Title of Invention	METHOD FOR AUTHENTICATING AT LEAST ONE SUBSCRIBER DURING A DATA EXCHANGE
Abstract	A method for authenticating at least one system part (2) using two system parts (1, 2) in an information transmission system formed from a smart card and a rpad/write terminal. In said method one system part (1) transmits a challenge to the other system part (2), which processes challenge (item of data) using a first algorithm to give a response and transmits it to the first system part (1), and the latter checks the response for its result. During calculation of tho response by processing the challenge using thp first algorithm, at least one other processing operation on the challenge is carried out.

Title of Invention

METHOD FOR AUTHENTICATING AT LEAST ONE SUBSCRIBER DURING A DATA EXCHANGE

Abstract

A method for authenticating at least one system part (2) using two system parts (1, 2) in an information transmission system formed from a smart card and a rpad/write terminal. In said method one system part (1) transmits a challenge to the other system part (2), which processes challenge (item of data) using a first algorithm to give a response and transmits it to the first system part (1), and the latter checks the response for its result. During calculation of tho response by processing the challenge using thp first algorithm, at least one other processing operation on the challenge is carried out.

Full Text	Description This invention relates to a method for authenticating at least one :;subscr-i-ber during a data exchange The invention relates to a mechod for authenticating at leasi one subscriber during a data interchange between at Least two subscribers, in which a second subscriber transmits a f:rs": data item to a first subscriber, 'the first subsericer procesaes this first data ifcen using an algcrithr. to give s second data item and transmits it to the second s^bscr:ber, and the second subscriber checks the second data itetn fci- izs correctness. Such methods are known from the document "Cryptographic Identification Methods for Smart Cards in the Process of Standardization" by Hanns-Peter Konigs from IEEE Communications Magazine, Vol. 29, No. 6, June 1991, pp. 42 -48. In the method in that document, a random number is 3ent as first data item from a read/write terminal to a strart card and is encrypted there using a secret algorithm and at least one secret number. The encrypted result is sent back from the 'smart card to the terminal and is either decrypted or likewise encrypted in the same way there. The respective result is compared with the random number sent initially or with the received second data item. A positive comparison result indicates that both subscribers involved in the data interchange have the correct algorithm and the correct secret numbers or the correct key, and are therefore authentic. Authentication methods are used, m particular, v/hsr. the data interchange involves monetary values or procedures ooornch are ¦ ¦. ~ critical for security. Such procedures are naturally subject to hacking. In this context, a hacker has the task of discovering the keys, secret numbers and algorithms which are involved. The flow of communication permits the type of authentication used to be inferred and thus allows the hacking to be carried out with guidance. The object of the present invention is to h: ce che type of authentication method carried out as well as possible. The ob^ecr is achieved by a method an ai-cnv"flanro yi: Th CI^IT 1 ¦^vt^al Advantageous developments are specified r. the dnpontjgnt alarms ¦¦ The simultaneous execution o^ at least two processing procedures makes it much harder for a hacker tc infer the internal flow of authentication from an examination of the time-dependent power consumption, for example. The invention is explained in more detail below on the basis of an illustrative embodiment using a figure. The basic illustration of a data interchange system as shown in Figure i shows a first subscriber 1, which may be a read/write terminal, for example, and a second subscriber 2, which is intended to be a smart card in the example. Tn the example explained below, the second subscriber, that is to say the card, needs to authenticate itself with respect to the first subscriber, the terminal. For this reason, only^Efre-necessary circuit devices are shown in the card. If the terminal 1 also needs to authenticate itself with respect r.o the card 2, the terminal -1 would also need to have appropriate circuit devices. -2- First, the terminal 1 sends a first data item, a so-called challenge, to the card 2. According to the invention, the challenge is supplied both to a first processing de.v™ce^ V£i and to a second processing device VE2 on the card. To process the challenge as required for the authentication, the necessary information such as secret numbers or keys is supplied to the processing devices VE1, VE2 from a memory area SP- The processing operation itself may either be a smoie comparison between the challenge and an expected value which is stored in the memory area SP, or else a complicated encryption operation, for example on the basis of the DES or RSA algorithm. For this purpose, the processing units VEI, '-'22 would be in the form of complex microprocessors having associated crypto-coprocessors. Frequent use is made of single-use encryption apparatuses produced as hardware which. by way of example, are formed using a shift register with feedback. The output data from the processing devices VE1, VE2 are supplied to a logic combination device whose output signal is forwarded to the terminal ltas response. The logic combination device VKE does not necessarily have to logically combine the output data items from the processing devices VS1, VE2 with one another, but instead can also let through just the output data Item from -the first processing device VEl in unmodified form as response and can block the output data item from the second processing device VE2, since the fundamental aspect cf the invention is the simultaneous execution of at least two, preferably different, processing processes so that if :s not possible to infer the internal structure and the associsrp^ data from the power consumption, for example. 3- It is advantageous, however, if the output data items from the processing devices VE1, VE2 are logically combined with one another using an EXOR gate which produces the logic combination device VKE, for example. The block diagram m the figure also shows the .logic combination of the two processing units VE1, ^T,2. wnz.cn is a development according to the invention. In r.his case, logic combination means that the intermediate result or f:na" resv'c of the data processing in one processing unit is included in the processing of the other processing unit. In i-h:s context, in a first development cf "he invention, output: d?ira from just one processing unit.can be taken inco account in ;.ne other processing unit, and in another development, outpur data from both processing units can be taken into account in the other processing unit. As already stated in the introduction to the description, the correctness of the response car. be checked in terminal 1 in different ways. A few options for doing this are illustrated and explained in detail in the document already cited, and for this reason are not set out in more detail in the figure. In another embodiment of the invention, an error counter FZ is provided which records the number of negative comparison results and blocks the processing devices VE1, VE2 at a particular preset number, so that no further authentication and hence no further data interchange between the terminal 1 and the card 2 can take place. This ensures that it is not possible to carry out an unlimited number of attempts in ord^r to examine the authentication orocedure. -4- WE CLAIM: 3. A method for authenticating at least one system part (2) HEing two system parts (1, 2) in an information transmission system formed from a smart card and a read/write terminal, in which one system part y£hpm part challenge (item of data) using a first algorithm to give a response and transmits it to the first system part (1), and the latter checks the response for its result, charactertzed in that, during calculation of the response by processing the challenge using the first algorithm, at least one other processing operation on the chsllenge is carried out. 2- The method as claimed in claim 1, wherein the other processing operation is carried out using a second algorithm- 3. The method as claimed in claim 1, whprein the other processing operation is a comparj son between the challenge and B prescribed random number. 4. The method as clearned in claim 1 wherein thr results of the two processing operations are logically combined with one another to give the response. S" The method as claimed in claim X wherein the -final result or an intermediate result of the other processinq operation on the challenge is used to process the challenge using the first algorithm- 6. The method as claimed in claim 1 wherein the final rpsult or an intermediate result of the processing operation on the challenge using the first algorithm is used for the other processing operation on the challenge. 7. The method as claimed in any one of the preceding claims, wherein -"¦ *., the number of processing procedures is limited by an error counter (FZ). A method for authenticating at least one system part (2) using two system parts (1, 2) in an information transmission system formed from a smart card and a rpad/write terminal. In said method one system part (1) transmits a challenge to the other system part (2), which processes challenge (item of data) using a first algorithm to give a response and transmits it to the first system part (1), and the latter checks the response for its result. During calculation of tho response by processing the challenge using thp first algorithm, at least one other processing operation on the challenge is carried out.

Full Text

Description
This invention relates to a method for authenticating at least one :;subscr-i-ber during a data exchange
The invention relates to a mechod for authenticating at leasi one subscriber during a data interchange between at Least two subscribers, in which a second subscriber transmits a f:rs": data item to a first subscriber, 'the first subsericer procesaes this first data ifcen using an algcrithr. to give s second data item and transmits it to the second s^bscr:ber, and the second subscriber checks the second data itetn fci- izs correctness.
Such methods are known from the document "Cryptographic Identification Methods for Smart Cards in the Process of Standardization" by Hanns-Peter Konigs from IEEE Communications Magazine, Vol. 29, No. 6, June 1991, pp. 42 -48. In the method in that document, a random number is 3ent as first data item from a read/write terminal to a strart card and is encrypted there using a secret algorithm and at least one secret number. The encrypted result is sent back from the 'smart card to the terminal and is either decrypted or likewise encrypted in the same way there. The respective result is compared with the random number sent initially or with the received second data item. A positive comparison result indicates that both subscribers involved in the data interchange have the correct algorithm and the correct secret numbers or the correct key, and are therefore authentic.
Authentication methods are used, m particular, v/hsr. the data interchange involves monetary values or procedures ooornch are
*¦ ¦*. ~

critical for security. Such procedures are naturally subject to hacking. In this context, a hacker has the task of discovering the keys, secret numbers and algorithms which are involved. The flow of communication permits the type of authentication used to be inferred and thus allows the hacking to be carried out with guidance.
The object of the present invention is to h: ce che type of authentication method carried out as well as possible.

The ob^ecr is achieved by a method an ai-cnv"flanro yi: Th CI^IT 1 ¦^vt^al Advantageous developments are specified *r. the dnpontjgnt alarms ¦¦
The simultaneous execution o^ at least two processing procedures makes it much harder for a hacker tc infer the internal flow of authentication from an examination of the time-dependent power consumption, for example.
The invention is explained in more detail below on the basis of an illustrative embodiment using a figure.
The basic illustration of a data interchange system as shown in Figure i shows a first subscriber 1, which may be a read/write terminal, for example, and a second subscriber 2, which is intended to be a smart card in the example. Tn the example explained below, the second subscriber, that is to say the card, needs to authenticate itself with respect to the first subscriber, the terminal. For this reason, only^Efre-necessary circuit devices are shown in the card. If the terminal 1 also needs to authenticate itself with respect r.o the card 2, the terminal -1 would also need to have appropriate circuit devices.
-2-

First, the terminal 1 sends a first data item, a so-called challenge, to the card 2. According to the invention, the challenge is supplied both to a first processing de.v™ce^ V£i and to a second processing device VE2 on the card. To process the challenge as required for the authentication, the necessary information such as secret numbers or keys is supplied to the processing devices VE1, VE2 from a memory area SP-
The processing operation itself may either be a smoie comparison between the challenge and an expected value which is stored in the memory area SP, or else a complicated encryption operation, for example on the basis of the DES or RSA algorithm. For this purpose, the processing units VEI, '-'22 would be in the form of complex microprocessors having associated crypto-coprocessors. Frequent use is made of single-use encryption apparatuses produced as hardware which. by way of example, are formed using a shift register with feedback.
The output data from the processing devices VE1, VE2 are supplied to a logic combination device whose output signal is forwarded to the terminal ltas response. The logic combination device VKE does not necessarily have to logically combine the output data items from the processing devices VS1, VE2 with one another, but instead can also let through just the output data Item from -the first processing device VEl in unmodified form as response and can block the output data item from the second processing device VE2, since the fundamental aspect cf the invention is the simultaneous execution of at least two, preferably different, processing processes so that if :s not possible to infer the internal structure and the associsrp^ data from the power consumption, for example.
3-

It is advantageous, however, if the output data items from the processing devices VE1, VE2 are logically combined with one another using an EXOR gate which produces the logic combination device VKE, for example.
The block diagram m the figure also shows the .logic combination of the two processing units VE1, ^T,2. wnz.cn is a development according to the invention. In r.his case, logic combination means that the intermediate result or f:na" resv'c of the data processing in one processing unit is included in the processing of the other processing unit. In i-h:s context, in a first development cf "he invention, output: d?ira from just one processing unit.can be taken inco account in ;.ne other processing unit, and in another development, outpur data from both processing units can be taken into account in the other processing unit.
As already stated in the introduction to the description, the correctness of the response car. be checked in terminal 1 in different ways. A few options for doing this are illustrated and explained in detail in the document already cited, and for this reason are not set out in more detail in the figure.
In another embodiment of the invention, an error counter FZ is provided which records the number of negative comparison results and blocks the processing devices VE1, VE2 at a particular preset number, so that no further authentication and hence no further data interchange between the terminal 1 and the card 2 can take place. This ensures that it is not possible to carry out an unlimited number of attempts in ord^r to examine the authentication orocedure.
-4-

WE CLAIM:
3. A method for authenticating at least one system part
(2) HEing two system parts (1, 2) in an information transmission system formed from a smart card and a read/write terminal, in which one system part y£hpm part challenge (item of data) using a first algorithm to give a response and transmits it to the first system part (1), and the latter checks the response for its result, charactertzed in that, during calculation of the response by processing the challenge using the first algorithm, at least one other processing operation on the chsllenge is carried out.
2- The method as claimed in claim 1, wherein the other processing operation is carried out using a second algorithm-
3. The method as claimed in claim 1, whprein the other
processing operation is a comparj son between the challenge and B
prescribed random number.
4. The method as clearned in claim 1 wherein thr results of
the two processing operations are logically combined with one
another to give the response.

S" The method as claimed in claim X wherein the -final result or an intermediate result of the other processinq operation on the challenge is used to process the challenge using the first algorithm-
6. The method as claimed in claim 1 wherein the final
rpsult or an intermediate result of the processing operation on
the challenge using the first algorithm is used for the other
processing operation on the challenge.
7. The method as claimed in any one of the preceding
claims, wherein * *-*"¦ *., the number of processing procedures is
limited by an error counter (FZ).
A method for authenticating at least one system part (2) using two system parts (1, 2) in an information transmission system formed from a smart card and a rpad/write terminal. In said method one system part (1) transmits a challenge to the other system part (2), which processes challenge (item of data) using a first algorithm to give a response and transmits it to the first system part (1), and the latter checks the response for its result. During calculation of tho response by processing the challenge using thp first algorithm, at least one other processing operation on the challenge is carried out.

Documents:

in-pct-2001-00322-kol- abstract.pdf

in-pct-2001-00322-kol- claims.pdf

in-pct-2001-00322-kol- correspondence.pdf

in-pct-2001-00322-kol- description (complete).pdf

in-pct-2001-00322-kol- drawings.pdf

in-pct-2001-00322-kol- form-1.pdf

in-pct-2001-00322-kol- form-18.pdf

in-pct-2001-00322-kol- form-2.pdf

in-pct-2001-00322-kol- form-3.pdf

in-pct-2001-00322-kol- form-5.pdf

in-pct-2001-00322-kol- letters patent.pdf

in-pct-2001-00322-kol- p.a.pdf

in-pct-2001-00322-kol- priority document.pdf

in-pct-2001-00322-kol- reply f.e.r.pdf

« Previous Patent

Next Patent »

Patent Number

202649

Indian Patent Application Number

IN/PCT/2001/322/KOL

PG Journal Number

09/2007

Publication Date

02-Mar-2007

Grant Date

02-Mar-2007

Date of Filing

20-Mar-2001

Name of Patentee

INFINEON TECHNOLOGIES AG

Applicant Address

ST.-MARTIN-STRASSE 53, D-81541 MUNCHEN

Inventors:

#	Inventor's Name	Inventor's Address
1	POCKRANDT WOLFGANG	IL,STRASSE 1, D-85293 REICHERTSHAUSEN

PCT International Classification Number

H 04 L 9/32

PCT International Application Number

PCT/EP99/06664

PCT International Filing date

1999-09-09

PCT Conventions:

#	PCT Application Number	Date of Convention	Priority Country
1			NA