Passcode and Chip Financial Card 9 200836118 to use the ATM system for transactions to form a more secure two factor authentication mechanism. However, due to the need to implement the "Offline Cardholder Identity Certification Procedure", the user's passcode must be stored in the chip financial card. Therefore, when the chip financial card is lost, it is equivalent to the loss of both authentication factors. Although the chip financial card has a certain degree of ability to protect memory data, there are many publicly available technologies that can directly attack the information in the forced reading of the chip financial card. For example, in September 1996, Bellcore's information security experts Boneh, DeMillo and Lipton

Developed

Kocher "hardware fault cryptanalysis"; and Paul, at the Crypto conference in 1996, published timing analysis based on the cryptosystem execution time characteristics and the relevance of secrets and transcripts; Cryptography

Research's Paul Kocher, Joshua Jaffe, and Benjamin Jun presented two technologies, simple power analysis (SPA) and differential power analysis (DPA), at the 1999 Crypto conference. In addition, methods such as "fault induction" and "Transient Electro-Magnetic Pulse Emanation Standard" (TEMPEST) are also techniques for directly attacking the information in the forced reading of the wafer financial card. Strictly speaking, the practice of putting together two authentication factors does not fully comply with the design spirit of the two-factor authentication mechanism. Regardless of the physical ATM system and the network ATM system, the cardholder's identity authentication method uses "offline cardholder identity authentication". In the current cardholder identity authentication system, in addition to the default passcode generated by the system when the first login is made, the system administrator at the bank system cannot know the cardholder's passcode, and all risks are in the chip finance. On the card. Therefore, in the process of using the chip financial card as the cardholder identity authentication, it is necessary to strengthen the security of protecting the personal passcode stored in the chip financial card. 10 200836118 SUMMARY OF THE INVENTION The present invention designs a chip financial card as a physical ATM by a combination of a randomly generated authentication secret and a personalized secret. Or the cardholder identity authentication mechanism of the network ATM system (collectively referred to as the ATM system). This manual contains methods, techniques, devices, and systems. The method of generating a "randomly generated authentication secret" in the present invention is mainly based on

The code is stored in the garbled device of the issuing bank, and all the user base code (DK) are derived by using the main base code with an input item, and the input item can be unique identification information of each card holder, such as The card number, etc., and the derived user base code is stored in the EEPROM of the chip financial card. In addition to preventing unauthorized persons from obtaining the base code value through the authority control of the chip financial card, the physical protection mechanism of the chip financial card can also ensure its The security of the base code. As for the partial chip financial card, the Session Key (SK) may be derived from the user base code. It is valid only in a certain essi ο η and cannot be reused, * and is usually stored in RAM. Generally, when the chip financial card is pulled out from the card reader, the base code disappears at the same time, and the user base code can be generated according to the needs of the bank's application range, and the memory area stored in the chip financial card is called For the user base code file. In the present invention, the card-holder identity authentication method (user-side secret) can also be regarded as the user base code in the banking system, and the cardholder secret is by card. The person's pass code is divided into the authentication secret. The card holder's secret is the partial value of the authentication secret. This value is permanently stored in the chip financial card. In the process of identity authentication, the cardholder end The cardholder's secret is read by using a communication instruction between the end-end device and the chip financial card, such as a physical ATM or a card reader; the ATM system uses the cardholder passcode and the cardholder's secret to re-send the authentication secret. As the AT Μ system to certify the cardholder's identity. 200836118 The invention solves the risk of dictionary attack when the chip financial card is lost. The authentication secret is not stored in the chip financial card, and the cardholder end secret is used instead. The present invention further proposes a two-factor security authentication method. The basis for the cardholder's identity. [Embodiment] When the present invention is implemented in an ATM system, the card holder must hold the wafer financial card identity authentication. The invention has three characteristics: one is to replace the wafer financial card with a strong authentication (strong) (secret) as a new authentication secret; second, the cardholder uses two reply authentication secrets. The first secret of the cardholder is called "personalized secret", which is denoted by Sp. It is a cardholder's pass code. The second secret of the cardholder is called "cardholder". Side secret), denoted by Su, the cardholder secret is the output obtained by calculating the I secret and stored in the chip financial card memory; the second is applied to the identity of the conventional ATM system. The authentication method does not need to change the original architecture, data structure, and any peripheral hardware devices, and does not need to change the processing procedure of the financial card identity authentication method. In addition, the present invention makes the guessing attack* easy to succeed because the attacker has a strong secret, or steals two secrets possessed by the cardholder to fraudulently invade the ATM system, and the present invention divides a strong secret into two parts. I is the base, so this method will significantly enhance the protection of the secret. The present invention cites the two functions f 1 , f 2 and f 3 in the U.S. Patent Publication No. 2〇〇5/〇〇81〇41, which utilizes the three conversion functions to separate the authentication secrets. The inventor of the case is also the inventor of the patent in this patent. According to the contents of the above-mentioned public documents, f丨, f2 and f3 can be set as follows. / / Therefore, it is believed that the authentication is secret to the secret of the authentication secret. Selected (user-certification secret, the current bank is the current whisker guess card in the number of conversion and back - 〇 12 200836118 Υ = λ (χ), where γ is the one-way hash function output value; (1) υ=Η(Χ)=λ(χ)+β= γ + β, where \ is a rounded variable value, which represents a numerical example of a personalized secret, and λ is a collision impedance hash function (colhsiorwesistant hash functi 〇n), this function will produce a non-negative integer for any round-robin value, #β is a constant of - non-negative integer, u A the round-out value of this conversion function ' ϋ is also known as the digital secret-independent part; V= f2(fl(x),S)= (fl(x)+ axs) mod q, where χ is also the same The numerical example of the table personalization secret is taken as the input variable, s is a positive integer representing the digital secret of the protected _ guard, q is a positive integer greater than all numerical examples of the digital secret s, and is greater than all personalized secret input values. The hash value, a is a two-input value of a positive integer f 1 (x) and a second conversion function f2, and v is the output value of the second conversion function, and V is also called a digital secret. Related parts; (3) S-f3(fl(x)5 V)=: (a_1xV+ ((-(a"1xfl(x)mod q))mod q))mod q 'where fl(x), V , q, a, and s, as defined above, are the multiplicative anti-elements of ^ in the model of m〇d ^. The formula of fi can make the choice of personalized secrets flexible, for example, it can be The personalized passcode selected by the cardholder, or a Personal Identification Number (PIN), may also be a combination of several secrets such as the cardholder passcode and the device identifier (device-Specific c The combination of 〇(|e). The present invention applies the foregoing method of segmentation and recovery to the cardholder of the ATM system, and recognizes it. The description is as follows: "Heart is also secret" is indicated by S, which can be one of the user base codes output by the card-issuing device of the issuing bank. The generation is based on the primary base code and a random random number (or virtual random number) As the two inputs of the garbled device, and finally output a user base code as the basis of the authentication user, it is called the authentication secret. 9 13 200836118 The authentication value of the authentication secret, represented by Sv, is the authentication secret after two hash functions. The hash value output by the operation is used to replace the passstone verification value stored in the original passcode file as a new verification value. 1 The first secret of the cardholder, denoted by Sp, is an independent turn-in value of n. Therefore, the cardholder can be allowed to autonomously (4)^^丨(4) order...select this secret' and the rainy horses A cardholder's choice to remember easily. Under the assumption that fl is a collision impedance hash function, this choice is very flexible. For example, assuming (X) two sha-256(x), then this choice can be any less than the length of the bit. Number Z i secret. This flexibility creates many application scenarios. For example, the first secret Sp of the cardholder may be a combination of the passcode selected by the cardholder and the device identification code, such that the cardholder login may be restricted to use a particular device; in addition, the cardholder's creature = refers to two, the special: after the device digitizes it, it can be regarded as the first cardholder's secret person: In some embodiments, Sp can be a multiple secret group

Sp may be a combination of cardholder passcode, specific device identification, and cannibalism. At least two of the members of the temple are called “personalized e ^ ^, such as cardholder pass codes, etc. Choose the most common form of attacking a secret. The second secret of the Zen cardholder, with an output value, because it will hold in... the second... secret... the process of cutting - also enters the login process It is used, so % is also known as the cardholder's secret. #彳~, 明俜 will be a gentleman's mountain.,,岔 must be stored in persistent memory, this hair hold: "secret stored in the chip financial card The internal memory of the above-mentioned δ is calculated to only change the current verification value stored in the financial card of the Japanese film, and the rest are in the same way as the current one, and do not need to be in the silver one & The system makes any changes in hardware and software. (weak : t: · The pass code chosen by Guangren is usually recognized as a weak secret (four) (10), and the secret generated by n random random numbers is - item strong secret] 4 200836118 (strong secret). In the present invention The secret of authentication is a strong secret. S The secret of forbearing is passed through two miscellaneous waves. The hash value output by the sigh of the nose is 9 non-negative integers within a certain range, and its rib R 9 ^ "疋— The fall in /, the dry bound is based on the choice of one-way decision, for example, SHA-256 will generate a small confession function to generate j, a non-negative integer of 2256. The function can not be reversed in calculation, Due to the + 屯 clothing early to the hash

• This, by certifying the secret hash value as a helmet I can ensure the confidentiality of the authentication secret, and the 闵 丄 % 丄 1 卜 is the verification value Η is the hash value that no one can easily know to derive the original round The value has been entered. The two verification values of the authentication secret are mainly to avoid the value of the bank 掊I χi as the note card in the tribute library. The principle will be detailed in the following φ ^ Secret Repetition, 1 each , to further explain and explain. More specifically, in the method of 掊+, a, and cardholder 5 of the present invention, when the terminal device is used to perform financial operations, ΑΤλ/ί / , the person wishing to benefit from the card system The set of eight μ also program is still required for the cardholder to insert the chip full melt itself knife &; 乃 乃 is i 岫 card, and enter the correct pass card for the person, its program with the current ATM car from the strong ώ horse pair The system's cardholder identity authentication process is the same, but the actual risk of the cardholder's loss of the chip's financial card is eliminated. This enhances the security of using physical ATMs or network ATMs. The reason why this method is more secure than the conventional method is that the verification value stored in the chip financial card is the hash value of the authentication secret, not the authentication secret, and the cardholder must provide the rain input to reply to the authentication secret. The entry is used as the personalization passcode used in the calculation procedure for replying to the authentication secret and the cardholder's secret stored in the chip financial card. The verification of the hash value in the wafer financial card is compared with the hash value of the reply. Value, offline self-verification on the cardholder side, and based on the results of the verification to decide whether to allow or refuse the cardholder to enter the bank atm system. Use the passcode selected by the cardholder as the first secret, that is, the personal secret, <to meet the general use requirements; accordingly, the first input entered by the two cardholders is the card The pass code entered by the person. It is worth noting here that the cardholder input 15 200836118 line code is not using the correct pass-through value to verify the authentication secret. Personalized passcodes are not legally known and cannot be known, so only the cardholders can reply to the certification. In the hands of the cardholders, this method specifically addresses the current risk of cardholders. The cardholder authentication mechanism and system described in the present invention, and the secret selection method used in the calculation program of the cardholder identity authentication (1) respectively, the new secret is used as a new secret. And according to this, the cardholder's secret is updated; (2) the new secret is used, and the cardholder's secret is updated accordingly, but the personalization secret is kept, and the cardholder's secret is updated accordingly, but the authentication secret is In combination with the conventional banking system, and the procedure for implementing the passcode change without changing the current itinerary, the above-mentioned (3) square line code is used, and the strong authentication secret of the bank system side is not required to be transferred to the bank terminal system. Another feature in the embodiments of the present invention is the use of random numbers as one of the input values for the different authentication secrets. There are many conventional methods for generating the above-mentioned Lu number, so it is no longer necessary to describe that a real random number generator needs to have a hardware device or a software program to manufacture a random source and no correlation. It is a difficult task. There are several individual design methods to choose from, because they are all custom design methods. It is more difficult to design a software for a random number generator than to design a hard one. The software random number generator can use the certificate, the verified information card person. Knowing that other people are secret, the degree of risk is completely lost after the chip financial card is lost. After that, the cardholder is allowed to change the secret; here, there are three provable secrets and the new personal secret as the new authentication secret; (3) ) Change personal secrets to remain the same. The method described is based on the principles of the present invention. The cardholder does not need to pass random random numbers or virtual random machine random numbers, virtual random chaos, random random sources. To create a random rule that can achieve this goal is not intended to be a detailed description of the random number generator system system clock (system 16 200836118 clock) hit the keyboard and mouse movement System programs such as elapsed time between keystrokes and mouse m〇vements, operating system values such as system load and network statistics. A good software random number generator should use a variety of random sources to sample each source, and then combine the data sequence obtained by the sampling result with a complex mixing function; here, it can be used The mixing function can be a collision impedance hash function such as SHA-1 and MD5. In the application of δ 午 多 ' ' 'virtual random bit generator (pseud〇ranCJ〇m bit 鲁 generator) is usually used to replace the real random bit generator (true rand 〇 generator) The virtual random random number generated by the generator replaces the random random number. The virtual machine bit generator is an output non-random (determinist丨c) algorithm. This algorithm gives input to a true random binary sequeilce. We assume input. The length of the bit string is m, and it is set to output a random bit sequence of n>gt; m length (om means that η is much larger than m) and the input of the algorithm is called a seed. (seed). ANSI X9.1 7 and FIPS 186 are two standard methods for generating virtual random bits and random numbers. Other methods are to use a multiplicative congruence pseudorandom number generator. In the security control system of the bank issuing card of the present invention, a random random number system has been designed, which can be directly applied to the embodiment of the present invention. Embodiments of the present invention are described below in conjunction with ten figures. Please refer to the first figure, which is a flow chart for generating the authentication secret, including the following steps: Step 5 1 0 • The card-issuing bank's garbled system (500) has N user base codes. A user base code derived value is represented as panN + 1. The value of this value is a value generated by the random number generator. The random number generator is a built-in instruction of the card issuing security module. 17 200836118 Step 0·Receive the previous one The input value of the step and the primary base code stored in the garbled device 'as the two input values of the native code algorithm are used to calculate the user base code (n 〇 )

J Step 530 ··Receive the n+1th user base code calculated from the previous step

DiCn+i, which is not the DK main-A table, is the strong authentication secret of the invention (5 4 0). Next, referring to the second figure, its main purpose is to explain the two main loves of the bank card issuance system. In the work one (610) order, the bank card issuance system randomly generates a user base code for the cardholder, with the main - ._, Α table, the user base code in addition to being the authentication secret,泰泰 f V» a C? Ιλ 1 . I, h VaUe) as a registered secret (registered secret), stored in the bank card issuing system cardholder. One ^ ^ ^ ^ card person; Bessie library, at work one ( In 620), the bank card issuance system is used to prepare a cardholder secret and an authentication secret verification value, which is stored in the card holder and the defective financial card, which is used by the cardholder for identity verification. Referring to the second figure, the work one (6 1 0 .) includes the following steps: Step 1 - Step 710: Perform the step 71 in the issuance security module system (ISAM) (700), execute the female control command, and generate a random Random number; silk, step 71 5 · The random number and the primary base code generated by one step are used as input values, and the stem base code algorithm calculates the user base code (or authentication secret (DKa)) ;

"Step 720: Calculate the hash value of the authentication secret a according to the selected one-way hash function, that is, Hash (DKA); A Step 725: Transfer the cardholder's bank account number and the calculated hash value to the data, step 730 : Perform the registration step in the database, and use the received hash value as the second main book secret, together with the received cardholder bank account number, stored in the cardholder database (10); Step 73 5: Send a registration confirmation message The card security control module system 18 200836118 Step 740: After the security control module system performs the work of entering the bank card issuance process (620) 〇 work one (6 10) is completed, work two (620) will receive its authentication secret dKa , cardholder bank account and other information. Referring to the fourth figure, the second step (620) includes the following steps: Step 810: After obtaining the authentication secret DKA and the cardholder bank account by the work one (6 10), and generating a mess in the card issuing security control module system (700) The number is used as the preset personalization secret Sp; Step 820: The card holder end secret S u ' is obtained by calculating the formula Su = f2(fl(SP), DKA), where f 1 and f2 are two for segmentation The conversion function of the authentication secret; Step 8 3 0: The card holder's secret Su is also a user base code. As a piece of authentication data, the security module command is executed to update this value to the memory of the chip financial card (1 50). In the user base code file (140); Step 85: Calculate the secondary hash value of the authentication secret, ie

Hash2(DKA) = Hash(Hash(DKA)); Step 860: Add this secondary hash value to the verification value file in the memory of the wafer financial card (1 50) (870) 二次Secondary of the authentication secret The value is for the cardholder to be able to perform offline verification. It is the verification information used by the cardholder. In order to distinguish it from the original passcode verification value, it can be called the cardholder verification value. The verification value file (870) in the memory layout of the financial card (150) is the original pass code file (260). Using Hash2 (DKA) instead of Hash (DKA) as verification information is to avoid duplication of information with the bank; according to the one-way hash function, it is computationally impossible to reverse the feature. Leaking Hash2 (DKA) does not help. Hash (DKA) is guessed, and Hash (DKA) is a secret registered on the bank system side and must be kept secret. 19 200836118 Reviewing the fourth figure again, the calculation of step 820 is Su = f2(n(Sp), DKa), which is first calculated Π, then f2 is calculated to generate the card holder secret Su, where the first transfer function Π Should be a collision impedance hash function. In terms of security needs, fl does not necessarily need to have a feature that is computationally incapable of reversing: because when the attacker already knows the output value of fl, there is no need to use the output value of Π to derive the input of the individual. Secrets; however, designing fl as a collision-impedance hash function to have computationally unreversible features still has its benefits. With this feature, it will effectively extend the spatial extent of its input values, such as SHA- 1 can receive any message with a length less than 2Mbits as input (see:

Federal Information Standards Publication 180-1, Secure Hash

Standard, 1 995·), 2 “bhs message length is sufficient to provide flexibility for personalized secret selection. Selecting the personalization secret as the elasticity of the input of the first conversion function fl can lead to a variety of useful application scenarios, such as The personalization secret may be a combination of the cardholder's selected overnight code and a specific device identification code, such that the cardholder must have a specific, device to log in; another example is the cardholder's biometrics. Digital fingerprints and so on can be all or part of the personalization secret, so the way to use biometrics to hold the cardholders will be part of the login process. In addition to the above examples, the application context of the complex 2 parameters is also possible. In its second conversion function f2, in step 820, the calculation of the card holder's secret Su is also set using the following formula: Cardholder's secret S ^ = f2 (fl(SP), DKa) ~ (fl(Sp ) ten cxxDKa) mod q, where 'q is an integer constant greater than the value of all authentication secrets dka. 20 200836118 is a positive integer with q and the parameters α and q do not need to be kept secret. After the card system registration cardholder secret procedure is completed, the authentication material is stored in the chip financial card through the card issuing program, and the authentication data is the cardholder end (4)% and the authentication secret second hash value Hash2 (DKA). composition.

In the current wafer financial card holder certification party, there is no need to have a connection procedure with the banking system. Continuing this offline change of passcode, the present invention proposes that a more restrictive registration secret remains unchanged by altering the update of the passend secret. In the law, when the cardholder changes the pass code~ characteristics, in order to allow the cardholder to get a new method, the authentication secret and the bank peas are the new secrets to start the cardholder. Next, the cardholder will be asked to change the card changer. The bank's default pass code is an example. More passcode method. The fifth picture shows the two holders of the change of the pass code of the cardholder. The fifth picture is 'in the second job (91〇), the cardholder enters the default pass code given by the bank' to calculate the authentication secret (DKa). ), and verify at the cardholder's end; in Work 4 (920), after the cardholder's verification, the cardholder enters - change the passcode, and the passcode and the replied authentication secret are rounded The value is obtained to obtain the new cardholder secret, and the cardholder secret of the original storage in the wafer financial card is changed. Referring to the sixth figure, the work three (9 10) includes the following steps: v Step 1010. • Insert the wafer financial card (15〇) into the terminal at the cardholder end (〗 〖): in the standby, for example, the ATM of the physical ATM system Or the card reader of the network ATM system, and enters a preset pass code (PWD) given by a bank; Step 1020: The security control module (1〇6〇) in the ATM system receives the input value of the previous step. Execute the calculation of f3(fUPWD), Su) to reply to the authentication secret; ^1 1 3 3 0 · Use the selected one-way hash function to count the second time from the authenticated secret of the card holder Hash value; 21 200836118 Step 1 040: Perform cardholder-side offline verification (see Figure 7). After the verification is successful, enter the work four (9 2 0). After the verification fails, perform step 1 〇 5 〇, and re-enter the default pass code on the same cardholder end (1 000) to re-authenticate. In step ί 020, the calculation of the reply uses a compound conversion type, and the composite conversion type first differs from the other. Fl As defined in the previous description, the third conversion function f3 is defined as follows: DKa - f3(fl(PWD)? Su) ^ (a 1xSu + ((-(a'ixfl(PWD) mod q)) mod q )) mod^ • Here 'PWD is the passcode input value received in step 1020, the cardholder's secret Si) is obtained in the chip financial card (〗 〖5) received in step 1 020 , and q and a are the same as the definition of the f 2 formula, and DKA is the authentication secret of the reply. Refer to the figure 7 in the figure below. The work of the cardholder end offline verification includes the following steps: Step 111 0 · · Security control module in the ATM system 〇 6〇) Calculate a secondary hash value by replying the authentication secret Hash2(DKA;); Step 1120: Read the cardholder verification value in the verification value file of the memory in the wafer financial card (150); Step 11 40 · Calculate the secondary hash value obtained by the difference and the obtained card holder If the result of the comparison is correct, execute the passcode change handler: Work 4 (920) 'If the result of the comparison is incorrect', return to step 1〇5 of the sixth diagram. Oh, enter the default passcode again. In Work 4 (920), the detailed process of changing the cardholder's pass code is as shown in the eighth figure, including the following steps: Step 12 10: Enter a new personalized at the cardholder end (1〇(10)) Pass code, the table is not S p, new, 22 200836118 Step 122 0: ATM security control module (1〇60) receives the previous step SP, new, also receives step 1 from the sixth figure认证2〇Responsible authentication secret will be the new cardholder's personalized passcode Sp,new and the replied authentication secret DKA to obtain the new cardholder secret Su,new, the formula is: new cardholder F2 (f 1 (new personalized passcode), reply to the authentication secret; Step 123 0 ··Renew the new cardholder secret Su, new to the chip financial body (1240), replacing the original cardholder End secret SlJ, after receiving the success response message of the fusion card, the ATM system transmits a success message to the card holder and the line code change procedure. The present invention only needs to be slightly modified in the conventional bank card issuance system. · (1) Increase the generation of authentication secrets in the issuance control module system (js AM) If the process of generating is as shown in the first figure, the method of generating random numbers is already built-in instructions of the current security module; (2) replacing the contents stored in the current pass code file in the chip financial card The verification value described in the second hash value of the authentication secret. Therefore, the hash function must be added to the document control module system, such as MD2, MD5, SHA-1 2 5 6 , S Η A - 3 8 4 or SHA. - 5 1 2 ; (3) • Add a secret as a cardholder's secret to the chip's financial card. Since the cardholder's secret calculation must use the segmentation described in the present invention, it must be in the issuing control mode. The fi conversion function used in the segmentation method is added to the group system. With the changes described above, when the present hair issue is implemented in the current card issuance control module system, the required work is as shown in the ninth figure, including: Five (1 3 1 0) · The card issuance system generates a user base code as the authentication input dka, for input secret = card memory chip gold end change, package method, line issuing card is issued in the card, SHA-based Code method, due to the secret within f2, 23 200 836118 The detailed procedures are as shown in the third chart of the boat _ ^ ^ mouth < Step 71 〇 and Step 7 丨 5. This _ process and the required instructions are the existing existing system of the card-free security module system Job ^ Work 6 ( 1 320): Volume T a is the hash value of the authentication secret authentication secret generated by the fifth (1 3 1 0) as the registration secret of the transcript and the cardholder, detailed procedure steps 720, 725 , step ^ ^ step 730, and step 73 5 are shown. This process is to achieve the addition of the present invention to the -% & like a 5 valley, including the addition of a one-way hash function, mountain sigh, such as MD2, MD5, $HA-1 , SHA-384 or SHA-512; • Work 7 (1 3 3 0) · Generate a random random random pass code from the card security module system, and the authentication secret generated in Work 5 (1310) The two inputs of the segmentation method cited in the description, the output value of the segmentation method is secretly stored in the user base code file of the wafer financial card, and the detailed steps 810, 820, and 83 are shown. This work has been added to the current card issuance system, including the fl and f2 conversion functions used by the module system to increase the segmentation method; Work 8 (1340): Calculation work 5 (1 3 The authentication secret value generated in 1〇) is stored in the pass code file of the chip financial card, and the verified cardholder is the verification value of the civic certificate. The detailed procedure is as shown in step 4 of the fourth figure. Show. The execution of this work is a one-way hash function used in the one-way hash function (1 320) required to calculate the second hash value in order to implement the changes made by the system in order to implement the content of the present invention; Establishing a correlation between a wafer financial card, an ATM system, and silver, this deliberate design is a feature of the implementation described herein. More specifically, a secret link between a cardholder and an ATM system is established. The implementation of the two-factor authentication method of the cardholder authentication method of the present invention; 'and calculating the execution security control module SHA-256 as the third figure, the number as the card & as the present as Cardholder order, as shown in the fourth figure, is the ability to check the secondary miscellaneous of the card issuing security. Step 8 3 0 For the current card issuance, the same work six lines system has a transparent certificate. For example, 24th 200836118, the tenth figure, the detailed description is as follows: The cardholder identity authentication of the present invention has the characteristics of two-factor authentication, and the two authentication factors of the cardholder (10) are the chip financial card (150) and the personalized secret. Sp(i42〇). The chip financial card (150) is the first authentication factor, and a memory card holder secret Su (1415) is stored in the memory, which is obtained by dividing the authentication secret DKa, so the card holder side secret Su (14i5) It has a relationship with the authentication secret dKa; the personalized secret Sp (142〇) may be a personalized pass code selected by the card holder autonomously, and is a second authentication factor. When the terminal device (1, 4 5), that is, the ATM of the physical ATM or the card reader of the network ATM, after receiving the input of the two authentication factors, two secrets, namely, Sp and %, are obtained; The ATM security control system (1430) uses three transfer functions to reply to the authentication secret DKA (1435). The above description expresses that a legitimate cardholder must present the correct chip financial card and the correct personal passcode in order to respond. The correct authentication secret is passed through the identity authentication, and then the connection is established with the bank-side system (1440). When the ATM transaction is executed, the bank-side system (1440) receives the transaction request, that is, to the cardholder database (75〇). Indexing the cardholder's registered secret (1450), that is, the hash value of the authentication secret; finally, the bank ATM system uses the hash value of the authenticated secret of the reply and the registered secret as a symmetric password key to challenge and respond The program verifies the transaction authorization and completes the transmission of the transaction related information. As the login program designed by the present invention, the user_side validation technique is The card end is executed. The cardholder end verification is compared with a verifier, and the verification information must be provided to the processor where the cardholder is logged in. So what is the verification information? In the example, the cardholder side stores Hash (HaSh(SA)) as the verification information for comparison; that is, the double hash value (double_hashed value) obtained by the authentication secret sA after two hash operations is stored. 200836118 Eight times in the memory of the chip financial card is used as the test result. Because the hash function mentioned here has one-way characteristic loss, no one can get the second hash value.

Hash (Hash (SA)) does the reverse operation to give the first hash value to the water. In such an embodiment, the cardholder's verification information will not be cleaned. Endangering the security of the banking system. In the present invention, the chip financial card φ 〇 /, stores part of the information related to the secret of the card, that is, the card holder's secret, and the other Qiu Ba & α t e tune. The secret of p is that only legitimate cardholders know the correct passcode. On the cardholder's side, a confidant can now use two secrets to access the bank's AT system: one is the personal μ * 疋 化 秘 SP SP, and the other is the card holder secret Su. Although the chip financial card itself has a certain protection effect, it can protect the card holder end secret SU 'but in case the card holder accidentally gave birth to 曰 Η Η ^天日日片金融卡, also Crack access to the cardholder's secret SU, but another gamma I /., / θ U personalized secret SP is stored in the cardholder's memory. The cardholder's secret Su is not found. The illegal cardholder still cannot pass the identity authentication and steal the account deposit of the cardholder's bank. This issue, ^ ^ ^ - λλ* . The technology of Haoyue 7 protects two secrets and obviously strengthens the protection of secrets. For cardholders, cardholders: female beta, A ^ - ATM ^ „ Temple has a financial card and remembers the passcode to log in to the Silver Jubilee ATM system, complete and current operation ^ θ ^ A ^ ^, Weishu is the same. The cardholder inserts the chip financial card into each device, such as ATM or card reader r ^ a # ^ ^, machine-specific rights, for identity authentication and privacy. After receiving the two input values of the pull 4, ., and card, the first conversion function η defined in the card issuing program is executed, and the input value of the card holder is recognized, and then the conversion is performed... The input human input value of the third transfer function f3 and the second transfer function f2 have a transferable function f3 soil relationship, so that the authentication secret can be restored, and the η recognition expression formula is as follows: the output value is f3 (the converted input value of the input, The second card A private X value) two (α- x (second cardholder input value)) person input)) ((· (α X (cardholder input plug, q)) mod q) )oiod q, where α•[and value) then dq is defined as follows; then, the card 26 200836118 enters the device to calculate the third conversion The hash value of the number of output values is used as the cardholder end cardholder hash value and the verification value in the chip financial card (4) / is indeed a legitimate cardholder, and the cardholder is allowed to access the system request, or the person's deposit Request for authentication. Although the authentication secret plays a central role, the authentication exists secretly. We can apply the authentication secret to the individual memory after the card issuance process, the cardholder login, and the relevant S-70 calculation. Delete the storage authentication secret, the bank system only stores the authentication secret - the second hash will have the existence of the authentication secret. Μ, because the authentication secret is randomly generated random number, even if the hacker directly guesses, successfully guess the random generated secret It is purely a matter of chance. ^ The length of the generated secret bit is 16〇, then the probability of successful guessing is 2 seconds (3 seconds), then the successful guess is 10 X2 seconds. After the conversion is equal to 1〇·3χ1〇48 seconds, the probability of successfully guessing the secret in a reasonable time is as low as almost impossible. The guess is not only applicable to online attacks but also to offline. The advantages of the system embodiment implemented according to the content of the present invention include: (1)· In the case that the cardholder pass code cannot be obtained, even if the old card is cracked, the cardholder end secret is only stolen. Can steal one of the cardholders; the verification information in the chip financial card is the second accompaniment of the authentication secret. The second hash value can be reversed to obtain the first hash value of the bank system security; It is difficult or even impossible to steal the pass code through other techniques such as in-house personnel intrusion, because the pass code is parallel to the system; (2) · The derivative value without the specific pass code is stored in the bank system side hash value, indicating If you refuse to hold the code, you don't need to update the code. You don't need to value. The test secrets are assumed to follow the 16(), the expected time of the year; in other words, if the 1J card is not in the same month, it will not be secretly guessed. The two secret values of this lost chip gold, there is no 'not dangerous card issuer is not stored. The so-called cipher and the bank 27 200836118 Code: The value of the franchise can be the hash value of the passcode, the ciphertext of the passcode, or the converted value obtained by the Slngle'inPut function. Only the storage of the left slave θ value associated with the pass code 疋 combines the first and second composite transfer functions to convert the card holder's secret, potted, ^ /, A 'this combination conversion type has two independent Enter the value passcode and the authentication secret. The same is true. Because of the excellent characteristics of the court, the method proposed by the present invention does not give the attacker any clues about the pass code. In the two examples, pull ^ ^ Τ, Λ, ^ ^ 9 is verified by the cardholder, and the cardholder and the system end are responsible for the work of checking the cry, and the bank and the bank are all safe. Responsibility for protection. The purpose of the card-side verification is to shell, ', the input value used to generate the response message is correct, and the verification of the system is the county. ^ ^ The request to ensure access is from the legal cardholder, no疋 From the intruder. The transcripts proposed by the present invention, &. Temple card 柒 verification techniques can also be used for the method of 苴人 certification and tying. Dushang gossip's character ^ X η ^ ^ ^, cardholder end verification information can be different according to different types of methods, such as going to Gu ^ I # answer & π field card use public / private key The private key of the pair is used to create a digital signature as a response to the challenge. The cardholder verification information can be a relative public key; in this case, the system is recognized as ^μ / in the system. The end uses the same public key as the system side verification information. Give another example such as 2 丄 示 、, 鲕 鲕 | 中, Huh, # + example, in the traditional cardholder authentication method based on the pass code, Hash (cardholder & amp, yang, 尬. selected The pass code can be used as the cardholder's verification fee compared to the present invention.

In fact, the entity ATM system, the invention is simpler to implement in the network system, "I ... / two-way ATM, and to update the program of the silver know server, it is necessary to update all physical ATMs one by one. , ... and the cash machine can shorten the construction time, indicating the application network program l 、, sex, the three conversion functions are implemented as ActiveX component cardholders, but browse the bank network, the same ATM The URL will automatically carry the computer on this side. At this time, the #1############################################################################################### The system can be used to verify the identity of the cardholder. According to the system implemented by the content of the present invention, 1 card A says that 々i /, 糸, and washing orders are the same as the system side of the current authentication method based on the chip financial card, but the cardholder has a large report. The difference, for example, is that the cardholder end of the embodiment of the present invention makes the =T-transform function η, [2 and f3. The three conversion functions can be set in a variety of ways: for example, the 'first-transition function fl can be set to a collision impedance hash function plus a constant positive integer such as fl(Sp)=Hash(Sp) +p, so collision impedance hash function. Participate in ... to identify the device = two times of confidential protection. Capturing another layer, in summary, implementing the method of the present invention, the large operation flow 'and without adding any hardware, Xiao is now changing any cost of the current bank, which is the main feature of the invention, saying: If the comparison is not as follows, the three conversion functions are designed to be issued in the issuing security control module. The secret of the process of issuing the card in the bank is stored in the chip financial card, which can replace the current storage to generate the cardholder update card. The card issuance security module in the device can be used. In addition, the weight only needs to be updated. The same three conversion functions can be used to verify the secret after receiving the second M system. The red-manufacturing process of the two certifiers provided by the eight people of the card has not changed. Therefore, this issue is further implemented. In the existing ATM system, the method of being strong can be shortened. The card security card's identity security office / room [simple description of the map] the threat of the jinyi encounter. The decision of the map is the government of the invention _ on the ', the example of the secret certificate of the household shot (5) second map · · This hair Two of the bank card issuance system:: Figure. The third picture: the cardholder registration of the invention: schematic diagram. The fourth picture: the flow chart of the holder + seat of the present invention. 29 200836118 Fig. 5 is a schematic diagram of two working procedures of the cardholder's change of the pass code of the present invention. Fig. 6 is a flow chart of the cardholder certification preparation information of the present invention. Card human end self-validation flow chart. Eighth figure. The card holder of the present invention changes the pass code flow chart. The ninth figure is the four tasks required to implement the present invention in the current card issuance control module system. Fig. 10 is a schematic diagram of the two-factor authentication of the present invention. • Figure 11 is a flow chart of an embodiment of a conventional card issuing system. Fig. 12: Procedure for completing a transaction by using a wafer financial card in a physical ATM system Flow chart of an embodiment of the card issuance system. Fig. 13 is a transaction procedure diagram of a wafer financial card used in a conventional network ATM system. [Description of main component symbols] (3 0 5) (3 10) (3 1 5) (3 20)(3 25)(3 30)(33 5)(340)(3 4 5) (3 5 0) (3 5 5) (3 60) (3 90) (410) (41 5) (42 0) (4 2 5) (4 3 0) (43 5) (440) (44 5) (4 5 0) (45 5) (46 0) (46 5) (470) (475) (490) (5 10) (5 20) (5 30) (710) (715) (720) ( 72 5)(73 0)(73 5)(740)(8 10) • (820)(830)(850)(860)(870)(10 10)(1020)(1030)(1040)(1 050 ) (1 1 10) (1 1 20) (1 140) (12 10) (1 220) (1230) (1240) Step (10) Cardholder (1 1) Network ATM Client System (12) Network Road ATM Bank System (20) Entity ATM Bank System (3〇) Entity ATM System Cash Dispenser (100) Garbled Device (110) Primary Base Code (120) Another Input Value (130) Calculation Process (140) User base code file (〗 50) chip financial card (260) pass code file (353) offline card holder identity authentication program (500) garbled system 30 200836118 (6 2 0) work two (750) hold + person Database (920) work four (1 3 1 0) work five (1 340) work eight (540) authentication secret (610) work one (700) issue card security control module system (870) verification value file (9 10) Work three (1000) cardholder end (1〇6〇) security control module end (1 130) cardholder verification value (1 320) work six (1 330) work seven (1 4 1 5) cardholder Secret (1 4 2 0) Personalized Secrets (1425) End Devices (Cash Machines or Card Readers) (143〇) ATM Security Systems (143 5) Authentication Secrets (1440) Bank End Systems • (1450) Registration Secrets

31

Claims (1)

200836118 X. Patent application scope: 1 'The use of chip financial card private process includes the following steps:; ATM system cardholder authentication method, which is certified by the cardholder's chip financial input value; The pre-stored value is given to the ATM machine as the input value of the given-ATM machine; the input value of the two-member input value is calculated by the authentication calculation process and the verification value of the pre-stored U-finance card ± If the match is correct, then the certificate requested by the cardholder is permitted. ATM system. The invention claims the method of claim 1, wherein the ATM system is a Web ATM system. 4. The method of claim 1, wherein the authentication calculation comprises a one-way hash function, a first function, a second function, and a third function. 5. The method described in claim 4, the function is set as follows: The one-way hash function is set to Y ^^(y), y is the input variable value, and h is a collision impedance hash The number 'Y is the output value of this conversion function; the first function is set to U = fl(x) = Y + β, x is the input variable value, Υ is the output value of the one-way hash function, and β is one The constant of a non-negative integer, U is the output value of this conversion function; the second function is set to V'f2(fl(x), S) two (U+ axS) mod q, U is the output value of the first function 'module' The number q is a positive integer greater than all numerical examples of s, and a is a positive integer that is prime with q; the third function is set to S== f3(l V), U is the output value of the first function, v 32 200836118 is the output value of this second function. 6. The method of claim 4, wherein the authentication calculation further comprises a pre-stored value generated during the registration process, the process comprising the steps of: obtaining a value as an authentication secret; The card person selects a pass code; the authentication secret and the pass code are two input values, and the pre-stored value is generated through an operation process of the first function and the second function. 7. The method of claiming a patent of Capricorn $6, wherein the authentication secret is a random random number.于8·········································· , wherein the authentication secret is ATM silver. The operation process of the pre-stored value includes a user base code generated by the system side according to the method described in claim 6 of the patent application scope. The method is as follows: using the pass code as an input of the first function to obtain a temporary value; the temporary value and the authentication secret are regarded as inputs of the second function to calculate the pre-φ stored value; The prestored value is pre-stored in the wafer financial card memory. η. The method of claim 1, further comprising deleting the authentication secret from the associated calculated memory. 12. The method of claim 6, wherein the authentication secret further comprises a verification value, and the verification value is generated in the registration process according to the following steps: the authentication secret is subjected to a conversion process to generate the verification value. The verification value is stored in advance in the wafer financial card memory. 33 200836118, the conversion process is through the one-way. The ATM system performs the following steps on the cardholder: 1 3 · The method described in item 12 of the patent application The output value of the two functions of the hash function. 1 4. If the method described in claim 5, when the identity is tolerant, the calculation process of the forbearance includes the cardholder's input being converted into an output value via the first function; The pre-stored value is treated as an input to the third transfer function; the round-out value of the third transfer function is passed through the two-way hash function to generate the result of the authentication calculation process. 1 5 · The method described in item 14 of the patent application 1 << 忐, further comprising deleting the authentication secret from the memory of the correlation calculation. 1 6 · If the method described in claim 14 is applied, the result of the certification calculation process is a quadratic hash value. 17. The method of claim 16, wherein the secondary hash value is used as a cardholder end hash value. 1 8 · The method of claim 17, wherein the method further comprises using the cardholder end hash value to allow or reject the cardholder's identity authentication request. The method of claim 6, further comprising the method of changing the pass code selected by the cardholder, comprising the steps of: in the registration process, the cardholder re-selects a new pass code as the cardholder The selected pass code; the new pass code is used as the input value of the first function; the output value of the first function and the authentication secret are taken as the round of the second function to recalculate a new one Pre-stored value; replace the original pre-stored value with the new pre-stored value, but the authentication secret remains unchanged with the verification value 34 200836118. 2ϋ·Α"τΠ!/曰片金融卡 is a cardholder authentication system for ATM systems that contains eight items that can be used to store instructions executable by the ATM machine The machine performs the following steps: A pre-stored value is obtained from the 4% κ person f, 曰曰 金融 financial card as an input value to the ATM machine; the cardholder provides another input value to the ATM machine; The result of the calculation of the two input values through an authentication calculation process is compared with a verification value stored on the wafer financial card by the pre-rule; 21 if the comparison is consistent, the cardholder's requested authentication is permitted. i. The cardholder authentication system described in claim 20, wherein the authentication calculation G includes a one-way hash function, a first function, a second function, and a '-" function ^ 0 22· For the cardholder authentication system described in claim 21, the function is set as follows: The one-way hash function is set to Y = h(y), Y is the input variable value, and h is a collision impedance hash function. , Y is the output value of this conversion function; • The first function is set to υ=Π(χ)=Υ+β, X is the input variable value, Υ is the output value of the one-way hash function, and β is one The constant of a non-negative integer, U is the output value of this conversion function; the second function is set to V2f2(fl(x), s)=(U+ OCXS) mod q, where U is the output value of the first function, modulo The number q is a positive integer greater than all numerical examples of S, and α is a positive integer that is mutually prime with q; 5 is a function of S 2 f 3 (U,V ) ' U is the output of the function of the brother Value, V The output value of the second function. 35 200836118 2 3 · The cardholder authentication system described in claim 2, wherein the pre-stored value is generated during the registration process, the process including the instruction further guiding the ATM machine to perform: obtaining a value as a certification a secret code; the cardholder selects a pass code; the authentication secret and the pass code are two input values; the pass code is used as the input of the first function to obtain a temporary value; The authentication secret is treated as a round of the second function to calculate the pre-stored value. _ 2 4 ·If the cardholder of the patent scope 2 2 2 is responsible for the cardholder’s identity verification, the certification process includes the instruction to further guide the ATM machine execution·· The cardholder's input is converted into an output value via the first function; the output value and the pre-stored value are treated as inputs of the third transfer function; and the output value of the third transfer function is passed a conversion process to generate the result of the authentication calculation process; the result of the authentication calculation process as a cardholder-side hash value; the person uses the cardholder-side hash value to allow or reject the card identity Request for certification. 25·-a computer department, system “includes an ATM machine that can perform cardholder certification, and has been certified In the case of a transaction, the transaction request is transmitted to the system side, and the transaction is requested by the system to be processed by the system to be processed by the system at the bank system side. XI. Schema: as the next page 37