Cryptography – Particular algorithmic function encoding – Nbs/des algorithm
Patent
1988-03-10
1990-03-06
Cangialosi, Salvatore
Cryptography
Particular algorithmic function encoding
Nbs/des algorithm
380 24, 380 25, H04L 900
Patent
active
049072722
DESCRIPTION:
BRIEF SUMMARY
The invention relates to a method for authenticating an external authorizing datum by a portable object, such as a memory card.
The invention applies in particular to authenticating a confidential code assigned to the owner of a memory card.
In the majority of applications that use a memory card, each owner of a card is assigned a confidential code by an authorized entity. This code, which is particular to the owner and personalizes his card, is prerecorded in the memory of the card. The authorized entity also records data or parameters in this memory that define the limits of use of the card, in particular the services that can be obtained by means of this card.
The owner gains access to these services by way of apparatuses with which he temporarily couples his card. These apparatuses generally do not begin the process of furnishing the service requested until after controls, intended in particular to assure that the carrier of the card is indeed the owner of it, and that the card is indeed authorized to furnish the service requested. Although these controls may vary from service to another, there is one of them that is always performed on the confidential code. More precisely, the carrier of the card enters his code into the apparatus, for example by way of a keyboard; the code entered is then transmitted to the card to be compared with the code prerecorded in its memory. In the event that the codes are the same, the process of furnishing the service continues, and in case they are not the same, the process of furnishing the service requested is automatically broken off. This control makes it possible to avoid use of the card by any person other than its owner.
However, a defrauder in possession of a stolen card has the chance to make a great number of attempts until he finds the valid code that corresponds to the code prerecorded in the memory of the card. To overcome this kind of attempted fraud, an error counter is provided in the card, which is incremented each time an erroneous code is presented. As soon as this counter attains a predetermined number, the card is automatically rendered unusable, as is described in U.S. Pat. No. 4,092,524, corresponding to French Patent No. 2 311 360.
This first improvement proves to be inadequate if the defrauder is able to prevent or inhibit the memorization function of the counter, by cutting the power supply of the card at the precise instant when the counter must be incremented. This instant can be detected by analysis of the signals exchanged between the card and the apparatus. In fact, it is sufficient for the defrauder to locate the signals transmitted by the apparatus that correspond to the writing voltage sent to the card to enable it to write into the error counter.
A second improvement, described in U.S. Pat. No. 4,211,919, corresponding to the French Patent No. 2 401 459 of the present applicant, makes it possible to avoid this kind of fraud by providing an identical processing method whether the code presented is valid or invalid. In fact, knowing that the defrauder can locate the instant when the apparatus transmits the writing voltage to the card and that this voltage is not transmitted except in the case where the code presented to the card is invalid, the improvement comprises also transmitting a writing voltage to the card even if the code presented is valid. Thus a symmetry in the processing time for a valid code or an erroneous code is attained, so that a defrauder cannot gain any advantage from a difference between these processing times.
Nevertheless, this symmetry of the processing times is a constraint for the programmer, and in practice it proves to be very difficult to put this constraint into effect.
According to the method of the invention, recognition of an external authorizing datum is not performed by simple comparison between this datum and the reference authorizing datum recorded in the card.
The method according to the invention makes it possible to obtain variable times used for the recognition of an authorizing datum, which does n
REFERENCES:
patent: 4211919 (1980-07-01), Ugon
patent: 4453074 (1984-06-01), Weinstein
patent: 4465901 (1984-08-01), Best
patent: 4467139 (1984-08-01), Mollier
patent: 4471216 (1984-09-01), Herve
patent: 4549075 (1985-10-01), Saada et al.
patent: 4638120 (1987-01-01), Herve
patent: 4656474 (1987-04-01), Mollier et al.
patent: 4683553 (1987-07-01), Mollier
patent: 4731841 (1988-03-01), Rosen et al.
patent: 4764959 (1988-08-01), Watanabe
patent: 4799258 (1989-01-01), Davies
Hazard Michel
Ugon Michel
Bull CP8
Cangialosi Salvatore
LandOfFree
Method for authenticating an external authorizing datum by a por does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for authenticating an external authorizing datum by a por, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for authenticating an external authorizing datum by a por will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-54289