Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1997-07-03
2001-03-20
Swann, Tod R. (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
Reexamination Certificate
active
06205553
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to a method for controlling independent secure transactions by means of a single apparatus.
PRIOR ART
In systems using the known art for handling secure transactions for purposes such as subways, banks, information technology, garages, parking meters, canteens, etc., various devices such as cards, tokens and secret keys are used to identify users before providing them with a billed service. Each type of system normally uses its own apparatus; this may be passive, e.g. punch card or monthly season ticket, or active, e.g. smart card or pocket calculator.
For instance, multi-sector cards such as the Gemplus MCOS card or the Bull TB100 are smart cards comprising several independent registers, each of which behaves like a separate card. A single card may therefore be used for several different applications, the integrity of each application being guaranteed.
Various systems have been devised to provide multi-provider media in which a single apparatus is used by several services (e.g. multi-provider card used to access a range of competing channels in a cable network), or where one service provider uses a device issued by a different provider (e.g. the use of bank cards in payphones). Card manufacturers themselves have produced multi-purpose cards that can be managed by several service providers in which the integrity of each is guaranteed. However, for reasons related to ownership of the cards, few of these attempts have come to anything; for example, banks insist on modification of payphones so that their cards can be used. Others have failed outright. A situation has thus come about in which each person has one card issued by a bank, another by a telephone company, an identity card issued by his or her employer, a card giving access to a parking lot, etc.
The type of apparatus shown in
FIG. 1
comprising a main branch
10
and several applications A
1
, A
2
, . . . A
n
, e.g. telephone, bank and health, has never seen the light of day because it has proved impossible to arrive at a consensus on the choice of coordinator to manage the card at the highest level. In
FIG. 1
each application has its own code file FC enabling local management of each application independently of the others.
A further problem is that adding an application to a smart card requires a personalization phase, normally a physical operation. It will easily be understood that a user might be reluctant to entrust a banker's card to a service provider for it to undergo this type of modification.
The aim of the present invention is to provide a method in which a single authentication apparatus can be offered to all service providers.
DISCLOSURE OF THE INVENTION
The present invention provides a method for controlling independent secure transactions between a user and one of a plurality of different service providers comprising the steps of:
acquiring a physical device independently of any service provider by the user, said physical device comprises a public key (Kup) and a secret key (Kus) and remains unchanged following the step of acquiring;
presenting of the physical device and associated identifier to said one service provider by the user;
supplying the user with a certified digital profile by the service supplier which comprises access rights to a given service of said one service provider, the identifier which identifies the user to the service provider, and the public key of the physical device; and
initiating a secure transaction with said one service provider, by the user providing the certified digital profile to said one service provider and by the user providing authentication by encrypting a random number sent by said one service provider using the secret key of the physical device.
Advantageously the service provider checks that the user is entitled to the apparatus by requesting him/her to sign a random number using the secret key contained in the apparatus.
According to a preferred embodiment disclosed herein the invention method advantageously comprises the following:
said one service provider holds a second public key and a second secret key;
on presentation by the user of the physical device, said one service provider signs or encrypts the profile of the user by means of the second secret key;
on initiation of a secure transaction with said one service provider by the user, said one service provider verifies the digital profile sent by the user by means of the second public key; and
on authentication of the user, said one service provider verifies the encrypted random number sent by the user by means of the public key of the user.
In a first application, the method according to the invention comprises the following steps:
the user obtains a smart card bearing a public key. This card bears a public signing algorithm and a combination of a secret key, Kus, and a public key, Kup,
the user contacts the service provider supplying the required service. The user identifies him/herself or the service provider itself carries out an identity check.
The user gives the public key Kup and the apparatus by any means that enables the service provider to identify him/her,
the service provider supplies the client with a computer file containing the user profile and the signature of this profile (Kp (access rights, identifier, Kup) compiled together with the service provider's secret key Kps; this signature is known as the certificate,
the user requests access to the service, sending his/her profile together with the certificate,
the service provider checks the certificate using its public key Kpp, thereby obtaining the user's public key Kup. The service provider then launches an active authentication phase:
The service provider sends the client a non-reproducible random number R,
The client signs R and sends back Kus(R),
The service provider uses the user's public key Kup that was supplied in the profile to check that the value Kus(R) is correct, thereby confirming that the user is entitled to Kus.
if all these checks prove correct, the service provider gives the user access to the service.
In a second embodiment the procedure according to the invention is applied to protecting a licensed software, the apparatus being physically connected to the machine in which the software is to be used. The software includes a compulsory initialization phase that requires the potential user to supply his/her profile. On presentation of the apparatus, the software provider gives the user a certified profile file containing his/her rights to the software together with date parameters and an executable version of the software. When the user wishes to use the software, he/she makes a request and the software asks for the user profile; the software then checks the user's access rights and expiry date, carries out an active authentication procedure and runs as programmed.
In contrast with systems that use the prior art, the apparatus according to the invention remains unchanged.
To access n services, the user makes use of a single apparatus and n non-material media such as computer files or paper numbers. The user no longer needs to use or purchase a large number of apparatuses. Moreover, the single apparatus can be chosen from those that offer the most rigorous authentication and therefore excellent security in relation to the services.
REFERENCES:
patent: 4656342 (1987-04-01), Ugon
patent: 4683553 (1987-07-01), Mollier
patent: 5128997 (1992-07-01), Pailles et al.
patent: 5481612 (1996-01-01), Campana et al.
patent: 5649118 (1997-07-01), Carlisle et al.
patent: 5720035 (1998-02-01), Allegre et al.
patent: 5774551 (1998-06-01), Wu et al.
patent: 089876 (1983-09-01), None
patent: 114773 (1984-08-01), None
patent: 385290 (1990-09-01), None
patent: 409701 (1991-01-01), None
patent: 671712 (1995-09-01), None
patent: 2616940 (1988-12-01), None
patent: 95/22810 (1995-08-01), None
Arditti David
Campana Mireille
Stoffel Laurent
France Telecom
Pearne & Gordon LLP
Smithers Matthew
Swann Tod R.
LandOfFree
Method for controlling independent secure transactions by... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for controlling independent secure transactions by..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for controlling independent secure transactions by... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2517586