Registers – Systems controlled by data bearing records – Credit or identification card systems
Reexamination Certificate
2002-08-29
2004-08-24
Lee, Diane I. (Department: 2876)
Registers
Systems controlled by data bearing records
Credit or identification card systems
C235S382500, C705S065000
Reexamination Certificate
active
06779718
ABSTRACT:
FIELD OF THE INVENTION
This invention concerns a method to authenticate the result of executing a command in a token connected to a terminal, the said terminal including a device to communicate information to a user and transmitting the said command to the said token, the said token transmitting a result to the terminal following the said execution.
BACKGROUND OF THE INVENTION
A particularly advantageous application of the invention lies in fields such as banking, telephony and health care, which require the result of executing a command to be authenticated, for example during transactions carried out via the Internet between the buyer of a service and the supplier of the said service. The supplier is for example a car dealer. The supplier called user has a token connected to a terminal linked to a communication network. The purchaser has a certificate as defined in the standard X509 published by the ISO. This certificate is unique and specific to a purchaser. It is public. It includes data such as a public key, the name and electronic address of the purchaser, certificate expiry dates, etc. When the purchaser wants to buy a car, he issues a transaction request via the communication network. To check the transaction request between the purchaser and the supplier, a known method in state of the art technology includes the steps according to which:
the purchaser's certificate is sent to the supplier,
a signature on the sensitive data in the transaction request is calculated using a private key associated with the purchaser,
the transaction request and the said signature are transmitted to the supplier's terminal via the communication network, in the token connected to the terminal of the said supplier, a command to check the signature of the transaction request is executed using the purchaser's public key which is in the purchaser's certificate,
a message indicating the result of the check is displayed on the screen of the said terminal, and
if the result displayed is positive the transaction is authorised.
Although, using this method, the supplier can check the signature of a transaction request, this method does not fully guarantee to the supplier that the data of the transaction request reaching his terminal has not been modified beforehand by a defrauder spying on the network. For example, if the transaction request includes a delivery address for the car, a defrauder can modify this address and have the car delivered at the purchaser's expense. Of course, the signature check will be false, but the defrauder can also, via the network, place on the supplier's terminal a virus intercepting the result of the signature check from the token in order to display instead of a false result, a positive result on the screen of the said terminal.
SUMMARY OF THE INVENTION
Thus, a technical problem to be solved by the present invention is to propose a method to authenticate the result of executing a command in a token connected to a terminal, the said terminal including a communication device to send information to a user and transmitting the said command to the said token, the said token transmitting a result to the terminal following the said execution, which stops a defrauder intercepting and modifying the result of executing a command without the user of the token realising, and which in addition must be easy to implement.
A solution to the technical problem posed consists, according to this invention, in that the said method includes the steps according to which:
a check is carried out to find out whether the command has a sensitive nature, if the command has a sensitive nature, the following steps are carried out, according to which:
for any sensitive potential result of the command, at least one item of digitisable information is input via an interface including an input device connected to the said token, and the said at least one item of digitisable information is transmitted to the said token,
the said command is executed in the said token,
an answer indicating the result of executing the command is transmitted from the said token to the terminal, the said answer including, for a sensitive result, the said at least one item of digitisable information associated with the said result,
if the result is sensitive, a check is carried out using the communication device of the said terminal to ensure that the said answer includes the said at least one item of digitisable information input corresponding to the said result.
Thus, as will be described in detail below, the method of the invention can be used, by transmitting an answer indicating the result of executing the command and including at least one item of digitisable information input by a user of the token if there is a sensitive result, to guarantee to the said user that the answer transmitted by the communication device of the terminal does correspond to the result produced by the said token.
REFERENCES:
patent: 5161231 (1992-11-01), Iijima
patent: 5369760 (1994-11-01), Iijima
patent: 6085249 (2000-07-01), Wang et al.
patent: 6092202 (2000-07-01), Veil et al.
patent: 6585164 (2003-07-01), Cooreman et al.
patent: 6615194 (2003-09-01), Deutsch et al.
patent: 2002/0178370 (2002-11-01), Gurevich et al.
patent: 0 559 205 (1993-09-01), None
patent: 0 881 590 (1998-12-01), None
patent: 2 684 466 (1993-06-01), None
patent: 2 774 196 (1999-07-01), None
International Search Report, Application No. PCT/FR 00/02894dated Dec. 20, 2000, 3 pages.
Lee Diane I.
Schlumberger Systemes
LandOfFree
Method for authenticating the result of an instruction in a... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for authenticating the result of an instruction in a..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for authenticating the result of an instruction in a... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3277269