Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1999-11-05
2004-08-17
Smithers, Matthew (Department: 2137)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C713S171000, C713S173000, C713S174000, C713S170000, C713S193000
Reexamination Certificate
active
06779112
ABSTRACT:
TECHNICAL FIELD
This invention relates to integrated circuit (IC) devices such as smart cards, and to methods for using IC devices for authentication purposes. This invention may also be extended to other types of IC devices with limited memory and processing capabilities, such as smart diskettes, electronic wallets, PC cards, and the like. More particularly, the invention relates to methods for using steganographic communication to authenticate authenticatable identities.
BACKGROUND
Authentication systems are used for security purposes to verify the authenticity of one or more parties or entities during a transaction. Traditionally, authentication systems have been manual, involving personal recognition or quick verification of a party via some form of additional identification. One very familiar authentication process occurs when purchasing an item with a personal check. The sales clerk will process the check only if he/she recognizes the person writing the check or if the person presents another piece of identification (e.g., a credit card or driver's license) to verify their authenticity as the specific person who is tendering the check.
Today, many authentication systems are electronic. A familiar electronic authentication system is a common credit card purchase. A card issuer issues a credit card to a consumer to enable the consumer to purchase items on credit. Credit cards that are primarily in use today consist of magnetic-stripe memory cards that have a single magnetic stripe (“mag-stripe”) on one side. The magnetic stripe contains information about the card issuer, the consumer, and his/her account.
During a purchase transaction, the consumer presents the credit card to a sales clerk, who authenticates the card before finalizing the transaction. The credit card authentication process is typically performed “online”. The sales clerk swipes the card through a reader, which extracts the card data from the magnetic stripe and transmits the data over a network to the card issuer (or a third party contracted to handle authentication requests). The card issuer checks to ensure that the card is still valid (i.e., has not expired), has not been revoked as being lost or stolen, and the corresponding account is below the authorized credit limit. If the authentication is successful, the card issuer returns an approval and the sales clerk completes the transaction. With conventional telecommunications and computerized processes, the entire credit card authentication process is typically handled in an acceptable length of time, such as a few seconds.
Today, there is increasing use of “smart cards” in place of, or in addition to, conventional magnetic stripe cards. A “smart card” is a thin card about the size of a credit card, with a built-in processor that enables the card to modify, or even create, data in response to external stimuli. The processor is a single-wafer integrated circuit (IC) which is mounted on an otherwise plastic card. For this is reason, smart cards are often referred to as one class of “integrated circuit cards” or “IC cards”.
As smart card technology becomes more pervasive, it paves the way for conducting a variety of new transactions, such as electronic money, which are not available with conventional mag-stripe cards. Smart cards also open up the arena for conducting certain new “offline” transactions, which do not involve validating a card with a central authority. These offline electronic transactions are typically performed without the human intervention, such as from a sales clerk.
Smart cards are equipped with authentication capabilities used to establish the identity of an entity with which it is communicating. An identity can be an individual human being, a business, a piece of computing hardware, software code, a network node, an organizational role, or an accreditation agent. Smart cards also have authorization capabilities to control access to resources stored on the cards or elsewhere. Authentication capabilities are typically in the form of a secret password or cryptographic keys. For a basic introduction of cryptography, the reader is directed to a text written by Bruce Schneier and entitled “Applied Cryptography: Protocols, Algorithms, and Source Code in C,” published by John Wiley & Sons with copyright 1994 (second edition 1996).
Smart cards have programs and data that are specifically dedicated to performing these authentication capabilities. These special programs and data define a natural point to attack on the authentication subsystem of a network. Many of the various physical and environmental attacks that are detected are based on identifying and carefully observing the special steps, calculations and hardware that are dedicated to performing the authentication capabilities.
One type of attack is the so-called differential power attack. This attack is directed to observing the power consumption of the smart card and ascertaining the type of processing that takes place through changes in the power that is consumed by the card. For example, when a binary multiplication operation is performed, more power is drawn from the external power supply when the multiplier is “1” than when the multiplier is “0”. Thus, by monitoring the power consumption during a time that a card is handling cryptographic material, one can ascertain what mathematical operations are taking place.
Another kind of attack is a so-called timing attack. A timing attack monitors the time that it takes to perform certain operations, e.g. it takes longer to multiply by 1 than it does to multiply by 0. Thus, if authentication times take longer, that may be an indication that there are more 1s in an authentication key than 0s.
In order to counter these types of attacks, authentication keys and protocols have become more complex. This has had an impact on the amount of special purpose software and hardware that must be used to manipulate authentication keys. Ironically, the increase in complexity may actually make a system easier to attack.
Because of the need for special processing and calculations, secret key authentication procedures typically decouple the authentication process from other normal data processing. As a result, the authentication process can be more easily identified, isolated, and subjected to an attack. Attacks such as the “man in the middle” attack and the replay attack are attacks on the authentication procedure and not necessarily on the authentication data. In fact, many of the weaknesses in the authentication systems are in the increasingly complex protocols that are used to conduct the authentication process and not in the explicit revealing of the key material being used.
Accordingly, this invention arose out of concerns associated with providing improved methods and systems for authenticating identities.
SUMMARY
This invention concerns an integrated circuit (IC) device, such as smart cards, electronic wallets, PC cards, and the like, and various methods for authenticating identities.
The IC device has a memory and a processor. The IC device maintains an identity authentication table in the memory to hold an arbitrary number of identities. The identity authentication table correlates identities with authentication structures. Each identity has a unique authentication structure.
In one embodiment, each authentication structure is defined by a collection of data-handling or data processing commands. These commands are the types of commands that are normally associated with data processing that is performed by the IC device. These commands are not inherently functional to provide any authenticating capabilities. The commands can be arranged in a unique manner so that each identity becomes associated with a unique set of defined commands. Arrangements can be embodied in the particular types of commands that are selected, the order of selected commands, or both, to name just a few.
When an identity is authenticated, a dialog takes place between the IC device and the identity. The dialog contains the authentication structure for an identity. If the aut
Fields Courtney D.
Lee & Haynes, PLLC
Microsoft Corporation
Smithers Matthew
LandOfFree
Integrated circuit devices with steganographic... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Integrated circuit devices with steganographic..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Integrated circuit devices with steganographic... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3292616