I
AUTHENTICATION SYSTEM AND METHOD
FOR SMART CARD TRANSACTIONS
TECHNICAL FIELD
This invention relates to portable information devices, such as smart cards, personal digital assistants, pagers, and other personal information managers, and the mechanisms used to access these devices. This invention is particularly well suited for smart card systems, including the smart cards themselves, cardholders, and terminals into which the smart cards are inserted for various transactions. More particularly, this invention relates to systems and methods for authenticating smart cards, applications, cardholders, and terminals to protect against fraudulent transactions.
BACKGROUND OF THE INVENTION
Authentication systems are used for security purposes to verify the authenticity of one or more parries during a transaction. Traditionally, authentication systems have been manual, involving simple personal recognition or quick verification of the party via some form of additional identification. One very familiar authentication process occurs when purchasing an item with a personal check. The sales clerk will process the check only if he/she recognizes the person writing the check or if the person presents another piece of identification (e.g., a credit card, or driver's license) to verify the authenticity of that person who is offering the check. Another common manual authentication process might occur in an apartment building or at work where a person is authenticated by a security guard or receptionist through visual recognition.
Some authenticating systems are electronic. A familiar electronic authentication system is used in a common ATM (Automated Teller Machine). Bank members are issued special ATM cards for use in the ATMs to permit automated access to the member's account. The ATM cards that are rflimarily in use today consist of magnetic-stripe memory cards that have a single magnetic stripe on one side. The magnetic stripe contains information regarding the bank, the member, and his/her account. To guard against unauthorized access, the member is also given a multi-digit password or PIN (Personal Identification Number). The member inserts the mag-stripe card into the ATM and enters a four digit password or PIN (Personal Identification Number). The PIN authenticates for the ATM that the person standing at the ATM is the member who owns the inserted ATM card (or an authorized person representing that member).
Mag-stripe cards are limited, however, in that they are single purpose cards. For instance, one mag-stripe ATM card is used solely for interfacing with a bank ATM, while another mag-stripe card is used solely for frequent flyer mileage, while another mag-stripe card is used solely for making long distance telephone calls.
Today, there is a movement toward use of "smart cards" instead of mag-stripe cards. A "smart card" is a credit card that has a built-in microcontroller (MCU) which enables the card to modify, or even create, data in response to external stimuli. The microcontroller is a single-wafer integrated circuit (IC) which is mounted on an otherwise plastic credit card.
By virtue of the resident on-chip processor, smart cards are self-validating and can authenticate various passwords off-line without connection to a back end computer. Some conventional smart cards perform an authentication procedure during each "session", which is the period of time that the smart card is inside of a compatible terminal. The session
2
commences with a system startup phase. Since the card has no power supply of its own, the system startup phase consists of supplying power to the card and performing a "cold" boot to establish communication between the card
5 and tenninal. Thereafter, the card and terminal enter an authentication phase where the terminal verifies that it is communicating with an authorized card. This usually entails the smart card forwarding its own access code to the terminal for verification. Following authentication, one or
10 more transactions are conducted and the card is removed from the terminal, ending the session.
In conventional smart card systems, however, the cards have been designed to hold just one application. One smart card might be used for a banking/financial application, while
15 another smart card might be dedicated to a security application for entry to a building or workplace, while yet another smart card might be dedicated to a health related application. In these conventional systems, the authentication phase consists only of verifying that the card is suitable to talk to
20 the terminal, typically via the internal access code. Unfortunately, there is little or no standardization in the smart card arena, and thus many different non-compatible systems are in existence today. This lack of standardization has impeded efforts to produce a smart card capable of
25 handling multiple applications.
As smart cards evolve, however, they are expected to carry multiple applications—such as banking, travel, retail, security, identification, health care, and electronic benefits transfer—on the same card. The same smart card will be
30 used to deposit or withdrawal money from an ATM, keep track of frequent flyer mileage, permit entry into buildings, store the cardholder's health information, and enable purchase of goods and services. With multiple applications, the number and complexity of security issues rise. For instance,
35 the cardholder does not want his/her employer's entrance security system which interfaces with a security application on the smart card to gain access to sensitive health care information stored on the same health card, nor does the cardholder wish for his/her a doctor to use the health care
40 application to gain access to personal financial information. It is therefore one object of this invention to provide an authentication system for ensuring the security of the smart card and the applications contained thereon. Because all smart card transactions are conducted
45 electronically, there is an additional need to ensure for the smart card that the terminal asking for the information is authenticate, and not a fraudulent machine. In other words, there is a need for an authentication system that enables a smart card and tenninal to trust each other, as well as
50 verifying that the present cardholder is authenticate. It is another object of this invention to provide such an authentication system.
SUMMARY OF THE INVENTION
55 This invention provides a smart card authentication system that verifies the user, smart card, application, and terminal.
In one preferred implementation, the system has a smart card that is configured to store and process multiple different
60 applications. The smart card is assigned its own digital certificate which contains a unique public key and a digital signature from a trusted certifying authority. Each of the applications stored on the smart card is also assigned an associated certificate having the digital signature of the
65 certifying authority.
The system also includes a terminal that is capable of accessing the smart card. The terminal has at least one
3
compatible application which operates in conjunction with at least one corresponding application stored on the smart card. The terminal is assigned its own certificate which contains a unique public key and the digital signature from the trusted certifying authority. Similarly, the application on 5 the terminal is given an associated digital certificate.
During a transactional session, the smart card and terminal exchange their certificates over an unsecured communication path. The path is unsecured in the sense that any party can intercept and decipher the message. Following this 10 exchange, the smart card and terminal each process the other's certificate to verify the authenticity of the other. After this initial authentication, a secure communication path is established between the smart card and terminal using encryption techniques and each others' public keys. While 15 third parties might still be able to intercept the encrypted messages, they would not be able to decipher them. Thereafter, an application is selected and the applicationrelated certificates of the smart card application and terminal application are encrypted and then exchanged over the 20 secure communication path. The smart card and terminal then authenticate the application using the exchanged certificates.
As a further level of security, a unique PIN is assigned to the cardholder. During the transactional session, the card- 25 holder enters the PIN into the terminal, which then passes the PIN to the smart card. The smart card compares this PIN with the correct PIN kept in its memory to authenticate the cardholder.
30
According to another aspect of this invention, a multilevel security protocol is established based upon the types and inherent security of different terminals. The security protocol enables the smart card to be used in many diverse applications, from transferring large sums of money 35 between bank accounts to purchasing a fifty cent soda pop. According to the protocol, security levels are assigned to different types of terminals. The security levels have associated value limits that are imposed for any transaction occurring at the respective terminal. The certificate assigned ^ to a particular terminal contains information pertaining to its type. From this information, the smart card can determine the security level for that particular terminal. The smart card then limits the value of the transaction in accordance with the guidelines associated with the security level. 45
According to another aspect of this invention, a smart card that is specially configured to operate in the authentication system is described. It is noted that although the smart card embodiment is preferred, aspects of this invention can be implemented in other embodiments of portable information 50 devices, such as personal digital assistants, pages, and electronic programmable watches.
According to another aspect of this invention, a method for authenticating a transaction between a smart card and terminal is also disclosed. 55
According to yet another aspect of this invention, a method for conducting a smart card transaction using a multi-level security protocol is described.
BRIEF DESCRIPTION OF THE DRAWINGS 60
FIG. 1 is a diagrammatic illustration of a smart card.
FIG. 2 is a block diagram of a microcontroller integrated circuit used in the FIG. 1 smart card.
FIG. 3 is a diagrammatic illustration of an authentication 65 system in the context of an ATM banking system according to an example embodiment of this invention.
4
FIG. 4 is a diagrammatic illustration of an initial step of an authentication process of this invention involving the exchange of digital certificates between a smart card and terminal.
FIG. 5 is a diagrammatic illustration of another step of the authentication process involving the exchange of application-related digital certificates between a smart card and terminal.
FIG. 6 is a diagrammatic illustration of another step of the authentication process involving the authentication of a cardholder via his or her PIN.
FIGS. 7 and 8 present a flow diagram of a method for authenticating a transaction between a smart card and a terminal.
FIG. 9 is a flow diagram of a method for conducting a smart card transaction using a multi-level security protocol according to another aspect of this invention.
DETAILED DESCRIPTION OF THE
PREFERRED EMBODIMENT
This invention concerns authentication schemes and is described in the preferred context of smart cards. However, this invention may be used in conjunction with other small programmable portable information devices, in place of smart cards. Such portable information devices include pagers, personal digital assistants, personal information managers, and programmable watches. One notable watch that can be used in the context of this invention is the commercially available Timex® Data-Link® watch. As used herein, "portable information device" means a small, portable, electronic apparatus that has limited processing capabilities, limited or no power resources, limited rewritable memory capacity, and is designed to interface with external read/write equipment
FIG. 1 shows a smart card 10. It is the size of a credit card and has a built-in microcontroller (MCU) 12 which enables the card to modify, or even create, data in response to external stimuli. Microcontroller 12 is a single wafer integrated circuit (IC) which is mounted on an otherwise plastic credit card. Conductive contacts 14 are shown formed on the IC to enable interfacing to external read/write equipment. In other embodiments, however, the smart card can be configured without physical contacts. Such contactless cards receive information via proximity couplings (e.g., magnetic coupling) or via remote coupling (e.g., radio communication). A smart card is physically constructed in accordance with the international standard ISO-7816 which governs size and bendable limits of the plastic card, as well as size and location of the silicon integrated circuit.
FIG. 2 shows smart card microcontroller IC 12 in more detail. It includes a CPU 20, a volatile rewritable RAM (Random Access Memory) 22, a ROM (Read Only Memory) 24, and an EEPROM (Electrically Erasable Programmable ROM) 26. A set of I/O ports 28 are internally coupled to CPU 20 to supply data and control information that are received from the external accessing equipment. As an example, clock, reset, power, data I/O, and ground are provided at I/O ports 28. One suitable microcontroller-based single-wafer IC that can be used in smart cards is available from Motorola Corporation under model number MC68HC05SC21. In this chip, the data I/O is serial.
In this invention, smart card 10 contains multiple different applications and can be concurrently used in many different domains. For instance, smart cards can be used to store financial data for banking purposes, maintain medical information for use by health care providers, track frequent flyer
|
