PCT Patent / Smart card applications
PCT Patent WO/1987/005726/p>
|Title||Method and device for qualitative saving of digitized data|
|Inventor||Camion Paul Goutay Jean Harari Sami|
|Assignee||Infoscript Camion Paul Goutay Jean Harari Sami|
|IPC||G06F 01/00 G06F 21/00 G07F 07/10|
By Jean GOUTAY, President of the INFOSCRIPT society.INTRODUCTION
The several security elements of the smart card are based on physical and logical barriers.
First let’s look at the different uses of the smart card.
Thanks to the content of the secret and inviolable area in the smart card, thanks to computation which remains with in the card, it is possible to verify a personal code with a very good security and so to identify the card’s bearer.
But a better identification can be obtained by a more secure storage of patterns bounded with physical characteristics of the person, such as:
After data compression by an algorithm (hash code,…), it is possible to compute and to store in the smart card an "electronic signature", function of this compression and of the transmitter identity. In another connection this signature is added to the original text, a fact wich permits the verification.
This process can apply for the certification of accountant, original documents, banking orders and transfers, files and software, at different levels of development for instance.
In matter of software protection, several systems can be envisaged, wether at the transport level with the encipherment of the software and the deciphering key stored in the smart card,
It is easy to see the applications in the domestic computers area or in the area of video cassettes.
We can see in this case that decoding must be put at the monitor level.
Now let’s see other applications.
A simple algorithm computed in the card permits verification, with a random value "E", that the two cards are well matched, e.g. Ra=Rb.
Wether in the case of the access control to premises, or a network or a data base.
In the network case, every passive intrusion on the line does not allow either listening or simulation or re-use of the dialogue, the informations being completely random.
In the case of access control, the combination changes at every access because the key "R" is fugitive.
Another application can be the recognition of the smart card by the system, that is to say it’s authenticity, based in theory on public key use.
Using a random message "M", the system computes C=f (M), "f" being the public key. "C" is transmitted to the card which contains the secret part of the function.
The big advantage is that the system, which can be a general public terminal, doesn’t require any secret function.
So in the case of electronic payment at point of sale, the system verifies:
Let’s see in this case that the card allows the management of several access codes : banker code for the valorization, bearer’s code, service providers codes…
But the possibilities of the smart card are even more interesting in the networks, in matter of security.
In addition to the previously described functions, they allow the automatic logging the management of preloaded credit fields and if they can’t encipher at this moment they provide solutions to the delicate problems of key management.
With a generator of enciphered bits an a random number "E", messages can be enciphered thanks to the smart card along a network, with keys "R" which can be changed at a desire frequency.
In particular the enciphering algorithm "A" can be very simple.
This system can be set up on any encipherment equipment in networks and provides a solution to delicate problems of key transportation.
One application is given in electronic mail where the cards are used for reciprocal identification of interlocutors and encipherment of informations by fugitives keys.
Let’s see now very present applications.
The first wordwide experiment of telepayment has been in Velisy, near Paris, "TELETEL" and allows a suscriber to make from a videotex terminal, the minitel:
The smart card (with it’s reader) consequently permits:
All is in an environment at distance non controlled.
The security of the system is based on the exchange of fugitive random keys.
Another system of telepayment would be possible.
With the use of public keys and the signature of the messages by a secret key of the user, whose the public part, signed by the key of the bank, would be transmitted previously by the user. This system doesn’t require any black box at the central processor.
General systems can be envisaged to protect in addition informations during the storage in the mailbox of the service computer.
It is possible for example to encipher on line the data, and to decipher them immediately with synchronous mode, finally to encipher again with another key for the storage.
It would be possible also the envisage another scheme with the use of public key for authentication of the transmitter, but also for transportation of the random key the message being enciphered it self with this key changing at every message.
In the case of access to toll services, whether broadcasted programs or videotex services or data base, we have two possible systems :
In conclusion, by its vast possibilities not yet explored, the smart card open new vistas in matter of security, networks and data protection.
Thank you for your attention.
PCT Patent / Smart card applications