EP1010146A2 - Procede d'authentification mutuelle de deux unites - Google Patents

Procede d'authentification mutuelle de deux unites

Info

Publication number
EP1010146A2
EP1010146A2 EP98928199A EP98928199A EP1010146A2 EP 1010146 A2 EP1010146 A2 EP 1010146A2 EP 98928199 A EP98928199 A EP 98928199A EP 98928199 A EP98928199 A EP 98928199A EP 1010146 A2 EP1010146 A2 EP 1010146A2
Authority
EP
European Patent Office
Prior art keywords
unit
key
random number
message
units
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP98928199A
Other languages
German (de)
English (en)
Inventor
Hans-Hermann FRÖHLICH
Winfried Gall
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Giesecke and Devrient GmbH
Original Assignee
Giesecke and Devrient GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Giesecke and Devrient GmbH filed Critical Giesecke and Devrient GmbH
Publication of EP1010146A2 publication Critical patent/EP1010146A2/fr
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • H04L9/16Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication

Definitions

  • the invention relates to a method for mutual authentication of two communicating units.
  • the three-stage authentication takes place, for example, in such a way that the unit B generates a random number and sends it to the unit A. This also generates a random number and encrypts it and the random number received by the unit B with the aid of its secret key.
  • the result of this encryption is then transmitted as a message from unit A to unit B. This then decrypts this message with the same secret key and checks whether the random number previously sent to unit A matches the random number obtained from the encrypted message. If this is the case, unit B knows that unit A also has the same secret key. Unit A is thus authenticated with respect to unit B.
  • the unit B then exchanges the two random numbers and encrypts them with the shared secret key.
  • the message sent by unit B is then decrypted by unit A and the latter compares the random number previously transmitted to unit B with the random number obtained from the message. If this in turn matches the random number generated by unit A, then unit B is also authenticated to unit A.
  • This mutual authentication is based on the fact that units A and B use the same secret key to encrypt their messages.
  • the encrypted messages are different due to the exchange of the random numbers, it cannot be ruled out that due to the exchange of the random numbers and the associated change in the message when the encryption algorithm is known by listening to the messages for the secret key can be closed.
  • the present invention is therefore based on the object of making plain text attacks more difficult by preventing the occurrence of plain text and associated ciphertext during communication. This task is solved by the features specified in claim 1.
  • the basic idea of the invention is that a key is transmitted in the first message transmitted in encrypted form from a first unit to a second unit, which key is different from the key used by the first unit to encrypt this message.
  • the second unit then encrypts the second message intended for the first unit using the key received from the first unit.
  • the second unit is then authenticated by the first unit on the basis of this message.
  • Another advantage of the method according to the invention is that a key exchange is possible during the authentication without any administrative effort.
  • this key can also be used to encrypt the data exchange between the units.
  • the exchanged key can be dynamic and therefore different for each authentication.
  • the key used to encrypt the key to be exchanged can also be individual for the respective unit.
  • This key is preferably derived from a basic key common to the units of the system, taking into account the respective identifier of the unit, according to a previously defined algorithm.
  • the second unit calculates, for example, starting from this basic key and using the identifier received from the first unit, the key used by the first unit to encrypt the message.
  • the basic key must of course be kept secret.
  • a key derived from a basic key has the advantage that, if the derived key has become insecure for a unit, another derived key can be used to authenticate the unit according to a defined algorithm, without the basic key being changed and encrypted Form must be exchanged between the units.
  • the unit which authenticates the other unit selects from a number of secret keys agreed between the units, according to a defined rule, the key which the unit which is to be authenticated used to encrypt the message is.
  • the units communicating with one another can be, for example, a chip card and a terminal, as are used in electronic payment transactions.
  • the chip card can be assigned to a customer, for example, and the terminal to a dealer or a bank.
  • the method according to the invention is of course not only limited to such an application. Rather, it can be used wherever it is necessary to check the authenticity of system-associated units. ascertain. For example, the method could also be used in a mobile radio system.
  • the figure shows the process flow for the authentication of the communicating units A and B according to the invention.
  • the unit B sends a random number Z_ generated by it to the unit A. Preferably, but not necessarily, this is initiated by a request Ab from unit A.
  • Unit A also generates a random number Z a .
  • the unit A selects a secret key K_ known only to it.
  • unit A encrypts the random numbers Z a and Zb and the key K_ selected by it with the secret key Kab shared by the two units A and B.
  • a sequence number SN can be included in the encryption.
  • the result of the encryption is then transmitted to unit B as message N1.
  • the unit B decrypts the received message Nl with the key Kab.
  • the random number Z a ', the random number Zb', the optional sequence number SN 'and the key K_ selected by the unit A are thus obtained in plain text from the message Nl'.
  • the unit B compares the random number Zv obtained by decryption from the message Nl with the random number Zb generated by the unit B and transmitted to the unit A. If these match, unit A is recognized by unit B as belonging to the system. If this is not the case, unit A is not authentic and does not belong to the system.
  • the sequence number SN ' can also be evaluated by the unit B with regard to its validity.
  • the unit A has another secret key Kab 'previously agreed with the unit B for encrypting the D -
  • the unit B selects the key Kab- according to a previously defined rule from a protected list in which there are several secret keys Kab ', Kab ", Kab n .
  • This key Ka' is then used, as already described above , decrypts the message NI, which enables unit B to successfully authenticate unit A by correctly selecting the key KaK, because units A and B each have several, previously in common are agreed secret keys, units A and B can change the shared secret key Kab 'used for authentication at any time, the change taking place according to a rule previously defined between the units.
  • the selection method described enables the units A and B to switch to other secret keys agreed between them without additional administrative effort if one of the keys has become known.
  • the mutual authentication of units A and B in the invention can take place independently of the selection of a new shared secret key.
  • the authentication of unit B by unit A is described below.
  • the unit B encrypts the random numbers Z_- and Zv using the key K_ 'obtained from the message Nl.
  • the result of the encryption is transmitted to unit A as message N2.
  • the unit A decrypts the message N2 by means of the key Ks previously selected by it and thus receives the random numbers Zb "and Z a " in plain text as message N2 '.
  • the random number Z a " is then compared with the random number Z_ generated by the unit A.
  • a comparison of the random number Zb "obtained from the message N2 by decryption with the random number Zb received from the unit B can also be carried out by the unit A. If the comparison is positive in both cases, the unit B is considered authentic by the Unit A recognized. Of course, however, it may also be sufficient to only compare the random number Z a "with the random number Z a to authenticate the unit B.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Accounting & Taxation (AREA)
  • Signal Processing (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Finance (AREA)
  • Storage Device Security (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

L'invention concerne un procédé d'authentification mutuelle de deux unités communiquant l'une avec l'autre, selon lequel le message transmis sous forme chiffrée par une unité A à une unité B contient une clé transmise avec, qui diffère de la clé utilisée par l'unité A pour coder le message. L'unité B code alors le message établi pour l'unité A à l'aide de la clé qu'elle a reçue de l'unité A, message sur la base duquel l'unité B est authentifiée par l'unité A.
EP98928199A 1997-04-17 1998-04-16 Procede d'authentification mutuelle de deux unites Ceased EP1010146A2 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
DE19716111A DE19716111A1 (de) 1997-04-17 1997-04-17 Verfahren zur gegenseitigen Authentifizierung zweier Einheiten
DE19716111 1997-04-17
PCT/EP1998/002231 WO1998048389A2 (fr) 1997-04-17 1998-04-16 Procede d'authentification mutuelle de deux unites

Publications (1)

Publication Number Publication Date
EP1010146A2 true EP1010146A2 (fr) 2000-06-21

Family

ID=7826826

Family Applications (1)

Application Number Title Priority Date Filing Date
EP98928199A Ceased EP1010146A2 (fr) 1997-04-17 1998-04-16 Procede d'authentification mutuelle de deux unites

Country Status (6)

Country Link
EP (1) EP1010146A2 (fr)
JP (1) JP2001523407A (fr)
AU (1) AU8013598A (fr)
DE (1) DE19716111A1 (fr)
IL (1) IL132374A0 (fr)
WO (1) WO1998048389A2 (fr)

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7249108B1 (en) 1997-07-15 2007-07-24 Silverbrook Research Pty Ltd Validation protocol and system
US7702926B2 (en) 1997-07-15 2010-04-20 Silverbrook Research Pty Ltd Decoy device in an integrated circuit
US6816968B1 (en) 1998-07-10 2004-11-09 Silverbrook Research Pty Ltd Consumable authentication protocol and system
FR2782431B1 (fr) * 1998-08-17 2000-09-29 Gemplus Sca Procede et dispositif d'authentification a algorithme symetrique
DE19953448A1 (de) 1999-11-06 2001-05-10 Volkswagen Ag Anschlagpuffer
SE518400C2 (sv) * 2000-02-04 2002-10-01 Telia Ab Förfarande och arrangemang för ömsesidig autentisering vid kommunikation mellan två personer i ett kommunikationssystem
AU2004205292B2 (en) * 2000-02-15 2004-12-09 Silverbrook Research Pty Ltd A system for authenticating an object
CA2400220C (fr) 2000-02-15 2013-07-30 Silverbrook Research Pty Ltd Systeme et protocole d'authentification de consommables
AU2004201742B2 (en) * 2000-02-15 2004-06-03 Silverbrook Research Pty Ltd Consumables validation chip
AU2005200945B2 (en) * 2000-02-15 2006-10-05 Silverbrook Research Pty Ltd Integrated Circuit For Authenticating an Object
AU2006252272B2 (en) * 2000-02-15 2007-03-22 Silverbrook Research Pty Ltd An apparatus for validating a device using first and second keys
EP1223565A1 (fr) * 2001-01-12 2002-07-17 Motorola, Inc. Système de transaction, dispositif portable, terminal et méthodes de transaction
JP2002281027A (ja) * 2001-03-19 2002-09-27 Toshiba Corp 認証システムのエンティティ装置、鍵更新方法及び認証方式更新方法
US7865440B2 (en) 2001-10-11 2011-01-04 International Business Machines Corporation Method, system, and program for securely providing keys to encode and decode data in a storage cartridge
US7003111B2 (en) 2001-10-11 2006-02-21 International Business Machines Corporation Method, system, and program, for encoding and decoding input data
US7496397B2 (en) 2004-05-06 2009-02-24 Boston Scientific Scimed, Inc. Intravascular antenna
KR100601703B1 (ko) * 2004-10-04 2006-07-18 삼성전자주식회사 브로드캐스트 암호화를 이용한 기기의 인증 방법
GB2493138A (en) * 2011-07-15 2013-01-30 Flick Mobile Ltd A system for secure payment transactions

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2600188A1 (fr) * 1986-06-16 1987-12-18 Bull Cp8 Procede d'habilitation d'un milieu exterieur par un objet portatif relie a ce milieu
FR2601795B1 (fr) * 1986-07-17 1988-10-07 Bull Cp8 Procede pour diversifier une cle de base et pour authentifier une cle ainsi diversifiee comme ayant ete elaboree a partir d'une cle de base predeterminee, et systeme pour la mise en oeuvre
JP2731945B2 (ja) * 1989-06-05 1998-03-25 エヌ・ティ・ティ・データ通信株式会社 個別鍵による認証が可能なicカード
FR2681165B1 (fr) * 1991-09-05 1998-09-18 Gemplus Card Int Procede de transmission d'information confidentielle entre deux cartes a puces.
DE4142964C2 (de) * 1991-12-24 2003-05-08 Gao Ges Automation Org Datenaustauschsystem mit Überprüfung der Vorrichtung auf Authentisierungsstatus

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO9848389A3 *

Also Published As

Publication number Publication date
WO1998048389A2 (fr) 1998-10-29
JP2001523407A (ja) 2001-11-20
WO1998048389A3 (fr) 1999-01-28
DE19716111A1 (de) 1998-10-22
AU8013598A (en) 1998-11-13
IL132374A0 (en) 2001-03-19

Similar Documents

Publication Publication Date Title
DE69533328T2 (de) Beglaubigungseinrichtung
EP0631408B1 (fr) Procédé d'authentification entre deux dispositifs électroniques
DE69829642T2 (de) Authentifizierungssystem mit chipkarte
EP1010146A2 (fr) Procede d'authentification mutuelle de deux unites
DE3883287T2 (de) Steuerung der Anwendung von Geheimübertragungsschlüsseln durch in einer Erzeugungsstelle hergestellte Steuerwerte.
EP1076887B1 (fr) Procede pour authentifier une carte a puce dans un reseau de transmission de donnees
EP1368929B1 (fr) Procédé d'authentification
DE102013206185A1 (de) Verfahren zur Erkennung einer Manipulation eines Sensors und/oder von Sensordaten des Sensors
EP2567501B1 (fr) Procédé pour la protection cryptographique d'une application
EP2749003A1 (fr) Procédé pour authentifier un terminal de communication comprenant un module d'identité au niveau d'un dispositif serveur d'un réseau de télécommunication, utilisation d'un module d'identité,module d'identité et programme informatique
DE10026326B4 (de) Verfahren zur kryptografisch prüfbaren Identifikation einer physikalischen Einheit in einem offenen drahtlosen Telekommunikationsnetzwerk
DE102018202176A1 (de) Master-Slave-System zur Kommunikation über eine Bluetooth-Low-Energy-Verbindung
EP2730050B1 (fr) Procédé de création et de vérification d'une signature électronique par pseudonyme
EP2098039A1 (fr) Procédé de transfert de messages codés
DE19840742B4 (de) Verfahren zur Erhöhung der Sicherheit von Authentisierungsverfahren in digitalen Mobilfunksystemen
DE3922642C2 (fr)
EP1175750A1 (fr) Signature et verification de signature de messages
WO2000018061A1 (fr) Procede d'authentification d'au moins un abonne lors d'un echange de donnees
EP3367285B1 (fr) Terminal, id-token, programme informatique et procédés correspondantes d'authentification d'une autorisation d'accès
EP1163559B1 (fr) Procede et dispositif permettant de securiser l'acces a un dispositif de traitement de donnees
EP0844762A2 (fr) Procédé d'échange sécurisé de messages pour services de masse ainsi que dispositif d'abonné et dispositif serveur y adaptés
DE69332261T2 (de) Verfahren zur Authentifizierung eines Datenverarbeitungssystems aus einer Computerdiskette
EP1400142A2 (fr) Procede d'authentification
WO2018091703A1 (fr) Procédé et dispositif de sécurisation d'une transmission de données électronique
DE102005013909A1 (de) Vorrichtung und Verfahren zur Schlüsselreduktion

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 19991117

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

17Q First examination report despatched

Effective date: 20000908

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20040418